From b2ee757db2b397f99b2d1e08495c99ce9cf6cd3d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Sep 2020 10:35:12 -0400 Subject: [PATCH] Airgap Time --- salt/airgap/files/yum.conf | 12 ++++++++++++ salt/airgap/init.sls | 6 +++++- salt/nginx/etc/nginx.conf.so-standalone | 19 +++++++++---------- salt/top.sls | 9 ++++++++- setup/so-functions | 8 +++++--- 5 files changed, 39 insertions(+), 15 deletions(-) create mode 100644 salt/airgap/files/yum.conf diff --git a/salt/airgap/files/yum.conf b/salt/airgap/files/yum.conf new file mode 100644 index 000000000..cbab7607d --- /dev/null +++ b/salt/airgap/files/yum.conf @@ -0,0 +1,12 @@ +[main] +cachedir=/var/cache/yum/$basearch/$releasever +keepcache=0 +debuglevel=2 +logfile=/var/log/yum.log +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +installonly_limit=2 +bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum +distroverpkg=centos-release \ No newline at end of file diff --git a/salt/airgap/init.sls b/salt/airgap/init.sls index c5f46e03b..5e972e877 100644 --- a/salt/airgap/init.sls +++ b/salt/airgap/init.sls @@ -1,5 +1,9 @@ {% set MANAGER = salt['grains.get']('master') %} -{% set IMAGEREPO = salt['pillar.get']('global:airgap') %} +airgapyum: + file.managed: + - name: /etc/yum/yum.conf + - source: salt://airgap/files/yum.conf + airgap.repo: pkgrepo.managed: - humanname: Airgap Repo diff --git a/salt/nginx/etc/nginx.conf.so-standalone b/salt/nginx/etc/nginx.conf.so-standalone index 220f86af5..dca073437 100644 --- a/salt/nginx/etc/nginx.conf.so-standalone +++ b/salt/nginx/etc/nginx.conf.so-standalone @@ -184,16 +184,15 @@ http { } {%- if ISAIRGAP is sameas true %} - location /repo/ { - #auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } + location /repo/ { + allow all; + sendfile on; + sendfile_max_chunk 1m; + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + } {%- endif %} diff --git a/salt/top.sls b/salt/top.sls index 719b367e8..8e0cbad59 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -9,17 +9,24 @@ {%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%} {% import_yaml 'salt/minion.defaults.yaml' as salt %} {% set saltversion = salt.salt.minion.version %} - +{% set ISAIRGAP = salt['pillar.get']('global:airgap') %} base: 'not G@saltversion:{{saltversion}}': - match: compound + {% if ISAIRGAP is sameas true %} + - airgap + {% endif %} - salt.minion 'G@os:CentOS and G@saltversion:{{saltversion}}': - match: compound + {% if ISAIRGAP is sameas true %} + - airgap + {% else %} - yum + {% endif %} - yum.packages '* and G@saltversion:{{saltversion}}': diff --git a/setup/so-functions b/setup/so-functions index 111f7ce5a..01dc15c78 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1109,7 +1109,7 @@ manager_global() { printf '%s\n'\ " airgap: False"\ >> "$global_pillar" fi - + # Check if TheHive is enabled. If so, add creds and other details if [[ "$THEHIVE" == "1" ]]; then printf '%s\n'\ @@ -1873,8 +1873,10 @@ set_redirect() { set_updates() { if [ "$MANAGERUPDATES" = '1' ]; then if [ "$OS" = 'centos' ]; then - if ! grep -q "$MSRV" /etc/yum.conf; then - echo "proxy=http://$MSRV:3142" >> /etc/yum.conf + if [[ ! $is_airgap ]]; then + if ! grep -q "$MSRV" /etc/yum.conf; then + echo "proxy=http://$MSRV:3142" >> /etc/yum.conf + fi fi else # Set it up so the updates roll through the manager