add OS logic

salt/_modules/needs_restarting.py

@@ -10,6 +10,14 @@ def check():
     if path.exists('/var/run/reboot-required'):
       retval = 'True'
 
+  elif os == 'CentOS Stream':
+    cmd = 'needs-restarting -r > /dev/null 2>&1'
+    
+    try:
+      needs_restarting = subprocess.check_call(cmd, shell=True)
+    except subprocess.CalledProcessError:
+      retval = 'True'
+
   elif os == 'Rocky':
     cmd = 'needs-restarting -r > /dev/null 2>&1'
     

salt/common/init.sls

@@ -242,6 +242,31 @@ soversionfile:
     
 {% endif %}
 
+{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
+  {% if GLOBALS.os == 'CentOS Stream' %}     
+# Install Raid tools
+raidpkgs:
+  pkg.installed:
+    - skip_suggestions: True
+    - pkgs:
+      - securityonion-raidtools
+      - securityonion-megactl
+  {% endif %}
+
+# Install raid check cron
+so-raid-status:
+  cron.present:
+    - name: '/usr/sbin/so-raid-status > /dev/null 2>&1'
+    - identifier: so-raid-status
+    - user: root
+    - minute: '*/15'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
+{% endif %}
+
 {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
   {% if GLOBALS.os == 'Rocky' %}     
 # Install Raid tools

salt/desktop/trusted-ca.sls

@@ -27,6 +27,32 @@ update_ca_certs:
     - onchanges:
       - x509: trusted_ca
 
+{% elif GLOBALS.os == 'CentOS Stream' %}
+
+  {% set global_ca_text = [] %}
+  {% set global_ca_server = [] %}
+  {% set manager = GLOBALS.manager %}
+  {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
+    {% for host in x509dict %}
+      {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
+        {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
+        {% do global_ca_server.append(host) %}
+      {% endif %}
+    {% endfor %}
+  {% set trusttheca_text = global_ca_text[0] %}
+  {% set ca_server = global_ca_server[0] %}
+
+trusted_ca:
+  x509.pem_managed:
+    - name: /etc/pki/ca-trust/source/anchors/ca.crt
+    - text:  {{ trusttheca_text }}
+
+update_ca_certs:
+  cmd.run:
+    - name: update-ca-trust
+    - onchanges:
+      - x509: trusted_ca
+
 {% else %}
 
 desktop_trusted-ca_os_fail:

salt/repo/client/map.jinja

@@ -1,4 +1,22 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
+
+{% if GLOBALS.os == 'CentOS Stream' %}
+
+  {% set REPOPATH = '/etc/yum.repos.d/' %}
+  {% set ABSENTFILES = [
+         'centos-addons.repo',
+         'centos-devel.repo',
+         'centos-extras.repo',
+         'centos.repo',
+         'docker-ce.repo',
+         'epel.repo',
+         'epel-testing.repo',
+         'saltstack.repo',
+         'salt-latest.repo',
+         'wazuh.repo'
+       ]
+  %}
+
 {% if GLOBALS.os == 'Rocky' %}
 
   {% set REPOPATH = '/etc/yum.repos.d/' %}

salt/salt/map.jinja

@@ -20,7 +20,7 @@
 {% set INSTALLEDSALTVERSION = grains.saltversion %}
 
 {% if grains.saltversion|string != SALTVERSION|string %}
-  {% if grains.os|lower in ['Rocky', 'redhat'] %}
+  {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %}
       {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
   {% elif grains.os|lower == 'ubuntu' %}
     {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}