Airgap Time

salt/airgap/files/yum.conf

@@ -0,0 +1,12 @@
+[main]
+cachedir=/var/cache/yum/$basearch/$releasever
+keepcache=0
+debuglevel=2
+logfile=/var/log/yum.log
+exactarch=1
+obsoletes=1
+gpgcheck=1
+plugins=1
+installonly_limit=2
+bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
+distroverpkg=centos-release

salt/airgap/init.sls

@@ -1,5 +1,9 @@
 {% set MANAGER = salt['grains.get']('master') %}
-{% set IMAGEREPO = salt['pillar.get']('global:airgap') %}
+airgapyum:
+  file.managed:
+    - name: /etc/yum/yum.conf
+    - source: salt://airgap/files/yum.conf
+
 airgap.repo:
   pkgrepo.managed:
     - humanname: Airgap Repo

salt/nginx/etc/nginx.conf.so-standalone

@@ -184,16 +184,15 @@ http {
 		} 
 		
 		{%- if ISAIRGAP is sameas true %}
-		location /repo/ {
-			#auth_request          /auth/sessions/whoami;
-			proxy_read_timeout    90;
-			proxy_connect_timeout 90;
-			proxy_set_header      Host $host;
-			proxy_set_header      X-Real-IP $remote_addr;
-			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_set_header      Proxy "";
-			proxy_set_header      X-Forwarded-Proto $scheme;
-		}
+                location /repo/ {
+                        allow all;
+                        sendfile on;
+                        sendfile_max_chunk 1m;
+                        autoindex on;
+                        autoindex_exact_size off;
+                        autoindex_format html;
+                        autoindex_localtime on;
+                }
 
 		{%- endif %}
 

salt/top.sls

@@ -9,17 +9,24 @@
 {%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%}
 {% import_yaml 'salt/minion.defaults.yaml' as salt %}
 {% set saltversion = salt.salt.minion.version %}
-
+{% set ISAIRGAP = salt['pillar.get']('global:airgap') %}
 
 base:
 
   'not G@saltversion:{{saltversion}}':
     - match: compound
+    {% if ISAIRGAP is sameas true %}
+    - airgap
+    {% endif %}
     - salt.minion
 
   'G@os:CentOS and G@saltversion:{{saltversion}}':
     - match: compound
+    {% if ISAIRGAP is sameas true %}
+    - airgap
+    {% else %}
     - yum
+    {% endif %}
     - yum.packages
 
   '* and G@saltversion:{{saltversion}}':

setup/so-functions

@@ -1109,7 +1109,7 @@ manager_global() {
 		        printf '%s\n'\
                         "  airgap: False"\ >> "$global_pillar"
 		fi
-		        
+
         # Check if TheHive is enabled.  If so, add creds and other details
         if [[ "$THEHIVE" == "1" ]]; then
                 printf '%s\n'\
@@ -1873,8 +1873,10 @@ set_redirect() {
 set_updates() {
 	if [ "$MANAGERUPDATES" = '1' ]; then
 		if [ "$OS" = 'centos' ]; then
-			if ! grep -q "$MSRV" /etc/yum.conf; then
-				echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
+		    if [[ ! $is_airgap ]]; then
+			    if ! grep -q "$MSRV" /etc/yum.conf; then
+				    echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
+			    fi
 			fi
 		else
 			# Set it up so the updates roll through the manager