From d0bb7dc475d6c3c59d47c588219d61556069f702 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 22 Feb 2023 10:04:43 -0500 Subject: [PATCH] repo for rocky --- .../rocky/keys/RPM-GPG-KEY-rockyofficial | 29 +++++++++ salt/repo/client/files/rocky/yum.conf.jinja | 17 +++++ salt/repo/client/rocky.sls | 62 +++++++++++++++++++ 3 files changed, 108 insertions(+) create mode 100644 salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial create mode 100644 salt/repo/client/files/rocky/yum.conf.jinja create mode 100644 salt/repo/client/rocky.sls diff --git a/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial b/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial new file mode 100644 index 000000000..28ce769ce --- /dev/null +++ b/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGAofzYBEAC6yS1azw6f3wmaVd//3aSy6O2c9+jeetulRQvg2LvhRRS1eNqp +/x9tbBhfohu/tlDkGpYHV7diePgMml9SZDy1sKlI3tDhx6GZ3xwF0fd1vWBZpmNk +D9gRkUmYBeLotmcXQZ8ZpWLicosFtDpJEYpLUhuIgTKwt4gxJrHvkWsGQiBkJxKD +u3/RlL4IYA3Ot9iuCBflc91EyAw1Yj0gKcDzbOqjvlGtS3ASXgxPqSfU0uLC9USF +uKDnP2tcnlKKGfj0u6VkqISliSuRAzjlKho9Meond+mMIFOTT6qp4xyu+9Dj3IjZ +IC6rBXRU3xi8z0qYptoFZ6hx70NV5u+0XUzDMXdjQ5S859RYJKijiwmfMC7gZQAf +OkdOcicNzen/TwD/slhiCDssHBNEe86Wwu5kmDoCri7GJlYOlWU42Xi0o1JkVltN +D8ZId+EBDIms7ugSwGOVSxyZs43q2IAfFYCRtyKHFlgHBRe9/KTWPUrnsfKxGJgC +Do3Yb63/IYTvfTJptVfhQtL1AhEAeF1I+buVoJRmBEyYKD9BdU4xQN39VrZKziO3 +hDIGng/eK6PaPhUdq6XqvmnsZ2h+KVbyoj4cTo2gKCB2XA7O2HLQsuGduHzYKNjf +QR9j0djjwTrsvGvzfEzchP19723vYf7GdcLvqtPqzpxSX2FNARpCGXBw9wARAQAB +tDNSZWxlYXNlIEVuZ2luZWVyaW5nIDxpbmZyYXN0cnVjdHVyZUByb2NreWxpbnV4 +Lm9yZz6JAk4EEwEIADgWIQRwUcRwqSn0VM6+N7cVr12sbXRaYAUCYCh/NgIbDwUL +CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAVr12sbXRaYLFmEACSMvoO1FDdyAbu +1m6xEzDhs7FgnZeQNzLZECv2j+ggFSJXezlNVOZ5I1I8umBan2ywfKQD8M+IjmrW +k9/7h9i54t8RS/RN7KNo7ECGnKXqXDPzBBTs1Gwo1WzltAoaDKUfXqQ4oJ4aCP/q +/XPVWEzgpJO1XEezvCq8VXisutyDiXEjjMIeBczxb1hbamQX+jLTIQ1MDJ4Zo1YP +zlUqrHW434XC2b1/WbSaylq8Wk9cksca5J+g3FqTlgiWozyy0uxygIRjb6iTzKXk +V7SYxeXp3hNTuoUgiFkjh5/0yKWCwx7aQqlHar9GjpxmBDAO0kzOlgtTw//EqTwR +KnYZLig9FW0PhwvZJUigr0cvs/XXTTb77z/i/dfHkrjVTTYenNyXogPtTtSyxqca +61fbPf0B/S3N43PW8URXBRS0sykpX4SxKu+PwKCqf+OJ7hMEVAapqzTt1q9T7zyB +QwvCVx8s7WWvXbs2d6ZUrArklgjHoHQcdxJKdhuRmD34AuXWCLW+gH8rJWZpuNl3 ++WsPZX4PvjKDgMw6YMcV7zhWX6c0SevKtzt7WP3XoKDuPhK1PMGJQqQ7spegGB+5 +DZvsJS48Ip0S45Qfmj82ibXaCBJHTNZE8Zs+rdTjQ9DS5qvzRA1sRA1dBb/7OLYE +JmeWf4VZyebm+gc50szsg6Ut2yT8hw== +=AiP8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/rocky/yum.conf.jinja b/salt/repo/client/files/rocky/yum.conf.jinja new file mode 100644 index 000000000..bd31ac007 --- /dev/null +++ b/salt/repo/client/files/rocky/yum.conf.jinja @@ -0,0 +1,17 @@ +{% set proxy = salt['pillar.get']('manager:proxy') -%} +[main] +cachedir=/var/cache/yum/$basearch/$releasever +keepcache=0 +debuglevel=2 +logfile=/var/log/yum.log +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} +bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum +distroverpkg=centos-release +clean_requirements_on_remove=1 +{% if proxy -%} +proxy={{ proxy }} +{% endif %} diff --git a/salt/repo/client/rocky.sls b/salt/repo/client/rocky.sls new file mode 100644 index 000000000..9d522f849 --- /dev/null +++ b/salt/repo/client/rocky.sls @@ -0,0 +1,62 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use +# this file except in compliance with the Elastic License 2.0. + +{% from 'repo/client/map.jinja' import ABSENTFILES with context %} +{% from 'repo/client/map.jinja' import REPOPATH with context %} +{% from 'vars/globals.map.jinja' import GLOBALS %} + +{% set role = grains.id.split('_') | last %} +{% set MANAGER = salt['grains.get']('master') %} +{% if grains['os'] == 'Rocky' %} + +{% if ABSENTFILES|length > 0%} + {% for file in ABSENTFILES %} +{{ file }}: + file.absent: + - name: {{ REPOPATH }}{{ file }} + - onchanges_in: + - cmd: cleanyum + {% endfor %} +{% endif %} + +cleanyum: + cmd.run: + - name: 'yum clean all' + - onchanges: + - so_repo + +yumconf: + file.managed: + - name: /etc/yum.conf + - source: salt://repo/client/files/rocky/yum.conf.jinja + - mode: 644 + - template: jinja + - show_changes: False + +repair_yumdb: + cmd.run: + - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all' + - onlyif: + - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"' + +crsynckeys: + file.recurse: + - name: /etc/pki/rpm-gpg + - source: salt://repo/client/files/rocky/keys/ + +so_repo: + pkgrepo.managed: + - name: securityonion + - humanname: Security Onion Repo + {% if GLOBALS.role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] %} + - baseurl: file:///nsm/repo/ + {% else %} + - baseurl: https://{{ GLOBALS.repo_host }}/repo + {% endif %} + - enabled: 1 + - gpgcheck: 1 + +{% endif %} + +# TODO: Add a pillar entry for custom repos