CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14865 from Security-Onion-Solutions/saltuproc

Browse Source 
don't allow bootstrap-salt to start daemons. splay non manager highstates 120 seconds
This commit is contained in:
Josh Patterson
2025-07-22 13:37:28 -04:00
committed by GitHub
parent 1955434416 af49a8e4ef
commit ab4d055fd1
3 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/salt/map.jinja
View File

@@ -26,9 +26,9 @@
{% if INSTALLEDSALTVERSION != SALTVERSION %} {% if INSTALLEDSALTVERSION != SALTVERSION %}
{% if grains.os_family|lower == 'redhat' %} {% if grains.os_family|lower == 'redhat' %}
{% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F stable ' ~ SALTVERSION %} {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -X -r -F stable ' ~ SALTVERSION %}
{% elif grains.os_family|lower == 'debian' %} {% elif grains.os_family|lower == 'debian' %}
{% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -F stable ' ~ SALTVERSION %} {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -X -F stable ' ~ SALTVERSION %}
{% endif %} {% endif %}
{% else %} {% else %}
{% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %} {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %}

18
salt/salt/minion.sls
View File

@@ -38,12 +38,22 @@ unhold_salt_packages:
{% endfor %} {% endfor %}
install_salt_minion: install_salt_minion:
cmd.run:
- name: /bin/sh -c '{{ UPGRADECOMMAND }}'
# minion service is in failed state after upgrade. this command will start it after the state run for the upgrade completes
start_minion_post_upgrade:
cmd.run: cmd.run:
- name: | - name: |
exec 0>&- # close stdin exec 0>&- # close stdin
exec 1>&- # close stdout exec 1>&- # close stdout
exec 2>&- # close stderr exec 2>&- # close stderr
nohup /bin/sh -c '{{ UPGRADECOMMAND }}' & nohup /bin/sh -c 'sleep 30; systemctl start salt-minion' &
- require:
- cmd: install_salt_minion
- watch:
- cmd: install_salt_minion
- order: last
{% endif %} {% endif %}
@@ -52,11 +62,9 @@ install_salt_minion:
hold_salt_packages: hold_salt_packages:
pkg.held: pkg.held:
- pkgs: - pkgs:
{% for package in SALTPACKAGES %} {% for package in SALTPACKAGES %}
{% if salt['pkg.version'](package) %}
- {{ package }}: {{SALTVERSION}}-0.* - {{ package }}: {{SALTVERSION}}-0.*
{% endif %} {% endfor %}
{% endfor %}
remove_error_log_level_logfile: remove_error_log_level_logfile:
file.line: file.line:

5
salt/schedule.sls
View File

@@ -1,5 +1,10 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
highstate_schedule: highstate_schedule:
schedule.present: schedule.present:
- function: state.highstate - function: state.highstate
- minutes: 15 - minutes: 15
- maxrunning: 1 - maxrunning: 1
{% if not GLOBALS.is_manager %}
- splay: 120
{% endif %}