Saltify it up

2025-12-06 09:12:45 +01:00 · 2023-03-23 10:43:47 -04:00
parent b3ea4194dd
commit f8d5acd37d
5 changed files with 56 additions and 5 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -8,10 +8,12 @@
 DEFAULT_SALT_DIR=/opt/so/saltstack/default
 DOC_BASE_URL="https://docs.securityonion.net/en/2.4"

-# Check for prerequisites
-if [ "$(id -u)" -ne 0 ]; then
-	echo "This script must be run using sudo!"
-	exit 1
+if [ ! -z $NOROOT ]; then
+	# Check for prerequisites
+	if [ "$(id -u)" -ne 0 ]; then
+		echo "This script must be run using sudo!"
+		exit 1
+	fi
 fi

 # Define a banner to separate sections
--- a/salt/common/tools/sbin/so-repo-sync
+++ b/salt/common/tools/sbin/so-repo-sync
@@ -4,7 +4,7 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
-
+NOROOT=1
 . /usr/sbin/so-common

 if [ ! -f /root/repodownload.conf ]; then
--- a/salt/manager/defaults.yaml
+++ b/salt/manager/defaults.yaml
@@ -0,0 +1,5 @@
+manager:
+  reposync:
+    enabled: True
+    hour: 3
+    minute: 0
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -7,6 +7,8 @@
 {% if sls in allowed_states %}
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% from 'strelka/map.jinja' import STRELKAMERGED %}
+{% import_yaml 'manager/defaults.yaml' as MANAGERDEFAULTS %}
+{% set MANAGERMERGED = salt['pillar.get']('manager', MANAGERDEFAULTS.manager, merge=true) %}

 include:
  - salt.minion
@@ -14,6 +16,35 @@ include:
  - manager.sync_es_users
  - manager.elasticsearch

+repo_log_dir:
+  file.directory:
+    - name: /opt/so/log/reposync
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
+repo_dir:
+  file.directory:
+    - name: /nsm/repo
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
+reposync_cron:
+  {% if MANAGERMERGED.reposync.enabled %}
+  cron.present:
+  {% else %}
+  cron.absent:
+  {% endif %}
+    - user: socore
+    - name: '/usr/sbin/so-repo-sync >> /opt/so/log/reposync/reposync.log 2>&1'
+    - hour: '{{ MANAGERMERGED.reposync.hour }}'
+    - minute: '{{ MANAGERMERGED.reposync.minute }}'
+
 socore_own_saltstack:
  file.directory:
    - name: /opt/so/saltstack
--- a/salt/manager/soc_manager.yaml
+++ b/salt/manager/soc_manager.yaml
@@ -1,4 +1,17 @@
 manager:
+  reposync:
+    enabled:
+      description: This is the daily task of syncing the Security Onion OS packages. It is recommended that you leave this enabled.
+      global: True
+      helpLink: manager.html
+    hour:
+      description: The hour of the day in which the repo sync takes place.
+      global: True
+      helpLink: manager.html 
+    minute:
+      description: The minute within the hour specified in hour to run the repo sync.
+      global: True
+      helpLink: manager.html
  elastalert:
    description: Enable elastalert 1=enabled 0=disabled.
    global: True