mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-22 15:05:27 +01:00
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
This commit is contained in:
@@ -4,7 +4,8 @@
|
||||
Elastic License 2.0. #}
|
||||
|
||||
{% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
|
||||
{% set SALTVERSION = saltminion.salt.minion.version %}
|
||||
{% set SALTVERSION = saltminion.salt.minion.version | string %}
|
||||
{% set INSTALLEDSALTVERSION = grains.saltversion | string %}
|
||||
|
||||
{% if grains.os_family == 'Debian' %}
|
||||
{% set SPLITCHAR = '+' %}
|
||||
@@ -16,9 +17,7 @@
|
||||
{% set SYSTEMD_UNIT_FILE = '/usr/lib/systemd/system/salt-minion.service' %}
|
||||
{% endif %}
|
||||
|
||||
{% set INSTALLEDSALTVERSION = grains.saltversion %}
|
||||
|
||||
{% if grains.saltversion|string != SALTVERSION|string %}
|
||||
{% if INSTALLEDSALTVERSION != SALTVERSION %}
|
||||
{% if grains.os_family|lower == 'redhat' %}
|
||||
{% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F stable ' ~ SALTVERSION %}
|
||||
{% elif grains.os_family|lower == 'debian' %}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
|
||||
salt:
|
||||
master:
|
||||
version: 3006.9
|
||||
version: '3006.9'
|
||||
|
||||
26
salt/salt/master/mine_update_highstate.sls
Normal file
26
salt/salt/master/mine_update_highstate.sls
Normal file
@@ -0,0 +1,26 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
# This state should only be run on managers and should never be run manually
|
||||
|
||||
{% set MINION_ID = grains.id %}
|
||||
|
||||
# Run mine.update on all minions
|
||||
salt.master.mine_update_highstate.update_mine_all_minions:
|
||||
salt.function:
|
||||
- name: mine.update
|
||||
- tgt: '*'
|
||||
- batch: 50
|
||||
- retry:
|
||||
attempts: 3
|
||||
interval: 1
|
||||
|
||||
# Run highstate on the original minion
|
||||
# we can use concurrent on this highstate because no other highstate would be running when this is called
|
||||
salt.master.mine_update_highstate.run_highstate_on_{{ MINION_ID }}:
|
||||
salt.state:
|
||||
- tgt: {{ MINION_ID }}
|
||||
- highstate: True
|
||||
- concurrent: True
|
||||
@@ -1,6 +1,5 @@
|
||||
# version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
|
||||
salt:
|
||||
minion:
|
||||
version: 3006.9
|
||||
version: '3006.9'
|
||||
check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default
|
||||
service_start_delay: 30 # in seconds.
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
{% from 'salt/map.jinja' import SALTPACKAGES %}
|
||||
{% from 'salt/map.jinja' import SYSTEMD_UNIT_FILE %}
|
||||
{% import_yaml 'salt/minion.defaults.yaml' as SALTMINION %}
|
||||
{% set service_start_delay = SALTMINION.salt.minion.service_start_delay %}
|
||||
|
||||
include:
|
||||
- salt.python_modules
|
||||
- salt.patch.x509_v2
|
||||
- salt
|
||||
- systemd.reload
|
||||
- repo.client
|
||||
@@ -91,8 +91,6 @@ salt_minion_service_unit_file:
|
||||
- name: {{ SYSTEMD_UNIT_FILE }}
|
||||
- source: salt://salt/service/salt-minion.service.jinja
|
||||
- template: jinja
|
||||
- defaults:
|
||||
service_start_delay: {{ service_start_delay }}
|
||||
- onchanges_in:
|
||||
- module: systemd_reload
|
||||
|
||||
|
||||
6
salt/salt/patch/x509_v2/init.sls
Normal file
6
salt/salt/patch/x509_v2/init.sls
Normal file
@@ -0,0 +1,6 @@
|
||||
patch_x509_v2_state_module:
|
||||
file.replace:
|
||||
- name: /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py
|
||||
- pattern: 'res = __salt__\["state.single"\]\("file.managed", name, test=test, \*\*kwargs\)'
|
||||
- repl: 'res = __salt__["state.single"]("file.managed", name, test=test, concurrent=True, **kwargs)'
|
||||
- backup: .bak
|
||||
File diff suppressed because it is too large
Load Diff
@@ -8,8 +8,9 @@ KillMode=process
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
LimitNOFILE=8192
|
||||
ExecStartPre=/bin/bash -c 'until /sbin/ip -4 addr show dev {{ salt["pillar.get"]("host:mainint") }} | grep -q "inet "; do sleep 1; done'
|
||||
ExecStart=/usr/bin/salt-minion
|
||||
ExecStartPre=/bin/sleep {{ salt['pillar.get']('salt:minion:service_start_delay', service_start_delay) }}
|
||||
TimeoutStartSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Reference in New Issue
Block a user