From ae4befe377fb48e3a835cc176c9a672ed71db1de Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 28 Jun 2023 15:57:43 -0400
Subject: [PATCH] add OS logic

---
 salt/_modules/needs_restarting.py |  8 ++++++++
 salt/common/init.sls              | 25 +++++++++++++++++++++++++
 salt/desktop/trusted-ca.sls       | 26 ++++++++++++++++++++++++++
 salt/repo/client/map.jinja        | 18 ++++++++++++++++++
 salt/salt/map.jinja               |  2 +-
 5 files changed, 78 insertions(+), 1 deletion(-)

diff --git a/salt/_modules/needs_restarting.py b/salt/_modules/needs_restarting.py
index 8f5b50242..c2f7e8b12 100644
--- a/salt/_modules/needs_restarting.py
+++ b/salt/_modules/needs_restarting.py
@@ -10,6 +10,14 @@ def check():
     if path.exists('/var/run/reboot-required'):
       retval = 'True'
 
+  elif os == 'CentOS Stream':
+    cmd = 'needs-restarting -r > /dev/null 2>&1'
+    
+    try:
+      needs_restarting = subprocess.check_call(cmd, shell=True)
+    except subprocess.CalledProcessError:
+      retval = 'True'
+
   elif os == 'Rocky':
     cmd = 'needs-restarting -r > /dev/null 2>&1'
     
diff --git a/salt/common/init.sls b/salt/common/init.sls
index c23e82543..4fe150f02 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -242,6 +242,31 @@ soversionfile:
     
 {% endif %}
 
+{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
+  {% if GLOBALS.os == 'CentOS Stream' %}     
+# Install Raid tools
+raidpkgs:
+  pkg.installed:
+    - skip_suggestions: True
+    - pkgs:
+      - securityonion-raidtools
+      - securityonion-megactl
+  {% endif %}
+
+# Install raid check cron
+so-raid-status:
+  cron.present:
+    - name: '/usr/sbin/so-raid-status > /dev/null 2>&1'
+    - identifier: so-raid-status
+    - user: root
+    - minute: '*/15'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
+{% endif %}
+
 {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
   {% if GLOBALS.os == 'Rocky' %}     
 # Install Raid tools
diff --git a/salt/desktop/trusted-ca.sls b/salt/desktop/trusted-ca.sls
index 352b747b6..18f5b16e0 100644
--- a/salt/desktop/trusted-ca.sls
+++ b/salt/desktop/trusted-ca.sls
@@ -27,6 +27,32 @@ update_ca_certs:
     - onchanges:
       - x509: trusted_ca
 
+{% elif GLOBALS.os == 'CentOS Stream' %}
+
+  {% set global_ca_text = [] %}
+  {% set global_ca_server = [] %}
+  {% set manager = GLOBALS.manager %}
+  {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
+    {% for host in x509dict %}
+      {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
+        {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
+        {% do global_ca_server.append(host) %}
+      {% endif %}
+    {% endfor %}
+  {% set trusttheca_text = global_ca_text[0] %}
+  {% set ca_server = global_ca_server[0] %}
+
+trusted_ca:
+  x509.pem_managed:
+    - name: /etc/pki/ca-trust/source/anchors/ca.crt
+    - text:  {{ trusttheca_text }}
+
+update_ca_certs:
+  cmd.run:
+    - name: update-ca-trust
+    - onchanges:
+      - x509: trusted_ca
+
 {% else %}
 
 desktop_trusted-ca_os_fail:
diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja
index 515ec515b..35f1b23d6 100644
--- a/salt/repo/client/map.jinja
+++ b/salt/repo/client/map.jinja
@@ -1,4 +1,22 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
+
+{% if GLOBALS.os == 'CentOS Stream' %}
+
+  {% set REPOPATH = '/etc/yum.repos.d/' %}
+  {% set ABSENTFILES = [
+         'centos-addons.repo',
+         'centos-devel.repo',
+         'centos-extras.repo',
+         'centos.repo',
+         'docker-ce.repo',
+         'epel.repo',
+         'epel-testing.repo',
+         'saltstack.repo',
+         'salt-latest.repo',
+         'wazuh.repo'
+       ]
+  %}
+
 {% if GLOBALS.os == 'Rocky' %}
 
   {% set REPOPATH = '/etc/yum.repos.d/' %}
diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja
index 14e735b56..b6b109c47 100644
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -20,7 +20,7 @@
 {% set INSTALLEDSALTVERSION = grains.saltversion %}
 
 {% if grains.saltversion|string != SALTVERSION|string %}
-  {% if grains.os|lower in ['Rocky', 'redhat'] %}
+  {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %}
       {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
   {% elif grains.os|lower == 'ubuntu' %}
     {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}