add /opt/so/rules/ to files_roots

files/salt/master/master

@@ -41,6 +41,7 @@ file_roots:
   base:
     - /opt/so/saltstack/local/salt
     - /opt/so/saltstack/default/salt
+    - /opt/so/rules
 
 
 # The master_roots setting configures a master-only copy of the file_roots dictionary,

salt/manager/tools/sbin/soup

@@ -594,6 +594,16 @@ up_to_2.4.50() {
   touch /opt/so/saltstack/local/pillar/stig/adv_stig.sls
   touch /opt/so/saltstack/local/pillar/stig/soc_stig.sls
 
+  # the file_roots need to be update due to salt 3006.6 upgrade not allowing symlinks outside the file_roots
+  # put new so-yaml in place
+  echo "Updating so-yaml"
+  \cp -v "$UPDATE_DIR/salt/manager/tools/sbin/so-yaml.py" "$DEFAULT_SALT_DIR/salt/manager/tools/sbin/"
+  \cp -v "$UPDATE_DIR/salt/manager/tools/sbin/so-yaml.py" /usr/sbin/
+  echo "Creating a backup of the salt-master config."
+  cp -v /etc/salt/master "/etc/salt/master.so-$INSTALLEDVERSION"
+  echo "Adding /opt/so/rules to file_roots using so-yaml"
+  so-yaml.py append /etc/salt/master file_roots.base /opt/so/rules
+
   INSTALLEDVERSION=2.4.50
 }
 

salt/suricata/config.sls

@@ -84,10 +84,12 @@ suridatadir:
     - mode: 770
     - makedirs: True
 
+# salt:// would resolve to /opt/so/rules because of the defined file_roots and
+# nids not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
 surirulesync:
   file.recurse:
     - name: /opt/so/conf/suricata/rules/
-    - source: salt://suricata/rules/
+    - source: salt://nids/
     - user: 940
     - group: 940
     - show_changes: False