CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-22 18:28:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move setup-complete marker from /opt/so/conf to /opt/so/state

Browse Source 
The setup-complete marker is a runtime-state file, not config, so move it
to /opt/so/state/setup-complete. Updates both writers (mark_setup_complete
in setup/so-functions and the upgrade-path state in minion/init.sls) and the
three readers (so-boot-highstate.service ConditionPathExists, boot_highstate.sls
enable gate, and the so-user_sync cron gate).
This commit is contained in:
Josh Patterson
2026-06-04 15:07:27 -04:00
parent f5d63f585e
commit cb3631da81
5 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/salt/minion/boot_highstate.sls
+1 -1
View File
@@ -25,7 +25,7 @@ so_boot_highstate_unit_file:
so_boot_highstate_service:
service.enabled:
- name: so-boot-highstate.service
- onlyif: test -e /opt/so/conf/setup-complete
- onlyif: test -e /opt/so/state/setup-complete
- require:
- file: so_boot_highstate_unit_file
- module: systemd_reload
salt/salt/minion/init.sls
+2 -2
View File
@@ -94,14 +94,14 @@ remove_startup_states:
- mode: delete
# Upgrade-path bridge: systems that already passed setup under the old gate
# (`grep -x 'startup_states: highstate' /etc/salt/minion`) get a setup-complete
# (`grep -x 'startup_states: highstate' /etc/salt/minion`) get a /opt/so/state/setup-complete
# marker so so-boot-highstate.service can be enabled and the so-user_sync cron
# in sync_es_users.sls keeps installing. Setup-in-progress systems instead get
# the marker from `mark_setup_complete` in setup/so-functions at the right
# moment. `replace: false` means we never overwrite a marker once written.
mark_setup_complete_for_upgrades:
file.managed:
- name: /opt/so/conf/setup-complete
- name: /opt/so/state/setup-complete
- replace: false
- makedirs: True
- onlyif: "grep -qx 'startup_states: highstate' /etc/salt/minion"
salt/salt/service/so-boot-highstate.service
+1 -1
View File
@@ -3,7 +3,7 @@ Description=Security Onion boot-time highstate (runs once per boot)
After=salt-minion.service network-online.target docker.service
Wants=network-online.target docker.service
Requires=salt-minion.service
ConditionPathExists=/opt/so/conf/setup-complete
ConditionPathExists=/opt/so/state/setup-complete
[Service]
Type=oneshot