diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 01e278a6a..fbe9a9700 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -187,14 +187,14 @@ get_random_value() { } gpg_rpm_import() { - if [[ "$OS" == "centos" ]]; then + if [[ "$OS" == "rocky" ]]; then if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then - local RPMKEYSLOC="../salt/repo/client/files/centos/keys" + local RPMKEYSLOC="../salt/repo/client/files/rocky/keys" else - local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/centos/keys" + local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys" fi - RPMKEYS=('RPM-GPG-KEY-EPEL-7' 'docker.pub' 'SALTSTACK-GPG-KEY.pub' 'securityonion.pub') + RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALTSTACK-GPG-KEY2.pub' 'securityonion.pub') for RPMKEY in "${RPMKEYS[@]}"; do rpm --import $RPMKEYSLOC/$RPMKEY @@ -371,7 +371,7 @@ salt_minion_count() MINIONCOUNT=$(ls -la $MINIONDIR/*.sls | grep sls | wc -l) set_cron_service_name() { - if [[ "$OS" == "centos" ]]; then + if [[ "$OS" == "rocky" ]]; then cron_service_name="crond" else cron_service_name="cron" @@ -380,7 +380,7 @@ set_cron_service_name() { set_os() { if [ -f /etc/redhat-release ]; then - OS=centos + OS=rocky else OS=ubuntu fi diff --git a/salt/repo/client/files/rocky/RPM-GPG-KEY-EPEL-9 b/salt/repo/client/files/rocky/RPM-GPG-KEY-EPEL-9 new file mode 100644 index 000000000..0cc05ecb3 --- /dev/null +++ b/salt/repo/client/files/rocky/RPM-GPG-KEY-EPEL-9 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp +CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 +2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW +DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu +n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z +39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy +XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK +44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS +9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH +DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq +uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB +tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI +ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF +3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC +nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n +R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG +4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe +CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL +9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 +w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT +/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd +fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE +r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux +VL469Kj5m13T6w== +=Mjs/ +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/rocky/SALTSTACK-GPG-KEY2.pub b/salt/repo/client/files/rocky/SALTSTACK-GPG-KEY2.pub new file mode 100644 index 000000000..bfc7fc267 --- /dev/null +++ b/salt/repo/client/files/rocky/SALTSTACK-GPG-KEY2.pub @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBGLXV/8BCADCuomk2pibSOuLQeKMIwV3Afy60080hykdc4tU4qQS+zBJZZC0 +VBl2TAOmMWyeY5DRF2ibRTx6Ap8qYefuEjWlo2WHWWZH4WhNkJWL3aWiu8Ga+fFo +ebjoUFLGgpKDGKveO9PF8A41IP1CLvDicpWXTxfqzQKDOvg3g5EmCx+5ksviXHJ1 +lY5CBbhVPmU3ruzGBqN/6B90VyTicbIyIZKZdnElAqaW6OiEaOmj2Oadi3ARJLWA +8rpVPweZE0/S4B5UIuMh+JVJU3Os1BUXHKN3LAPENZa1NNYX3j53GxGMf+SAKe0g +QHe+fHiiB7a6iBl09W8cUJh8HINXW+vvU6mZABEBAAG0MlNhbHRTdGFjayBQYWNr +YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQFSBBMBCAA8FiEE +9+rekz4krjI0B2hWN6cQR50w17YFAmLXV/8CGwMFCwkIBwIDIgIBBhUKCQgLAgQW +AgMBAh4HAheAAAoJEDenEEedMNe2d0MH/36khQzCWMc5ezznO7bcOHOS3OWjQveF +Vv60y54QRnINCEa7w7ckjiap3dUSJxTo5eoAKNbgX5SgrshEY1HDXDoqgumHJLFW +J+L4f3CXFBhvObUOwB7ApUNHURcoNQYK7kS/vUJrQ3dFyT7uvgysGtv+/WpboY1s +ScJnVtWyQmLe7qj5pJ0aI5pPjFnP9869zPScNb6o6lbqGp/xhnL5NkZCF0DNgItw +HXyNsRPyc8JG+P+GP80XWZ37ajEdwkiPbtu3CD5pvBO1w5FPLBwuH5CSgQFEcA4V +QH8ThU0P1IhKe3xPRNgawcBTAHXqOD0OxilAIsQdfrKkRiTEcZtFZW25AQ0EYtdX +/wEIANFBzJfSks4ti/JQkECtEAwH7OtqUxu1QhSSRusGsQu/PpjBRZzlaVlKjS4c +fGTiZ8+25RX063vBQ+XpuTN9T9boEE4EywM11FCx1zRZIc+HlLOIJ10uKWUapmPM ++7flnQWXMgJzP47rHe0ofEHlP4/av5C1imgWEtEpYyn1B4qgSxvLFDq46rD5m+DP +2xNZbwWd0uSAG/wZNonVkISYymB0UTnUm8FABH1Ci7lXO9JnuW+IvVt32C5VibGy +FXdAJGmIiqsvBhJSUl+GJhO6NTXntuevqPLUXD9PuHWo4Vo1Afek8kqZByyiyrTZ +StDhrbo/8dSAVQMibLEfNS7R0QkAEQEAAYkBNgQYAQgAIBYhBPfq3pM+JK4yNAdo +VjenEEedMNe2BQJi11f/AhsMAAoJEDenEEedMNe2zhgH/0wxbQpaCho0BRbUbe6L +jm9r3yTWn6M+yYv+cBeH9sbobIVOqTvZcawzTEPWa+eVbKgkqhZjUTyfFDpjq9s6 +67zLZnCh85hLoyieSQBER59dc1pmqZJP3VrAIT1lGKMIdjZoN8JAF8IbmJHE1j65 +iZZdhbxfFHnDx22gQ+3nfniTNTWsfVAQeoAjeOuakPKdfUEMsXPBhtBBuFY4NcrT +TIsBevT4J/STCLkEqlMtYC8ldxUCZqQXdtxqltC4k+y0kp4PmNc3/Vmp65oAeuxI +d8TNwgZdamdinv5mPrTfBqSNiELQAcPQnOwpsqEDYF2pq9L4sdNGavP5ZvPGRLkH ++uU= +=383D +-----END PGP PUBLIC KEY BLOCK----- diff --git a/setup/so-functions b/setup/so-functions index 80ddfd68a..fd1fc4b2d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -886,19 +886,13 @@ detect_cloud() { detect_os() { title "Detecting Base OS" if [ -f /etc/redhat-release ]; then - if grep -q "CentOS Linux release 7" /etc/redhat-release; then - OS=centos - OSVER=7 - is_centos=true - pkgman="yum" - elif grep -q "Rocky Linux release 8" /etc/redhat-release; then + if grep -q "Rocky Linux release 9" /etc/redhat-release; then OS=rocky - OSVER=8 + OSVER=9 is_rocky=true pkgman="dnf" - info "We currently do not support Rocky Linux $OSVER but we are working on it!" else - info "We do not support the version of CentOS you are trying to use." + info "We do not support the operating system you are trying to use." exit 1 fi @@ -932,13 +926,10 @@ installer_progress_loop() { } installer_prereq_packages() { - if [ "$OS" == centos ]; then + if [ "$OS" == rocky ]; then if [[ ! $is_iso ]]; then - if ! yum versionlock > /dev/null 2>&1; then - logCmd "yum -y install yum-plugin-versionlock" - fi if ! command -v nmcli > /dev/null 2>&1; then - logCmd "yum -y install NetworkManager" + logCmd "dnf -y install NetworkManager" fi fi logCmd "systemctl enable NetworkManager" @@ -1715,7 +1706,7 @@ proxy_validate() { } reserve_group_ids() { - # This is a hack to fix CentOS from taking group IDs that we need + # This is a hack to fix OS from taking group IDs that we need logCmd "groupadd -g 928 kratos" logCmd "groupadd -g 930 elasticsearch" logCmd "groupadd -g 931 logstash" @@ -1837,8 +1828,8 @@ reset_proxy() { [[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig - if [[ $is_centos ]]; then - sed -i "/proxy=/d" /etc/yum.conf + if [[ $is_rocky ]]; then + sed -i "/proxy=/d" /etc/dnf/dnf.conf else [[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf fi @@ -1881,9 +1872,9 @@ drop_install_options() { remove_package() { local package_name=$1 - if [[ $is_centos ]]; then + if [[ $is_rocky ]]; then if rpm -qa | grep -q "$package_name"; then - logCmd "yum remove -y $package_name" + logCmd "dnf remove -y $package_name" fi else if dpkg -l | grep -q "$package_name"; then @@ -1908,7 +1899,7 @@ securityonion_repo() { echo "Syncing Repo" repo_sync_local fi - logCmd "yum -v clean all" + logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" logCmd "ls -la /etc/yum.repos.d/" @@ -1928,13 +1919,13 @@ securityonion_repo() { fi # need to yum clean all before repo conf files are removed or clean,cleans nothing - logCmd "yum repolist all" + logCmd "dnf repolist all" # update this package because the repo config files get added back # if the package is updated when the update_packages function is called - logCmd "yum -v -y update centos-release" + logCmd "dnf -v -y update rocky-release" info "Backing up the .repo files that were added by the centos-release package." - logCmd "mv -bvf /etc/yum.repos.d/CentOS* /root/oldrepos/" - logCmd "yum repolist all" + logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/" + logCmd "dnf repolist all" fi } @@ -1968,14 +1959,14 @@ repo_sync_local() { if [[ ! "$REPOSYNC" -gt 0 ]]; then # Install reposync info "Installing createrepo" - logCmd "yum -y install -c /root/repodownload.conf yum-utils createrepo" + logCmd "dnf -y install -c /root/repodownload.conf createrepo" else info "We have what we need to sync" fi # Make sure we can get to the sig repo logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/checkup --output /tmp/checkup" - logCmd "reposync --norepopath -n -g -l -d -m -c /root/repodownload.conf -r securityonionsync --download-metadata -p /nsm/repo/" + logCmd "dnf reposync --norepopath -n -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" # After the download is complete run createrepo