add ability to upgrade salt minion and master for ubuntu

salt/common/tools/sbin/soup

@@ -19,8 +19,9 @@
 UPDATE_DIR=/tmp/sogh/securityonion
 INSTALLEDVERSION=$(cat /etc/soversion)
 INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
-default_salt_dir=/opt/so/saltstack/default
+DEFAULT_SALT_DIR=/opt/so/saltstack/default
 BATCHSIZE=5
+SOUP_LOG=/root/soup.log
 
 manager_check() {
   # Check to see if this is a manager
@@ -60,13 +61,24 @@ clone_to_tmp() {
 copy_new_files() {
   # Copy new files over to the salt dir
   cd /tmp/sogh/securityonion
-  rsync -a salt $default_salt_dir/
+  rsync -a salt $DEFAULT_SALT_DIR/
-  rsync -a pillar $default_salt_dir/
+  rsync -a pillar $DEFAULT_SALT_DIR/
-  chown -R socore:socore $default_salt_dir/
+  chown -R socore:socore $DEFAULT_SALT_DIR/
-  chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh
+  chmod 755 $DEFAULT_SALT_DIR/pillar/firewall/addfirewall.sh
   cd /tmp
 }
 
+detect_os() {
+	# Detect Base OS
+	echo "Detecting Base OS" >> "$SOUP_LOG" 2>&1
+	if [ -f /etc/redhat-release ]; then
+		OS="centos"
+	elif [ -f /etc/os-release ]; then
+		OS="ubuntu"
+	fi
+	echo "Found OS: $OS" >> "$SOUP_LOG" 2>&1
+}
+
 highstate() {
   # Run a highstate but first cancel a running one.
   salt-call saltutil.kill_all_jobs
@@ -76,7 +88,6 @@ highstate() {
 pillar_changes() {
     # This function is to add any new pillar items if needed.
     echo "Checking to see if pillar changes are needed."
-
 }
 
 update_dockers() {
@@ -168,16 +179,32 @@ upgrade_check_salt() {
       echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
       echo ""
       # If CentOS
-      echo "Removing yum versionlock for Salt."
+      if [ "$OS" == "centos" ]; then
-      echo ""
+        echo "Removing yum versionlock for Salt."
-      yum versionlock delete "salt-*"
+        echo ""
-      echo "Updating Salt packages and restarting services."
+        yum versionlock delete "salt-*"
-      echo ""
+        echo "Updating Salt packages and restarting services."
-      sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
+        echo ""
-      echo "Applying yum versionlock for Salt."
+        sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
-      echo ""
+        echo "Applying yum versionlock for Salt."
-      yum versionlock add "salt-*"
+        echo ""
+        yum versionlock add "salt-*"
       # Else do Ubuntu things
+      elif [ "$OS" == "ubuntu" ]; then
+        echo "Removing apt hold for Salt."
+        echo ""
+        apt-mark unhold "salt"
+        apt-mark unhold "salt-master"
+        apt-mark unhold "salt-minion"
+        echo "Updating Salt packages and restarting services."
+        echo ""
+        sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
+        echo "Applying apt hold for Salt."
+        echo ""
+        apt-mark hold "salt"
+        apt-mark hold "salt-master"
+        apt-mark hold "salt-minion"
+      fi
     fi 
 }
 
@@ -189,7 +216,7 @@ verify_latest_update_script() {
       echo "This version of the soup script is up to date. Proceeding."
     else
       echo "You are not running the latest soup version. Updating soup."
-      cp $UPDATE_DIR/salt/common/tools/sbin/soup $default_salt_dir/salt/common/tools/sbin/
+      cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/
       salt-call state.apply common queue=True
       echo ""
       echo "soup has been updated. Please run soup again."
@@ -249,7 +276,7 @@ echo "Updating dockers to $NEWVERSION."
 update_dockers
 
 echo ""
-echo "Copying new Security Onion code from $UPDATE_DIR to $default_salt_dir."
+echo "Copying new Security Onion code from $UPDATE_DIR to $DEFAULT_SALT_DIR."
 copy_new_files
 echo ""
 update_version

salt/salt/master.sls

@@ -1 +1,11 @@
-#Future state for Salt masters
+salt_master_package:
+  pkg.installed:
+    - pkgs:
+      - salt
+      - salt-master
+    - hold: True
+
+salt_minion_service:
+  service.running:
+    - name: salt-master
+    - enable: True

salt/salt/minion.sls

@@ -2,22 +2,33 @@ include:
   - salt
 
 {% import_yaml 'salt/minion.defaults.yaml' as salt %}
-{% set saltversion = salt.salt.minion.version %}
+{% set SALTVERSION = salt.salt.minion.version %}
+
+{% if grains.saltversion|string != SALTVERSION|string %}
+  {% if grains.os|lower == 'centos' %}
+    {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh bootstrap-salt.sh -F -x python3 stable {{ SALTVERSION }}' %}
+  {% elif grains.os|lower == 'ubuntu' %}
+    {% set UPGRADECOMMAND = 'apt-mark unhold salt && apt-mark unhold salt-minion && sh bootstrap-salt.sh -F -x python3 stable {{ SALTVERSION }}' %}
+  {% endif %}
+{% else %}
+  {% set UPGRADECOMMAND = 'echo "Already running Salt Minon version {{ SALTVERSION }}"' %}
+{% endif %}
 
-{% if grains.os|lower == 'centos' %}
 install_salt_minion:
   cmd.run:
-    {% if grains.saltversion|string != saltversion|string %}
+    - name: {{ UPGRADECOMMAND }} 
-    - name: yum versionlock delete "salt-*" && sh bootstrap-salt.sh -F -x python3 stable {{ saltversion }}
-    {% else %}
-    - name: echo 'Already running Salt Minon version {{ saltversion }}'
-    {% endif %}
 
-versionlock_salt_minion:
+#versionlock_salt_minion:
-  module.run:
+#  module.run:
-    - pkg.hold:
+#    - pkg.hold:
-      - name: "salt-*"
+#      - name: "salt-*"
-{% endif %}
+
+salt_minion_package:
+  pkg.installed:
+    - pkgs:
+      - salt
+      - salt-minion
+    - hold: True
 
 salt_minion_service:
   service.running: