Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor

setup/so-functions

@@ -541,8 +541,15 @@ configure_minion() {
 		"log_file: /opt/so/log/salt/minion"\
 		"#startup_states: highstate" >> "$minion_config"
 
-	info "Running: salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar='{"host": {"mainint": "$MNIC"}}'"
-	salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar="{'host': {'mainint': $MNIC}}"
+	# At the time the so-managerhype node does not yet have the bridge configured.
+	# The so-hypervisor node doesn't either, but it doesn't cause issues here.
+	local usebr0=false
+	if [ "$minion_type" == 'hypervisor' ]; then
+    	usebr0=true
+	fi
+	local pillar_json="{\"host\": {\"mainint\": \"$MNIC\"}, \"usebr0\": $usebr0}"
+	info "Running: salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar='$pillar_json'"
+	salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar="$pillar_json"
 
 	{
 		logCmd "systemctl enable salt-minion";
@@ -1193,10 +1200,7 @@ hypervisor_local_states() {
         info "Running libvirt states for hypervisor"
         logCmd "salt-call state.apply libvirt.64962 --local --file-root=../salt/ -l info queue=True"
         info "Setting up bridge for $MNIC"
-		    salt-call state.apply libvirt.bridge --local --file-root=../salt/ -l info pillar='{"host": {"mainint": "'$MNIC'"}}' queue=True
-		    if [ $is_managerhype ]; then
-			    logCmd "salt-call state.apply salt.minion queue=True"
-		    fi
+		salt-call state.apply libvirt.bridge --local --file-root=../salt/ -l info pillar='{"host": {"mainint": "'$MNIC'"}}' queue=True
     fi
 }
 
@@ -1636,6 +1640,12 @@ reserve_ports() {
 	fi
 }
 
+clear_previous_setup_results() {
+	# Disregard previous setup outcomes.
+	rm -f /root/failure
+	rm -f /root/success
+}
+
 reinstall_init() {
 	info "Putting system in state to run setup again"
 
@@ -1647,10 +1657,6 @@ reinstall_init() {
 
 	local service_retry_count=20
 
-	# Disregard previous install outcomes
-	rm -f /root/failure
-	rm -f /root/success
-
 	{
 		# remove all of root's cronjobs
 		logCmd "crontab -r -u root"
@@ -2295,7 +2301,7 @@ set_redirect() {
 
 set_timezone() {
 
-	logCmd "timedatectl set-timezone Etc/UTC"
+	timedatectl set-timezone Etc/UTC
 
 }
 

setup/so-setup

@@ -132,6 +132,10 @@ if [[ -f /root/accept_changes ]]; then
 	reset_proxy
 fi
 
+# Previous setup attempts, even if setup doesn't actually start the installation,
+# can leave behind results that may interfere with the current setup attempt.
+clear_previous_setup_results
+
 title "Parsing Username for Install"
 parse_install_username
 
@@ -762,6 +766,7 @@ if ! [[ -f $install_opt_file ]]; then
 		fi
 		logCmd "salt-call state.apply common.packages"
 		logCmd "salt-call state.apply common"
+		hypervisor_local_states
 		# this will apply the salt.minion state first since salt.master includes salt.minion
 		logCmd "salt-call state.apply salt.master"
 		# wait here until we get a response from the salt-master since it may have just restarted
@@ -826,7 +831,6 @@ if ! [[ -f $install_opt_file ]]; then
 		checkin_at_boot
 		set_initial_firewall_access
 		logCmd "salt-call schedule.enable -linfo --local"
-		hypervisor_local_states
 		verify_setup
 	else
 		touch /root/accept_changes

setup/so-verify

@@ -68,6 +68,7 @@ log_has_errors() {
         grep -vE "Command failed with exit code" | \
         grep -vE "Running scope as unit" | \
         grep -vE "securityonion-resources/sigma/stable" | \
+        grep -vE "remove_failed_vm.sls" | \
         grep -vE "log-.*-pipeline_failed_attempts" &> "$error_log"
     
     if [[ $? -eq 0 ]]; then