From b3be999aea09c8ee3fe92d0ad65df36cef3a2ce3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 19 Dec 2023 09:00:32 -0500 Subject: [PATCH 1/4] dont enable startup_states during setup. use salt to add it --- salt/manager/sync_es_users.sls | 2 +- salt/salt/minion.sls | 5 +++++ setup/so-functions | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/salt/manager/sync_es_users.sls b/salt/manager/sync_es_users.sls index 79ab14669..03645c699 100644 --- a/salt/manager/sync_es_users.sls +++ b/salt/manager/sync_es_users.sls @@ -29,4 +29,4 @@ so-user_sync: - user: root - name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log' - identifier: so-user_sync - - onlyif: "grep 'startup_states: highstate' /etc/salt/minion" + - onlyif: "grep -x 'startup_states: highstate' /etc/salt/minion" diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index e0c422e7f..83de89164 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -67,6 +67,11 @@ set_log_levels: - "log_level: info" - "log_level_logfile: info" +enable_startup_states: + file.uncomment: + - name: /etc/salt/minion + - regex: '^startup_states: highstate$' + # prior to 2.4.30 this managed file would restart the salt-minion service when updated # since this file is currently only adding a sleep timer on service start # it is not required to restart the service diff --git a/setup/so-functions b/setup/so-functions index e1faa275e..ddc092166 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -545,8 +545,8 @@ configure_minion() { checkin_at_boot() { local minion_config=/etc/salt/minion - info "Enabling checkin at boot" - echo "startup_states: highstate" >> "$minion_config" + # we add this commented so that we can use salt later to uncomment it + echo "#startup_states: highstate" >> "$minion_config" } check_requirements() { From 090f3a3e0211241b23ddc44be39a5bd7262974e5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 19 Dec 2023 12:08:17 -0500 Subject: [PATCH 2/4] only run if in file --- salt/salt/minion.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 83de89164..252ab9bec 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -67,10 +67,14 @@ set_log_levels: - "log_level: info" - "log_level_logfile: info" +# we use the only if here because there is a point in setup where thise state runs +# but this state isn'r present on a manager type node enable_startup_states: file.uncomment: - name: /etc/salt/minion - regex: '^startup_states: highstate$' + - onlyif: + - cmd: "grep 'startup_states: highstate' /etc/salt/minion" # prior to 2.4.30 this managed file would restart the salt-minion service when updated # since this file is currently only adding a sleep timer on service start From 7b9ac7ae6d4c1a2c74e98a8d164c34d508721e54 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 19 Dec 2023 14:05:19 -0500 Subject: [PATCH 3/4] remove checkin_at_boot function --- salt/salt/minion.sls | 2 -- setup/so-functions | 10 ++-------- setup/so-setup | 2 -- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 252ab9bec..10e6dc24a 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -73,8 +73,6 @@ enable_startup_states: file.uncomment: - name: /etc/salt/minion - regex: '^startup_states: highstate$' - - onlyif: - - cmd: "grep 'startup_states: highstate' /etc/salt/minion" # prior to 2.4.30 this managed file would restart the salt-minion service when updated # since this file is currently only adding a sleep timer on service start diff --git a/setup/so-functions b/setup/so-functions index ddc092166..8482b2e71 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -531,7 +531,8 @@ configure_minion() { " x509_v2: true"\ "log_level: info"\ "log_level_logfile: info"\ - "log_file: /opt/so/log/salt/minion" >> "$minion_config" + "log_file: /opt/so/log/salt/minion"\ + "#startup_states: highstate" >> "$minion_config" info "Running: salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar='{"host": {"mainint": "$MNIC"}}'" salt-call state.apply salt.mine_functions --local --file-root=../salt/ -l info pillar="{'host': {'mainint': $MNIC}}" @@ -542,13 +543,6 @@ configure_minion() { } >> "$setup_log" 2>&1 } -checkin_at_boot() { - local minion_config=/etc/salt/minion - - # we add this commented so that we can use salt later to uncomment it - echo "#startup_states: highstate" >> "$minion_config" -} - check_requirements() { local req_mem local req_cores diff --git a/setup/so-setup b/setup/so-setup index a4e67535b..9d210f00c 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -781,7 +781,6 @@ if ! [[ -f $install_opt_file ]]; then title "Setting up Playbook" logCmd "so-playbook-reset" fi - checkin_at_boot set_initial_firewall_access logCmd "salt-call schedule.enable -linfo --local" verify_setup @@ -809,7 +808,6 @@ if ! [[ -f $install_opt_file ]]; then configure_minion "$minion_type" check_sos_appliance drop_install_options - checkin_at_boot logCmd "salt-call state.apply setup.highstate_cron --local --file-root=../salt/" verify_setup fi From 28fdf15304b1ad0a6f6da1631d6c0019b08ebbd5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 19 Dec 2023 16:37:32 -0500 Subject: [PATCH 4/4] remove comment --- salt/salt/minion.sls | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 10e6dc24a..83de89164 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -67,8 +67,6 @@ set_log_levels: - "log_level: info" - "log_level_logfile: info" -# we use the only if here because there is a point in setup where thise state runs -# but this state isn'r present on a manager type node enable_startup_states: file.uncomment: - name: /etc/salt/minion