Merge pull request #3940 from Security-Onion-Solutions/foxtrot

Foxtrot

salt/common/tools/sbin/so-common

@@ -122,6 +122,10 @@ check_elastic_license() {
 	fi  
 }
 
+disable_fastestmirror() {
+	sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+}
+
 elastic_license() {
 
 read -r -d '' message <<- EOM

salt/common/tools/sbin/soup

@@ -453,8 +453,9 @@ up_2.3.3X_to_2.3.50_repo() {
   if [[ "$OS" == "centos" ]]; then
     # Import GPG Keys
     gpg_rpm_import
-
     if [ $is_airgap -eq 1 ]; then
+      echo "Disabling fastestmirror."
+      disable_fastestmirror
       echo "Deleting unneeded repo files."
       DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh')
 

salt/manager/files/acng/acng.conf

@@ -90,3 +90,7 @@ PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirr
 # MaxDlSpeed: 500
 # MaxInresponsiveDlSize: 64000
 # BadRedirDetectMime: text/html
+{% set proxy = salt['pillar.get']('manager:proxy') -%}
+{% if proxy -%}
+Proxy: {{ proxy }}
+{% endif -%}

salt/manager/init.sls

@@ -18,7 +18,6 @@
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set managerproxy = salt['pillar.get']('global:managerupdate', '0') %}
 {% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
 
 socore_own_saltstack:
@@ -35,8 +34,6 @@ socore_own_saltstack:
     - mode: 750
     - replace: False
 
-{% if managerproxy == 1 %}
-
 # Create the directories for apt-cacher-ng
 aptcacherconfdir:
   file.directory:
@@ -60,11 +57,12 @@ aptcacherlogdir:
     - makedirs: true
 
 # Copy the config
-
 acngcopyconf:
   file.managed:
     - name: /opt/so/conf/aptcacher-ng/etc/acng.conf
     - source: salt://manager/files/acng/acng.conf
+    - template: jinja
+    - show_changes: False
 
 # Install the apt-cacher-ng container
 so-aptcacherng:
@@ -84,8 +82,6 @@ append_so-aptcacherng_so-status.conf:
     - name: /opt/so/conf/so-status/so-status.conf
     - text: so-aptcacherng
 
-{% endif %}
-
 strelka_yara_update_old_1:
   cron.absent:
     - user: root

salt/repo/client/files/centos/yum.conf.jinja

@@ -12,7 +12,7 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
 distroverpkg=centos-release
 clean_requirements_on_remove=1
-{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') -%}
+{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', 'direct') == 'manager' -%}
 proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142
 {% elif proxy -%}
 proxy={{ proxy }}

salt/repo/client/init.sls

@@ -63,6 +63,7 @@ yumconf:
     - source: salt://repo/client/files/centos/yum.conf.jinja
     - mode: 644
     - template: jinja
+    - show_changes: False
 {% endif %}
 
 cleanyum: