merge with 2.4dev and fix conflict

salt/allowed_states.map.jinja

@@ -37,7 +37,6 @@
           'soc',
           'kratos',
           'elastic-fleet',
-          'elastic-fleet-package-registry',
           'firewall',
           'idstools',
           'suricata.manager',
@@ -123,7 +122,6 @@
           'soc',
           'kratos',
           'elastic-fleet',
-          'elastic-fleet-package-registry',
           'firewall',
           'idstools',
           'suricata.manager',
@@ -144,7 +142,6 @@
           'soc',
           'kratos',
           'elastic-fleet',
-          'elastic-fleet-package-registry',
           'firewall',
           'manager',
           'idstools',
@@ -175,7 +172,6 @@
           'soc',
           'kratos',
           'elastic-fleet',
-          'elastic-fleet-package-registry',
           'firewall',
           'idstools',
           'suricata.manager',

salt/common/tools/sbin/so-common

@@ -225,31 +225,17 @@ init_monitor() {
 }
 
 is_manager_node() {
-	# Check to see if this is a manager node
-	role=$(lookup_role)
-	is_single_node_grid && return 0
-	[ $role == 'manager' ] && return 0
-	[ $role == 'managersearch' ] && return 0
-	[ $role == 'helix' ] && return 0
-	return 1
+	grep "role: so-" /etc/salt/grains | grep -E "manager|eval|managersearch|standalone|import" &> /dev/null
 }
 
 is_sensor_node() {
 	# Check to see if this is a sensor (forward) node
-	role=$(lookup_role)
 	is_single_node_grid && return 0
-	[ $role == 'sensor' ] && return 0
-	[ $role == 'heavynode' ] && return 0
-	[ $role == 'helix' ] && return 0
-	return 1
+	grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode|helix" &> /dev/null
 }
 
 is_single_node_grid() {
-	role=$(lookup_role)
-	[ $role == 'eval' ] && return 0
-	[ $role == 'standalone' ] && return 0
-	[ $role == 'import' ] && return 0
-	return 1
+	grep "role: so-" /etc/salt/grains | grep -E "eval|standalone|import" &> /dev/null
 }
 
 lookup_bond_interfaces() {

salt/common/tools/sbin/so-grafana-dashboard-folder-delete

@@ -1,5 +1,8 @@
 # this script is used to delete the default Grafana dashboard folders that existed prior to Grafana dashboard and Salt management changes in 2.3.70
 
+# Exit if an error occurs. The next highstate will retry.
+set -e
+
 folders=$(curl -X GET http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders | jq -r '.[] | @base64')
 delfolder=("Manager" "Manager Search" "Sensor Nodes" "Search Nodes" "Standalone" "Eval Mode")
 

salt/common/tools/sbin/so-image-common

@@ -44,7 +44,6 @@ container_list() {
       "so-elastalert"
       "so-elastic-agent"
       "so-elastic-agent-builder"
-      "so-elastic-fleet-package-registry"
       "so-elasticsearch"
       "so-filebeat"
       "so-grafana"

salt/common/tools/sbin/so-playbook-reset

@@ -9,7 +9,11 @@
 
 . /usr/sbin/so-common
 
-salt-call state.apply playbook.db_init,playbook,playbook.automation_user_create
+salt-call state.apply playbook.db_init,playbook
+
+/usr/sbin/so-soctopus-restart
+
+salt-call state.apply playbook,playbook.automation_user_create
 
 /usr/sbin/so-soctopus-restart
 

salt/common/tools/sbin/so-sensoroni-restart

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart sensoroni $1

salt/common/tools/sbin/so-sensoroni-start

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start sensoroni $1

salt/common/tools/sbin/so-sensoroni-stop

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop sensoroni $1

salt/kibana/config.map.jinja

@@ -7,7 +7,6 @@
 
 {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %}
 
-{% do KIBANACONFIG.kibana.config.xpack.fleet.update({'registryUrl': 'http://' ~ GLOBALS.manager_ip ~ ':8080'}) %}
 
 {% if salt['pillar.get']('kibana:secrets') %}
   {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}

salt/kibana/defaults.yaml

@@ -5,6 +5,8 @@ kibana:
       name: kibana
       host: "0.0.0.0"
       basePath: /kibana
+      publicBaseUrl: https://{{salt['pillar.get']('global:url_base')}}/kibana
+      rewriteBasePath: false
     elasticsearch:
       ssl:
         verificationMode: none
@@ -31,7 +33,6 @@ kibana:
         kibanaServer:
           hostname: localhost
       fleet:
-        registryUrl: ""
         packages:
          - name: fleet_server
            version: latest

salt/playbook/files/automation_user_create.sh

@@ -2,8 +2,6 @@
 # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) -%}
 # {%- set automation_pass = salt['pillar.get']('secrets:playbook_automation', None) %}
 
-set -e
-
 local_salt_dir=/opt/so/saltstack/local
 
 try_count=6

salt/top.sls

@@ -191,7 +191,6 @@ base:
     {%- if REDIS %}
     - redis
     {%- endif %}
-    - elastic-fleet-package-registry
     {%- if KIBANA %}
     - kibana.so_savedobjects_defaults
     {%- endif %}