Merge pull request #125 from m0duspwnens/master

Upgrade Salt to 2019.2.2 and fix module.run deprecation warnings

salt/ca/init.sls

@@ -39,10 +39,10 @@ pki_private_key:
     - require:
       - file: /etc/pki
 
-mine.send:
+send_x509_pem_entries_to_mine:
   module.run:
-    - func: x509.get_pem_entries
+    - mine.send:
-    - kwargs:
+      - func: x509.get_pem_entries
-        glob_path: /etc/pki/ca.crt
+      - glob_path: /etc/pki/ca.crt
     - onchanges:
       - x509: /etc/pki/ca.crt

salt/common/init.sls

@@ -316,7 +316,7 @@ grafanaconf:
     - source: salt://common/grafana/etc
 
 {% if salt['pillar.get']('mastertab', False) %}
-{%- for SN, SNDATA in salt['pillar.get']('mastertab', {}).iteritems() %}
+{%- for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
 dashboard-master:
   file.managed:
     - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
@@ -337,7 +337,7 @@ dashboard-master:
 {% endif %}
 
 {% if salt['pillar.get']('sensorstab', False) %}
-{%- for SN, SNDATA in salt['pillar.get']('sensorstab', {}).iteritems() %}
+{%- for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
 dashboard-{{ SN }}:
   file.managed:
     - name: /opt/so/conf/grafana/grafana_dashboards/forward_nodes/{{ SN }}-Sensor.json
@@ -358,7 +358,7 @@ dashboard-{{ SN }}:
 {% endif %}
 
 {% if salt['pillar.get']('nodestab', False) %}
-{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).iteritems() %}
+{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
 dashboard-{{ SN }}:
   file.managed:
     - name: /opt/so/conf/grafana/grafana_dashboards/storage_nodes/{{ SN }}-Node.json
@@ -379,7 +379,7 @@ dashboard-{{ SN }}:
 {% endif %}
 
 {% if salt['pillar.get']('evaltab', False) %}
-{%- for SN, SNDATA in salt['pillar.get']('evaltab', {}).iteritems() %}
+{%- for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
 dashboard-{{ SN }}:
   file.managed:
     - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json

salt/patch/os/schedule.sls

@@ -15,7 +15,7 @@ patch_os_schedule:
       - patch.os
     - when:
       {% for days in os_schedule.patch.os.schedule %}
-        {% for day, times in days.iteritems() %}
+        {% for day, times in days.items() %}
           {% for time in times %}
         - {{day}} {{time}}
           {% endfor %}
@@ -64,13 +64,13 @@ remove_patch_os_schedule:
 
 {% else %}
 
-no_os_patch_schedule_name_set:
+no_patch_os_schedule_name_set:
   test.fail_without_changes:
     - name: "Set a pillar value for patch:os:schedule_name in this minion's .sls file. If an OS patch schedule is not listed as enabled in show_schedule output below, then OS patches will need to be applied manually until this is corrected."
 
-show_schedule:
+show_patch_os_schedule:
   module.run:
-    - name: schedule.is_enabled
+    - schedule.is_enabled:
-    - m_name: patch_os_schedule
+      - name: patch_os_schedule
 
 {% endif %}

salt/playbook/init.sls

@@ -11,9 +11,9 @@ playbookdb:
 
 playbookwebhook:
   module.run:
-    - name: sqlite3.modify
+    - sqlite3.modify:
-    - db: /opt/so/conf/playbook/redmine.db
+      - db: /opt/so/conf/playbook/redmine.db
-    - sql: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
+      - sql: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
 
 navigatorconfig:
   file.managed:

salt/utility/bin/crossthestreams.sh

@@ -31,6 +31,6 @@ echo "Applying cross cluster search config..."
 
 # Add all the storage nodes to cross cluster searching.
 
-{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).iteritems() %}
+{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
 curl -XPUT http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SNDATA.ip }}:9300"]}}}}}'
 {%- endfor %}

so-setup-network.sh

@@ -255,6 +255,9 @@ configure_minion() {
 
   fi
 
+  echo "use_superseded:" >> /etc/salt/minion
+  echo "  - module.run" >> /etc/salt/minion
+
   service salt-minion restart
 
 }
@@ -352,7 +355,9 @@ docker_install() {
     yum -y install yum-utils device-mapper-persistent-data lvm2 openssl
     yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
     yum -y update
-    yum -y install docker-ce docker-python python-docker
+    yum -y install docker-ce
+    pip3 install docker
+    set_environment_var "PYTHONPATH=$PYTHONPATH:/usr/local/lib/python3.6/site-packages/"
     if [ $INSTALLTYPE != 'EVALMODE'  ]; then
       docker_registry
     fi
@@ -500,7 +505,7 @@ install_master() {
     wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
 
   else
-    apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 salt-minion=2018.3.4+ds-1 python-m2crypto
+    apt-get install -y salt-common=2019.2.2+ds-1 salt-master=2019.2.2+ds-1 salt-minion=2019.2.2+ds-1 python-m2crypto
     apt-mark hold salt-common salt-master salt-minion
     apt-get install -y python-m2crypto
   fi
@@ -696,9 +701,9 @@ saltify() {
     ADDUSER=adduser
 
     if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
-      yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
+      yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
-      cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2018-3.repo
+      cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo
-      sed -i 's/latest/2018.3/g' /etc/yum.repos.d/salt-2018-3.repo
+      sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
       cat > /etc/yum.repos.d/wazuh.repo <<\EOF
 [wazuh_repo]
 gpgcheck=1
@@ -812,13 +817,13 @@ EOF
         echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-latest.repo
 
         # Proxy is hating on me.. Lets just set it manually
-        echo "[salt-2018.3]" > /etc/yum.repos.d/salt-2018-3.repo
+        echo "[salt-2019.2]" > /etc/yum.repos.d/salt-2019-2.repo
-        echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-2018-3.repo
+        echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-2019-2.repo
-        echo "baseurl=https://repo.saltstack.com/yum/redhat/7/\$basearch/2018.3" >> /etc/yum.repos.d/salt-2018-3.repo
+        echo "baseurl=https://repo.saltstack.com/yum/redhat/7/\$basearch/2019.2" >> /etc/yum.repos.d/salt-2019-2.repo
-        echo "failovermethod=priority" >> /etc/yum.repos.d/salt-2018-3.repo
+        echo "failovermethod=priority" >> /etc/yum.repos.d/salt-2019-2.repo
-        echo "enabled=1" >> /etc/yum.repos.d/salt-2018-3.repo
+        echo "enabled=1" >> /etc/yum.repos.d/salt-2019-2.repo
-        echo "gpgcheck=1" >> /etc/yum.repos.d/salt-2018-3.repo
+        echo "gpgcheck=1" >> /etc/yum.repos.d/salt-2019-2.repo
-        echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-2018-3.repo
+        echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-2019-2.repo
 
         cat > /etc/yum.repos.d/wazuh.repo <<\EOF
 [wazuh_repo]
@@ -831,8 +836,8 @@ protect=1
 EOF
       else
         yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
-        cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2018-3.repo
+        cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo
-        sed -i 's/latest/2018.3/g' /etc/yum.repos.d/salt-2018-3.repo
+        sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
 cat > /etc/yum.repos.d/wazuh.repo <<\EOF
 [wazuh_repo]
 gpgcheck=1
@@ -846,16 +851,16 @@ EOF
     fi
 
     yum clean expire-cache
-    yum -y install salt-minion-2018.3.4 yum-utils device-mapper-persistent-data lvm2 openssl python-dateutil
+    yum -y install salt-minion-2019.2.2 yum-utils device-mapper-persistent-data lvm2 openssl python-dateutil
     yum -y update exclude=salt*
     systemctl enable salt-minion
 
     # Nasty hack but required for now
     if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
-      yum -y install salt-master-2018.3.4 python-m2crypto salt-minion-2018.3.4 m2crypto
+      yum -y install salt-master-2019.2.2 python-m2crypto salt-minion-2019.2.2 m2crypto
       systemctl enable salt-master
     else
-      yum -y install salt-minion-2018.3.4 python-m2m2crypto m2crypto
+      yum -y install salt-minion-2019.2.2 python-m2m2crypto m2crypto
     fi
     echo "exclude=salt*" >> /etc/yum.conf
 
@@ -874,9 +879,9 @@ EOF
 
       # Install the repo for salt
       wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
-      wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2018.3/SALTSTACK-GPG-KEY.pub | apt-key add -
+      wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add -
-      echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list
+      echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list
-      echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2018.3 xenial main" > /etc/apt/sources.list.d/saltstack2018.list
+      echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/2019.2 xenial main" > /etc/apt/sources.list.d/saltstack2019.list
 
       # Lets get the docker repo added
       curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
@@ -895,7 +900,7 @@ EOF
 
       # Initialize the new repos
       apt-get update >> $SETUPLOG 2>&1
-      apt-get -y install salt-minion=2018.3.4+ds-1 salt-common=2018.3.4+ds-1 python-m2cryptoi python-dateutil >> $SETUPLOG 2>&1
+      apt-get -y install salt-minion=2019.2.2+ds-1 salt-common=2019.2.2+ds-1 python-m2cryptoi python-dateutil >> $SETUPLOG 2>&1
       apt-mark hold salt-minion salt-common
 
     else
@@ -909,7 +914,7 @@ EOF
       echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
       # Initialize the new repos
       apt-get update >> $SETUPLOG 2>&1
-      apt-get -y install salt-minion=2018.3.4+ds-1 salt-common=2018.3.4+ds-1 python-m2crypto python-dateutil >> $SETUPLOG 2>&1
+      apt-get -y install salt-minion=2019.2.2+ds-1 salt-common=2019.2.2+ds-1 python-m2crypto python-dateutil >> $SETUPLOG 2>&1
       apt-mark hold salt-minion salt-common
 
     fi
@@ -1020,6 +1025,15 @@ sensor_pillar() {
 
 }
 
+set_environment_var() {
+
+  echo "Setting environment variable: $1"
+
+  export "$1"
+  echo "export $1" >> /etc/profile.d/set_env_vars.sh
+
+}
+
 set_hostname() {
 
   hostnamectl set-hostname --static $HOSTNAME