diff --git a/salt/common/init.sls b/salt/common/init.sls index 82ac4a062..a8c791c7f 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -28,21 +28,92 @@ salttmp: - group: 939 - makedirs: True -# Install packages needed for the sensor -sensorpkgs: +# Install epel +{% if grains['os'] == 'CentOS' %} +epel: pkg.installed: - - skip_suggestions: False + - skip_suggestions: True + - pkgs: + - epel-release +{% endif %} + +# Install common packages +commonpkgs: + pkg.installed: + - skip_suggestions: True - pkgs: - - wget - - jq {% if grains['os'] != 'CentOS' %} - apache2-utils + - wget + - jq + - python3-docker + - docker-ce + - curl + - ca-certificates + - software-properties-common + - apt-transport-https + - openssl + - netcat + - python3-mysqldb + - sqlite3 + - argon2 + - libssl-dev + - python3-dateutil + - python3-m2crypto + - python3-mysqldb + - salt-minion: 2019.2.5+ds-1 + - hold: True + - update_holds: True + {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-standalone' %} + - salt-master: 2019.2.5+ds-1 + - hold: True + - update_holds: True + - containerd.io: 1.2.13-2 + - hold: True + - update_holds: True + - docker-ce: 5:19.03.9~3-0~ubuntu-bionic + - hold: True + - update_holds: True + {% endif %} + - containerd.io + - docker-ce {% else %} - - net-tools + - wget + - bind-utils + - jq - tcpdump - httpd-tools + - net-tools + - curl + - sqlite + - argon2 + - maridb-devel + - nmap-ncat + - python3 + - python36-docker + - python36-dateutil + - python36-m2crypto + - python36-mysql + - yum-utils + - device-mapper-persistent-data + - lvm2 + - openssl + - salt-minion: 2019.2.5 + - hold: True + - update_holds: True + {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-standalone' %} + - salt-master: 2019.2.5 + - hold: True + - update_holds: True {% endif %} - + - containerd.io: 1.2.6-3 + - hold: True + - update_holds: True + - docker-ce: 19.03.9-3 + - hold: True + - update_holds: True + {% endif %}%} + # Always keep these packages up to date alwaysupdated: diff --git a/setup/so-functions b/setup/so-functions index ddf265153..702c3cebd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -19,7 +19,7 @@ source ./so-whiptail source ./so-variables source ./so-common-functions -SOVERSION=1.3.0 +SOVERSION=1.4.0 accept_salt_key_remote() { systemctl restart salt-minion @@ -514,7 +514,7 @@ detect_os() { # Install bind-utils so the host command exists if ! command -v host > /dev/null 2>&1; then echo "Installing required packages to run installer" - yum -y install bind-utils >> "$setup_log" 2>&1 + yum -y install bind-utils yum-plugin-versionlock >> "$setup_log" 2>&1 fi @@ -583,7 +583,9 @@ docker_install() { { yum clean expire-cache; yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo; - yum -y install docker-ce; + yum -y install docker-ce-19.03.9-3 containerd.io-1.2.6-3; + yum versionlock docker-ce; + yum versionlock containerd.io } >> "$setup_log" 2>&1 else @@ -687,7 +689,7 @@ docker_seed_registry() { # Tag it with the new registry destination docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i" docker push "$HOSTNAME":5000/soshybridhunter/"$i" - docker rmi soshybridhunter/"$i" + #docker rmi soshybridhunter/"$i" } >> "$setup_log" 2>&1 done else @@ -1107,7 +1109,7 @@ saltify() { yum -y update exclude=salt*; systemctl enable salt-minion; } >> "$setup_log" 2>&1 - echo "exclude=salt*" >> /etc/yum.conf + yum versionlock salt* else DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1