From fcfd3e3758d725a455b194eda81d25409e79f7db Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 17 Nov 2020 16:09:30 -0500
Subject: [PATCH] change location yum/apt verison locks
 https://github.com/Security-Onion-Solutions/securityonion/issues/1961

---
 salt/salt/map.jinja  | 6 +++---
 salt/salt/minion.sls | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja
index cf62f6db3..f238c3eae 100644
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -12,12 +12,12 @@
 {% if grains.saltversion|string != SALTVERSION|string %}
   {% if grains.os|lower in ['centos', 'redhat'] %}
     {% if ISAIRGAP is sameas true %}
-      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %}
+      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %}
     {% else %}
-      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %}
+      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %}
     {% endif %}
   {% elif grains.os|lower == 'ubuntu' %}
-    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %}
+    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %}
   {% endif %}
 {% else %}
   {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %}
diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls
index 841762d37..4a92c8d80 100644
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -21,6 +21,7 @@ salt_minion_package:
       - {{ COMMON }}
       - salt-minion
     - hold: True
+    - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' == '{{SALTVERSION}}' ]]"
 
 salt_minion_service:
   service.running: