change to salt 3001.1, fix dupe state name, add git branch option to soup

2025-12-06 17:22:49 +01:00 · 2020-07-27 17:53:02 -04:00
parent 7606cc0ad0
commit e811718ebc
4 changed files with 16 additions and 10 deletions
--- a/pillar/salt/master.sls
+++ b/pillar/salt/master.sls
@@ -1,4 +1,4 @@
 #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
 salt:
  master:
-    version: 3001
+    version: 3001.1
--- a/pillar/salt/minion.sls
+++ b/pillar/salt/minion.sls
@@ -1,4 +1,4 @@
 #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
 salt:
  minion:
-    version: 3001
+    version: 3001.1
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -20,6 +20,7 @@ UPDATE_DIR=/tmp/sogh/securityonion
 INSTALLEDVERSION=$(cat /etc/soversion)
 INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
 default_salt_dir=/opt/so/saltstack/default
+SOUP_BRANCH=$1

 manager_check() {
  # Check to see if this is a manager
@@ -44,11 +45,11 @@ clone_to_tmp() {
  # Make a temp location for the files
  mkdir -p /tmp/sogh
  cd /tmp/sogh
-  SOUP_BRANCH=""
-  if [ -n "$BRANCH" ]; then
-    SOUP_BRANCH="-b $BRANCH"
+  if [ -n "$SOUP_BRANCH" ]; then
+    git clone -b $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
+  else
+    git clone https://github.com/Security-Onion-Solutions/securityonion.git
  fi
-  git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
  cd /tmp
  if [ ! -f $UPDATE_DIR/VERSION ]; then
    echo "Update was unable to pull from github. Please check your internet."
@@ -151,7 +152,12 @@ update_version() {

 upgrade_check() {
    # Let's make sure we actually need to update.
-    NEWVERSION=$(cat $UPDATE_DIR/VERSION)
+    if [ -n "$SOUP_BRANCH" ]; then
+      NEWVERSION="$SOUP_BRANCH"
+    else
+      NEWVERSION=$(cat $UPDATE_DIR/VERSION)
+    fi
+    
    if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
      echo "You are already running the latest version of Security Onion."
      exit 0
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -253,7 +253,7 @@ fbcertdir:
    - name: /opt/so/conf/filebeat/etc/pki
    - makedirs: True

-/etc/pki/filebeat.key:
+/opt/so/conf/filebeat/etc/pki/filebeat.key:
  x509.private_key_managed:
    - CN: {{ manager }}
    - bits: 4096
@@ -261,9 +261,9 @@ fbcertdir:
    - days_valid: 820
    - backup: True
    - new: True
-    {% if salt['file.file_exists']('/etc/pki/filebeat.key') -%}
+    {% if salt['file.file_exists']('/opt/so/conf/filebeat/etc/pki/filebeat.key') -%}
    - prereq:
-      - x509: /etc/pki/filebeat.crt
+      - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt
    {%- endif %}

 # Request a cert and drop it where it needs to go to be distributed