mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 09:42:46 +01:00
Merge pull request #125 from m0duspwnens/master
Upgrade Salt to 2019.2.2 and fix module.run deprecation warnings
This commit is contained in:
Mike Reeves
GitHub
@@ -39,10 +39,10 @@ pki_private_key:
|
||||
- require:
|
||||
- file: /etc/pki
|
||||
|
||||
mine.send:
|
||||
send_x509_pem_entries_to_mine:
|
||||
module.run:
|
||||
- func: x509.get_pem_entries
|
||||
- kwargs:
|
||||
glob_path: /etc/pki/ca.crt
|
||||
- mine.send:
|
||||
- func: x509.get_pem_entries
|
||||
- glob_path: /etc/pki/ca.crt
|
||||
- onchanges:
|
||||
- x509: /etc/pki/ca.crt
|
||||
|
||||
@@ -316,7 +316,7 @@ grafanaconf:
|
||||
- source: salt://common/grafana/etc
|
||||
|
||||
{% if salt['pillar.get']('mastertab', False) %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('mastertab', {}).iteritems() %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
|
||||
dashboard-master:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
|
||||
@@ -337,7 +337,7 @@ dashboard-master:
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('sensorstab', False) %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('sensorstab', {}).iteritems() %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/forward_nodes/{{ SN }}-Sensor.json
|
||||
@@ -358,7 +358,7 @@ dashboard-{{ SN }}:
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('nodestab', False) %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).iteritems() %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/storage_nodes/{{ SN }}-Node.json
|
||||
@@ -379,7 +379,7 @@ dashboard-{{ SN }}:
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('evaltab', False) %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('evaltab', {}).iteritems() %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
|
||||
|
||||
@@ -15,7 +15,7 @@ patch_os_schedule:
|
||||
- patch.os
|
||||
- when:
|
||||
{% for days in os_schedule.patch.os.schedule %}
|
||||
{% for day, times in days.iteritems() %}
|
||||
{% for day, times in days.items() %}
|
||||
{% for time in times %}
|
||||
- {{day}} {{time}}
|
||||
{% endfor %}
|
||||
@@ -64,13 +64,13 @@ remove_patch_os_schedule:
|
||||
|
||||
{% else %}
|
||||
|
||||
no_os_patch_schedule_name_set:
|
||||
no_patch_os_schedule_name_set:
|
||||
test.fail_without_changes:
|
||||
- name: "Set a pillar value for patch:os:schedule_name in this minion's .sls file. If an OS patch schedule is not listed as enabled in show_schedule output below, then OS patches will need to be applied manually until this is corrected."
|
||||
|
||||
show_schedule:
|
||||
show_patch_os_schedule:
|
||||
module.run:
|
||||
- name: schedule.is_enabled
|
||||
- m_name: patch_os_schedule
|
||||
- schedule.is_enabled:
|
||||
- name: patch_os_schedule
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -11,9 +11,9 @@ playbookdb:
|
||||
|
||||
playbookwebhook:
|
||||
module.run:
|
||||
- name: sqlite3.modify
|
||||
- db: /opt/so/conf/playbook/redmine.db
|
||||
- sql: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
|
||||
- sqlite3.modify:
|
||||
- db: /opt/so/conf/playbook/redmine.db
|
||||
- sql: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
|
||||
|
||||
navigatorconfig:
|
||||
file.managed:
|
||||
|
||||
@@ -31,6 +31,6 @@ echo "Applying cross cluster search config..."
|
||||
|
||||
# Add all the storage nodes to cross cluster searching.
|
||||
|
||||
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).iteritems() %}
|
||||
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
|
||||
curl -XPUT http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SNDATA.ip }}:9300"]}}}}}'
|
||||
{%- endfor %}
|
||||
|
||||
@@ -255,6 +255,9 @@ configure_minion() {
|
||||
|
||||
fi
|
||||
|
||||
echo "use_superseded:" >> /etc/salt/minion
|
||||
echo " - module.run" >> /etc/salt/minion
|
||||
|
||||
service salt-minion restart
|
||||
|
||||
}
|
||||
@@ -352,7 +355,9 @@ docker_install() {
|
||||
yum -y install yum-utils device-mapper-persistent-data lvm2 openssl
|
||||
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
||||
yum -y update
|
||||
yum -y install docker-ce docker-python python-docker
|
||||
yum -y install docker-ce
|
||||
pip3 install docker
|
||||
set_environment_var "PYTHONPATH=$PYTHONPATH:/usr/local/lib/python3.6/site-packages/"
|
||||
if [ $INSTALLTYPE != 'EVALMODE' ]; then
|
||||
docker_registry
|
||||
fi
|
||||
@@ -500,7 +505,7 @@ install_master() {
|
||||
wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
|
||||
|
||||
else
|
||||
apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 salt-minion=2018.3.4+ds-1 python-m2crypto
|
||||
apt-get install -y salt-common=2019.2.2+ds-1 salt-master=2019.2.2+ds-1 salt-minion=2019.2.2+ds-1 python-m2crypto
|
||||
apt-mark hold salt-common salt-master salt-minion
|
||||
apt-get install -y python-m2crypto
|
||||
fi
|
||||
@@ -696,9 +701,9 @@ saltify() {
|
||||
ADDUSER=adduser
|
||||
|
||||
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
|
||||
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
|
||||
cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2018-3.repo
|
||||
sed -i 's/latest/2018.3/g' /etc/yum.repos.d/salt-2018-3.repo
|
||||
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
|
||||
cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo
|
||||
sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
|
||||
cat > /etc/yum.repos.d/wazuh.repo <<\EOF
|
||||
[wazuh_repo]
|
||||
gpgcheck=1
|
||||
@@ -812,13 +817,13 @@ EOF
|
||||
echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-latest.repo
|
||||
|
||||
# Proxy is hating on me.. Lets just set it manually
|
||||
echo "[salt-2018.3]" > /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "baseurl=https://repo.saltstack.com/yum/redhat/7/\$basearch/2018.3" >> /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "failovermethod=priority" >> /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "enabled=1" >> /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "gpgcheck=1" >> /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-2018-3.repo
|
||||
echo "[salt-2019.2]" > /etc/yum.repos.d/salt-2019-2.repo
|
||||
echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-2019-2.repo
|
||||
echo "baseurl=https://repo.saltstack.com/yum/redhat/7/\$basearch/2019.2" >> /etc/yum.repos.d/salt-2019-2.repo
|
||||
echo "failovermethod=priority" >> /etc/yum.repos.d/salt-2019-2.repo
|
||||
echo "enabled=1" >> /etc/yum.repos.d/salt-2019-2.repo
|
||||
echo "gpgcheck=1" >> /etc/yum.repos.d/salt-2019-2.repo
|
||||
echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-2019-2.repo
|
||||
|
||||
cat > /etc/yum.repos.d/wazuh.repo <<\EOF
|
||||
[wazuh_repo]
|
||||
@@ -831,8 +836,8 @@ protect=1
|
||||
EOF
|
||||
else
|
||||
yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
|
||||
cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2018-3.repo
|
||||
sed -i 's/latest/2018.3/g' /etc/yum.repos.d/salt-2018-3.repo
|
||||
cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo
|
||||
sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
|
||||
cat > /etc/yum.repos.d/wazuh.repo <<\EOF
|
||||
[wazuh_repo]
|
||||
gpgcheck=1
|
||||
@@ -846,16 +851,16 @@ EOF
|
||||
fi
|
||||
|
||||
yum clean expire-cache
|
||||
yum -y install salt-minion-2018.3.4 yum-utils device-mapper-persistent-data lvm2 openssl python-dateutil
|
||||
yum -y install salt-minion-2019.2.2 yum-utils device-mapper-persistent-data lvm2 openssl python-dateutil
|
||||
yum -y update exclude=salt*
|
||||
systemctl enable salt-minion
|
||||
|
||||
# Nasty hack but required for now
|
||||
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
|
||||
yum -y install salt-master-2018.3.4 python-m2crypto salt-minion-2018.3.4 m2crypto
|
||||
yum -y install salt-master-2019.2.2 python-m2crypto salt-minion-2019.2.2 m2crypto
|
||||
systemctl enable salt-master
|
||||
else
|
||||
yum -y install salt-minion-2018.3.4 python-m2m2crypto m2crypto
|
||||
yum -y install salt-minion-2019.2.2 python-m2m2crypto m2crypto
|
||||
fi
|
||||
echo "exclude=salt*" >> /etc/yum.conf
|
||||
|
||||
@@ -874,9 +879,9 @@ EOF
|
||||
|
||||
# Install the repo for salt
|
||||
wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
|
||||
wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2018.3/SALTSTACK-GPG-KEY.pub | apt-key add -
|
||||
echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list
|
||||
echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2018.3 xenial main" > /etc/apt/sources.list.d/saltstack2018.list
|
||||
wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add -
|
||||
echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list
|
||||
echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/2019.2 xenial main" > /etc/apt/sources.list.d/saltstack2019.list
|
||||
|
||||
# Lets get the docker repo added
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
@@ -895,7 +900,7 @@ EOF
|
||||
|
||||
# Initialize the new repos
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2018.3.4+ds-1 salt-common=2018.3.4+ds-1 python-m2cryptoi python-dateutil >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.2+ds-1 salt-common=2019.2.2+ds-1 python-m2cryptoi python-dateutil >> $SETUPLOG 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
|
||||
else
|
||||
@@ -909,7 +914,7 @@ EOF
|
||||
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
|
||||
# Initialize the new repos
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2018.3.4+ds-1 salt-common=2018.3.4+ds-1 python-m2crypto python-dateutil >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.2+ds-1 salt-common=2019.2.2+ds-1 python-m2crypto python-dateutil >> $SETUPLOG 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
|
||||
fi
|
||||
@@ -1020,6 +1025,15 @@ sensor_pillar() {
|
||||
|
||||
}
|
||||
|
||||
set_environment_var() {
|
||||
|
||||
echo "Setting environment variable: $1"
|
||||
|
||||
export "$1"
|
||||
echo "export $1" >> /etc/profile.d/set_env_vars.sh
|
||||
|
||||
}
|
||||
|
||||
set_hostname() {
|
||||
|
||||
hostnamectl set-hostname --static $HOSTNAME
|
||||
|
||||
Reference in New Issue
Block a user