Merge pull request #12095 from Security-Onion-Solutions/startupstates

Change salt-minion startup_states
2025-12-06 09:12:45 +01:00 · 2024-01-02 09:18:21 -05:00
parent cffc3353bc 28fdf15304
commit f0b44ad56c
4 changed files with 8 additions and 11 deletions
--- a/salt/manager/sync_es_users.sls
+++ b/salt/manager/sync_es_users.sls
@@ -29,4 +29,4 @@ so-user_sync:
    - user: root
    - name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log'
    - identifier: so-user_sync
-    - onlyif: "grep 'startup_states: highstate' /etc/salt/minion"
+    - onlyif: "grep -x 'startup_states: highstate' /etc/salt/minion"
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -67,6 +67,11 @@ set_log_levels:
      - "log_level: info"
      - "log_level_logfile: info"

+enable_startup_states:
+  file.uncomment:
+    - name: /etc/salt/minion
+    - regex: '^startup_states: highstate$'
+
 # prior to 2.4.30 this managed file would restart the salt-minion service when updated
 # since this file is currently only adding a sleep timer on service start
 # it is not required to restart the service
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -531,7 +531,8 @@ configure_minion() {
 		"  x509_v2: true"\
 		"log_level: info"\
 		"log_level_logfile: info"\
-		"log_file: /opt/so/log/salt/minion" >> "$minion_config"
+		"log_file: /opt/so/log/salt/minion"\
+		"#startup_states: highstate" >> "$minion_config"

 	info "Running: salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar='{"host": {"mainint": "$MNIC"}}'"
 	salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar="{'host': {'mainint': $MNIC}}"
@@ -542,13 +543,6 @@ configure_minion() {
 	} >> "$setup_log" 2>&1
 }

-checkin_at_boot() {
-	local minion_config=/etc/salt/minion
-
-	info "Enabling checkin at boot" 
-	echo "startup_states: highstate" >> "$minion_config"
-}
-
 check_requirements() {
 	local req_mem
 	local req_cores
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -781,7 +781,6 @@ if ! [[ -f $install_opt_file ]]; then
 			title "Setting up Playbook"
 			logCmd "so-playbook-reset"
 		fi
-		checkin_at_boot
 		set_initial_firewall_access
 		logCmd "salt-call schedule.enable -linfo --local"
 		verify_setup
@@ -809,7 +808,6 @@ if ! [[ -f $install_opt_file ]]; then
 		configure_minion "$minion_type"
 		check_sos_appliance
 		drop_install_options
-		checkin_at_boot
 		logCmd "salt-call state.apply setup.highstate_cron --local --file-root=../salt/"
 		verify_setup
 	fi