From a50b3e84755369484d2b5e18c6e672e3898c5d9e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 10:22:06 -0400 Subject: [PATCH 1/7] add delay to salt-minion service starting - https://github.com/Security-Onion-Solutions/securityonion/issues/3543 --- salt/salt/minion.defaults.yaml | 3 ++- salt/salt/minion.sls | 17 +++++++++++- salt/salt/service/salt-minion.service.jinja | 30 +++++++++++++++++++++ salt/systemd/reload.sls | 3 +++ 4 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 salt/salt/service/salt-minion.service.jinja create mode 100644 salt/systemd/reload.sls diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 9d888f106..560493bed 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -3,4 +3,5 @@ salt: minion: version: 3003 - check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default \ No newline at end of file + check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default + service_start_delay: 30 # in seconds. \ No newline at end of file diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 004fddebe..e4e339b42 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -2,9 +2,11 @@ {% from 'salt/map.jinja' import UPGRADECOMMAND with context %} {% from 'salt/map.jinja' import SALTVERSION %} {% from 'salt/map.jinja' import INSTALLEDSALTVERSION %} +{% from 'salt/minion.defaults.yaml' import salt.minion.service_start_delay as service_start_delay %} include: - salt + - systemd.reload install_salt_minion: cmd.run: @@ -32,8 +34,21 @@ set_log_levels: - listen_in: - service: salt_minion_service +salt_minion_service_unit_file: + file.managed: + - name: /etc/systemd/system/multi-user.target.wants/salt-minion.service + - source: salt://salt/service/salt-minion.servic.jinja + - template: jinja + - defaults: + - service_start_delay: {{ service_start_delay }} + - onchanges_in: + - module: systemd_reload + - listen_in: + - service: salt_minion_service + salt_minion_service: service.running: - name: salt-minion - enable: True - - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}" \ No newline at end of file + - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}" + diff --git a/salt/salt/service/salt-minion.service.jinja b/salt/salt/service/salt-minion.service.jinja new file mode 100644 index 000000000..aea68b994 --- /dev/null +++ b/salt/salt/service/salt-minion.service.jinja @@ -0,0 +1,30 @@ +[Unit] +Description=The Salt Minion +Documentation=man:salt-minion(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltstack.com/en/latest/contents.html +After=network.target salt-master.service + +[Service] +KillMode=process +Type=notify +NotifyAccess=all +LimitNOFILE=8192 +ExecStart=/usr/bin/salt-minion +ExecStartPre=/bin/sleep {{ salt['pillar.get']('salt:minion:service_start_delay', service_start_delay) }} + +[Install] +WantedBy=multi-user.target + + + + + + + + + + + + + + + diff --git a/salt/systemd/reload.sls b/salt/systemd/reload.sls new file mode 100644 index 000000000..ff2185539 --- /dev/null +++ b/salt/systemd/reload.sls @@ -0,0 +1,3 @@ +systemd_reload: + module.run: + - service.systemctl_reload: [] \ No newline at end of file From 9bfdae9cd5c9bb8f97694a57db80374a6d32e3f5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 11:06:06 -0400 Subject: [PATCH 2/7] fix import --- salt/salt/minion.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index e4e339b42..a2b8a17e3 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -2,7 +2,8 @@ {% from 'salt/map.jinja' import UPGRADECOMMAND with context %} {% from 'salt/map.jinja' import SALTVERSION %} {% from 'salt/map.jinja' import INSTALLEDSALTVERSION %} -{% from 'salt/minion.defaults.yaml' import salt.minion.service_start_delay as service_start_delay %} +{% from 'salt/minion.defaults.yaml' import salt as SALTMINION %} +{% set service_start_delay = SALTMINION.salt.minion.service_start_delay %} include: - salt From 47aa66876d27c4d99cf12da999ea934542918e60 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 11:07:16 -0400 Subject: [PATCH 3/7] fix import --- salt/salt/minion.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index a2b8a17e3..2c023cbdd 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -2,7 +2,7 @@ {% from 'salt/map.jinja' import UPGRADECOMMAND with context %} {% from 'salt/map.jinja' import SALTVERSION %} {% from 'salt/map.jinja' import INSTALLEDSALTVERSION %} -{% from 'salt/minion.defaults.yaml' import salt as SALTMINION %} +{% import_yaml 'salt/minion.defaults.yaml' as SALTMINION %} {% set service_start_delay = SALTMINION.salt.minion.service_start_delay %} include: From 48c531bc2c6de762e2859ff7e65bd8a977aa3266 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 11:09:13 -0400 Subject: [PATCH 4/7] fix file defaults def --- salt/salt/minion.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 2c023cbdd..9d16846d9 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -41,7 +41,7 @@ salt_minion_service_unit_file: - source: salt://salt/service/salt-minion.servic.jinja - template: jinja - defaults: - - service_start_delay: {{ service_start_delay }} + service_start_delay: {{ service_start_delay }} - onchanges_in: - module: systemd_reload - listen_in: From d003d4941b56e100a8eae657d206df68ee3a5a17 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 11:10:19 -0400 Subject: [PATCH 5/7] fix bad typing --- salt/salt/minion.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 9d16846d9..44f866880 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -38,7 +38,7 @@ set_log_levels: salt_minion_service_unit_file: file.managed: - name: /etc/systemd/system/multi-user.target.wants/salt-minion.service - - source: salt://salt/service/salt-minion.servic.jinja + - source: salt://salt/service/salt-minion.service.jinja - template: jinja - defaults: service_start_delay: {{ service_start_delay }} From f60da54ff030c2db9da65f87f4cbeb4a55c67c75 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 11:11:13 -0400 Subject: [PATCH 6/7] remove extra lines at end --- salt/salt/service/salt-minion.service.jinja | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/salt/salt/service/salt-minion.service.jinja b/salt/salt/service/salt-minion.service.jinja index aea68b994..c7bae0bc2 100644 --- a/salt/salt/service/salt-minion.service.jinja +++ b/salt/salt/service/salt-minion.service.jinja @@ -12,19 +12,4 @@ ExecStart=/usr/bin/salt-minion ExecStartPre=/bin/sleep {{ salt['pillar.get']('salt:minion:service_start_delay', service_start_delay) }} [Install] -WantedBy=multi-user.target - - - - - - - - - - - - - - - +WantedBy=multi-user.target \ No newline at end of file From 71d7ca8958bdd68e01a98949049910a8577ca734 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 14 Apr 2021 15:48:33 -0400 Subject: [PATCH 7/7] only manage service file if the right salt version is installed --- salt/salt/minion.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 44f866880..1c7f1a5e8 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -46,6 +46,7 @@ salt_minion_service_unit_file: - module: systemd_reload - listen_in: - service: salt_minion_service + - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}" salt_minion_service: service.running: