add OS logic

2025-12-06 17:22:49 +01:00 · 2023-06-28 15:57:43 -04:00
parent 0c320e3501
commit ae4befe377
5 changed files with 78 additions and 1 deletions
--- a/salt/_modules/needs_restarting.py
+++ b/salt/_modules/needs_restarting.py
@@ -10,6 +10,14 @@ def check():
    if path.exists('/var/run/reboot-required'):
      retval = 'True'

+  elif os == 'CentOS Stream':
+    cmd = 'needs-restarting -r > /dev/null 2>&1'
+    
+    try:
+      needs_restarting = subprocess.check_call(cmd, shell=True)
+    except subprocess.CalledProcessError:
+      retval = 'True'
+
  elif os == 'Rocky':
    cmd = 'needs-restarting -r > /dev/null 2>&1'
    
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -242,6 +242,31 @@ soversionfile:
    
 {% endif %}

+{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
+  {% if GLOBALS.os == 'CentOS Stream' %}     
+# Install Raid tools
+raidpkgs:
+  pkg.installed:
+    - skip_suggestions: True
+    - pkgs:
+      - securityonion-raidtools
+      - securityonion-megactl
+  {% endif %}
+
+# Install raid check cron
+so-raid-status:
+  cron.present:
+    - name: '/usr/sbin/so-raid-status > /dev/null 2>&1'
+    - identifier: so-raid-status
+    - user: root
+    - minute: '*/15'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
+{% endif %}
+
 {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
  {% if GLOBALS.os == 'Rocky' %}     
 # Install Raid tools
--- a/salt/desktop/trusted-ca.sls
+++ b/salt/desktop/trusted-ca.sls
@@ -27,6 +27,32 @@ update_ca_certs:
    - onchanges:
      - x509: trusted_ca

+{% elif GLOBALS.os == 'CentOS Stream' %}
+
+  {% set global_ca_text = [] %}
+  {% set global_ca_server = [] %}
+  {% set manager = GLOBALS.manager %}
+  {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
+    {% for host in x509dict %}
+      {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
+        {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
+        {% do global_ca_server.append(host) %}
+      {% endif %}
+    {% endfor %}
+  {% set trusttheca_text = global_ca_text[0] %}
+  {% set ca_server = global_ca_server[0] %}
+
+trusted_ca:
+  x509.pem_managed:
+    - name: /etc/pki/ca-trust/source/anchors/ca.crt
+    - text:  {{ trusttheca_text }}
+
+update_ca_certs:
+  cmd.run:
+    - name: update-ca-trust
+    - onchanges:
+      - x509: trusted_ca
+
 {% else %}

 desktop_trusted-ca_os_fail:
--- a/salt/repo/client/map.jinja
+++ b/salt/repo/client/map.jinja
@@ -1,4 +1,22 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
+
+{% if GLOBALS.os == 'CentOS Stream' %}
+
+  {% set REPOPATH = '/etc/yum.repos.d/' %}
+  {% set ABSENTFILES = [
+         'centos-addons.repo',
+         'centos-devel.repo',
+         'centos-extras.repo',
+         'centos.repo',
+         'docker-ce.repo',
+         'epel.repo',
+         'epel-testing.repo',
+         'saltstack.repo',
+         'salt-latest.repo',
+         'wazuh.repo'
+       ]
+  %}
+
 {% if GLOBALS.os == 'Rocky' %}

  {% set REPOPATH = '/etc/yum.repos.d/' %}
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -20,7 +20,7 @@
 {% set INSTALLEDSALTVERSION = grains.saltversion %}

 {% if grains.saltversion|string != SALTVERSION|string %}
-  {% if grains.os|lower in ['Rocky', 'redhat'] %}
+  {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %}
      {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
  {% elif grains.os|lower == 'ubuntu' %}
    {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}