Merge pull request #1962 from Security-Onion-Solutions/soup-verify-salt

Soup verify salt
2025-12-06 09:12:45 +01:00 · 2020-11-17 15:08:32 -05:00
parent 2184c3b8ee e162be2e1d
commit f8346cde08
2 changed files with 13 additions and 10 deletions
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -1,5 +1,6 @@
 {% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
 {% set SALTVERSION = saltminion.salt.minion.version %}
+{% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split('-')[0] %}
 {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}

 {% if grains.os|lower == 'ubuntu' %}
@@ -11,13 +12,13 @@
 {% if grains.saltversion|string != SALTVERSION|string %}
  {% if grains.os|lower in ['centos', 'redhat'] %}
    {% if ISAIRGAP is sameas true %}
-      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION %}
+      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %}
    {% else %}
-      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %}
+      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %}
    {% endif %}
  {% elif grains.os|lower == 'ubuntu' %}
-    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION  %}
+    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %}
  {% endif %}
 {% else %}
  {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %}
-{% endif %}
+{% endif %}
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -1,17 +1,19 @@
 {% from 'salt/map.jinja' import COMMON with context %}
 {% from 'salt/map.jinja' import UPGRADECOMMAND with context %}
+{% from 'salt/map.jinja' import SALTVERSION %}
+{% from 'salt/map.jinja' import INSTALLEDSALTVERSION %}

 include:
  - salt

 install_salt_minion:
  cmd.run:
-    - name: {{ UPGRADECOMMAND }} 
-
-#versionlock_salt_minion:
-#  module.run:
-#    - pkg.hold:
-#      - name: "salt-*"
+    - name: |
+        exec 0>&- # close stdin
+        exec 1>&- # close stdout
+        exec 2>&- # close stderr
+        nohup /bin/sh -c '{{ UPGRADECOMMAND }}' &
+    - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' != '{{SALTVERSION}}' ]]"

 salt_minion_package:
  pkg.installed: