add logrotate for virtual_node_manager and so-salt-cloud

DOWNLOAD_AND_VERIFY_ISO.md

@@ -1,17 +1,17 @@
-### 3.1.0-20260528 ISO image released on 2026/05/28
+### 3.0.0-20260331 ISO image released on 2026/03/31
 
 
 ### Download and Verify
 
-3.1.0-20260528 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-3.1.0-20260528.iso
+3.0.0-20260331 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-3.0.0-20260331.iso
  
-MD5: 9D6FF58DEEE24089D722C73169765B3E  
-SHA1: 2B8B816B6CEC3B7F96B3C5E040EBF502DD2C412F  
-SHA256: 62FAB57E247C843D6A04F0796D8162C732B65D82FC3E4A59D087135B9FD32912  
+MD5: ECD318A1662A6FDE0EF213F5A9BD4B07  
+SHA1: E55BE314440CCF3392DC0B06BC5E270B43176D9C  
+SHA256: 7FC47405E335CBE5C2B6C51FE7AC60248F35CBE504907B8B5A33822B23F8F4D5  
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.1.0-20260528.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.0.0-20260331.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/3/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/3/
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.1.0-20260528.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.0.0-20260331.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-3.1.0-20260528.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-3.0.0-20260331.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-3.1.0-20260528.iso.sig securityonion-3.1.0-20260528.iso
+gpg --verify securityonion-3.0.0-20260331.iso.sig securityonion-3.0.0-20260331.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 27 May 2026 03:03:59 PM EDT using RSA key ID FE507013
+gpg: Signature made Mon 30 Mar 2026 06:22:14 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

HOTFIX

@@ -1 +0,0 @@
-20260528

salt/common/packages.sls

@@ -26,33 +26,14 @@ commonpkgs:
       - net-tools
       - nmap-ncat
       - procps-ng
-{# OL10 test path: python3-docker / python3-m2crypto are not packaged in EPEL 10 and are not
-   referenced by SO code (salt uses its bundled docker module from salt/python_modules.sls).
-   python3-rich is also unavailable on EL10 (its pygments dep is not packaged), so it is
-   installed via pip below. Gate on the grain because GLOBALS/pillars are not available this
-   early (see header note). #}
-{% if grains['osmajorrelease']|int < 10 %}
       - python3-docker
       - python3-m2crypto
-      - python3-rich
-{% else %}
-      - python3-pip
-{% endif %}
       - python3-packaging
       - python3-pyyaml
+      - python3-rich
       - rsync
       - sqlite
       - tcpdump
       - unzip
       - wget
       - yum-utils
-
-{% if grains['osmajorrelease']|int >= 10 %}
-# OL10 test path: rich is not packaged for EL10; install it into the system python3 for so-status.
-commonpkgs_pip_rich:
-  cmd.run:
-    - name: python3 -m pip install rich
-    - unless: python3 -c "import rich"
-    - require:
-      - pkg: commonpkgs
-{% endif %}

salt/common/tools/sbin/so-common

@@ -354,12 +354,7 @@ gpg_rpm_import() {
 	else
 		local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
 	fi
-	if [[ "$OSVER" == "10" ]]; then
-		# OL10 test path uses public repos; the public oracle-epel-release and docker repos provide their own keys
-		RPMKEYS=('RPM-GPG-KEY-oracle' 'SALT-PROJECT-GPG-PUBKEY-2023.pub')
-	else
-		RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
-	fi
+	RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
 	for RPMKEY in "${RPMKEYS[@]}"; do
 		rpm --import $RPMKEYSLOC/$RPMKEY
 		echo "Imported $RPMKEY"
@@ -631,9 +626,9 @@ salt_minion_count() {
 }
 
 set_os() {
-	if [ -f /etc/oracle-release ] && grep -qE "release (9|10)\b" /etc/oracle-release; then
+	if [ -f /etc/redhat-release ] && grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release && [ -f /etc/oracle-release ]; then
 		OS=oracle
-		OSVER=$(grep -oE "release [0-9]+" /etc/oracle-release | grep -oE "[0-9]+")
+		OSVER=9
 		is_oracle=true
 		is_rpm=true
 	fi

salt/common/tools/sbin/so-image-common

@@ -112,23 +112,8 @@ update_docker_containers() {
   # does not include so-elastic-fleet since that container uses so-elastic-agent image
   local IMAGES_USING_ES_VERSION=("so-elasticsearch")
 
-  rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1
-  mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1
-
-  # OL10 test path: GnuPG 2.4 enables the keybox daemon (keyboxd) by default, which deadlocks
-  # under the rapid sequential gpg --verify calls below ("waiting for lock ... keydb_search
-  # failed: Connection timed out ... No public key"). Editing the default homedir's common.conf
-  # is unreliable (gpg re-adds use-keyboxd when it re-initializes the homedir), so run all the
-  # image-signature gpg ops in a dedicated homedir whose pre-written common.conf leaves keyboxd
-  # off, forcing the classic keybox. Isolated from the system keyring and deterministic.
-  if [ "$OSVER" = "10" ]; then
-    export GNUPGHOME="$SIGNPATH/gnupg"
-    rm -rf "$GNUPGHOME" >> "$LOG_FILE" 2>&1
-    mkdir -p "$GNUPGHOME" >> "$LOG_FILE" 2>&1
-    chmod 700 "$GNUPGHOME"
-    echo "# keyboxd disabled for SO image signature verification on EL10" > "$GNUPGHOME/common.conf"
-    gpgconf --kill keyboxd gpg-agent >> "$LOG_FILE" 2>&1 || true
-  fi
+  rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 
+  mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 
 
   # Let's make sure we have the public key
   run_check_net_err \

salt/docker/init.sls

@@ -18,18 +18,10 @@ dockergroup:
 dockerheldpackages:
   pkg.installed:
     - pkgs:
-{% if GLOBALS.os_version|int >= 10 %}
-      # OL10 test path: install latest Docker CE from the public repo (no .el9 builds available)
-      - containerd.io
-      - docker-ce
-      - docker-ce-cli
-      - docker-ce-rootless-extras
-{% else %}
       - containerd.io: 2.2.1-1.el9
       - docker-ce: 3:29.2.1-1.el9
       - docker-ce-cli: 1:29.2.1-1.el9
       - docker-ce-rootless-extras: 29.2.1-1.el9
-{% endif %}
     - hold: True
     - update_holds: True
 

salt/elasticfleet/enabled.sls

@@ -26,9 +26,7 @@ include:
 wait_for_elasticsearch_elasticfleet:
   cmd.run:
     - name: so-elasticsearch-wait
-{% endif %}
 
-{% if GLOBALS.role == "so-fleet" %}
 # Sync Elastic Agent artifacts to Fleet Node
 elasticagent_syncartifacts:
   file.recurse:

salt/logrotate/defaults.yaml

@@ -210,6 +210,26 @@ logrotate:
       - extension .log
       - dateext
       - dateyesterday
+    /opt/so/log/salt/virtual_node_manager:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .log
+      - dateext
+      - dateyesterday
+    /opt/so/log/salt/so-salt-cloud:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .log
+      - dateext
+      - dateyesterday
     /nsm/idh/*_x_log:
       - daily
       - rotate 14

salt/logrotate/soc_logrotate.yaml

@@ -133,6 +133,20 @@ logrotate:
       multiline: True
       global: True
       forcedType: "[]string"
+    "/opt/so/log/salt/virtual_node_manager":
+      description: List of logrotate options for this file.
+      title: /opt/so/log/salt/virtual_node_manager
+      advanced: True
+      multiline: True
+      global: True
+      forcedType: "[]string"
+    "/opt/so/log/salt/so-salt-cloud":
+      description: List of logrotate options for this file.
+      title: /opt/so/log/salt/so-salt-cloud
+      advanced: True
+      multiline: True
+      global: True
+      forcedType: "[]string"
     "/nsm/idh/*_x_log":
       description: List of logrotate options for this file.
       title: /nsm/idh/*.log

salt/manager/tools/sbin/soup

@@ -533,23 +533,6 @@ elasticfleet_set_agent_logging_level_warn() {
     done <<< "$policies_to_update"
 }
 
-update_logstash_pipeline_name() {
-    local original_pipeline_name="$1"
-    local new_pipeline_name="$2"
-
-    echo "Checking for conflicting logstash defined_pipelines pillar value."
-    local LOGSTASH_FILE=/opt/so/saltstack/local/pillar/logstash/soc_logstash.sls
-    local MINIONDIR=/opt/so/saltstack/local/pillar/minions
-    for pillar_file in "$LOGSTASH_FILE" "$MINIONDIR"/*.sls; do
-        [[ -f "$pillar_file" ]] || continue
-        if grep -q "$original_pipeline_name$" "$pillar_file"; then
-            echo "Found conflicting defined_pipeline pillar value in $pillar_file. Updating to use the new logstash pipeline name."
-            sed -i "s#$original_pipeline_name\$#$new_pipeline_name#g" "$pillar_file"
-            chown socore:socore "$pillar_file"
-        fi
-    done
-}
-
 check_transform_health_and_reauthorize() {
     . /usr/sbin/so-elastic-fleet-common
 
@@ -693,10 +676,6 @@ rename_strelka_scan_lnk() {
   rm -f "$TMP_VALUE_FILE"
 }
 
-fix_logstash_0013_lumberjack_pipeline_name() {
-    update_logstash_pipeline_name "so/0013_input_lumberjack_fleet.conf" "so/0013_input_lumberjack_fleet.conf.jinja"
-}
-
 up_to_3.1.0() {
   ensure_postgres_local_pillar
   ensure_postgres_secret
@@ -705,7 +684,6 @@ up_to_3.1.0() {
   # Clear existing component template state file.
   rm -f /opt/so/state/esfleet_component_templates.json
   rename_strelka_scan_lnk
-  fix_logstash_0013_lumberjack_pipeline_name
 
   INSTALLEDVERSION=3.1.0
 }
@@ -993,9 +971,6 @@ verify_es_version_compatibility() {
     local is_active_intermediate_upgrade=1
     # supported upgrade paths for SO-ES versions
     declare -A es_upgrade_map=(
-        ["8.18.4"]="8.18.6 8.18.8 9.0.8"
-	    ["8.18.6"]="8.18.8 9.0.8"
-	    ["8.18.8"]="9.0.8"
         ["9.0.8"]="9.3.3"
     )
 
@@ -1019,171 +994,6 @@ verify_es_version_compatibility() {
         exit 160
     fi
 
-    compatible_es_versions="$target_es_version"
-    for current_version in "${!es_upgrade_map[@]}"; do
-        # shellcheck disable=SC2076
-        if [[ " ${es_upgrade_map[$current_version]} " =~ " $target_es_version " ]]; then
-            compatible_es_versions+=" $current_version"
-        fi
-    done
-
-    # Check if the given ES version can directly upgrade to the target ES version. Used to assist with catching lagging nodes during the upgrade process
-    es_version_can_upgrade_to_target() {
-        local current_version="$1"
-        # shellcheck disable=SC2076
-        if [[ -n "$current_version" && " $compatible_es_versions " =~ " $current_version " ]]; then
-            return 0
-        fi
-
-        return 1
-    }
-
-    # Gather Elasticsearch cluster version info and verify that each node in the cluster is running a version compatible with the target ES version.
-    verify_searchnodes_es_target_compatibility() {
-        local retries=20
-        local retry_count=0
-        local delay=180
-        local expected_es_nodes searchnode_minions attempt
-        local searchnode_discovery_success=false
-        SEARCHNODE_ES_VERSIONS=""
-
-        for attempt in {1..3}; do
-            if searchnode_minions=$(set -o pipefail; salt-key --out=json --list=accepted 2> /dev/null | jq -r '.minions[]? | select(endswith("searchnode"))'); then
-                searchnode_discovery_success=true
-                break
-            fi
-
-            echo "Failed to retrieve grid searchnodes via salt-key... Retrying in 30 seconds. Attempt $attempt of 3."
-            sleep 30
-        done
-
-        if [[ "$searchnode_discovery_success" != "true" ]]; then
-            echo "Failed to retrieve grid searchnodes via salt-key."
-            return 1
-        fi
-
-        # Always add node running soup to expected es nodes
-        expected_es_nodes="${MINIONID%_*}"
-        while IFS= read -r searchnode_minion; do
-            [[ -z "$searchnode_minion" ]] && continue
-            expected_es_nodes+=$'\n'"${searchnode_minion%_searchnode}"
-        done <<< "$searchnode_minions"
-
-        while [[ $retry_count -lt $retries ]]; do
-            SEARCHNODE_ES_VERSIONS=$(so-elasticsearch-query _nodes/_all/version --retry 5 --retry-delay 10 --fail 2>&1)
-            local exit_status=$?
-
-            if [[ $exit_status -ne 0 ]]; then
-                echo "Failed to retrieve Elasticsearch versions from searchnodes... Retrying in $delay seconds. Attempt $((retry_count + 1)) of $retries."
-                ((retry_count++))
-                sleep $delay
-                continue
-            fi
-
-            local all_searchnodes_compatible=true
-            while IFS=$'\t' read -r node current_version; do
-                [[ -z "$node" ]] && continue
-                if ! es_version_can_upgrade_to_target "$current_version"; then
-                    echo "Searchnode $node is running Elasticsearch $current_version, which is not directly upgradable to Elasticsearch $target_es_version."
-                    all_searchnodes_compatible=false
-                fi
-            done < <(echo "$SEARCHNODE_ES_VERSIONS" | jq -r '.nodes | to_entries[] | [.value.name, .value.version] | @tsv')
-
-            while IFS= read -r expected_es_node; do
-                [[ -z "$expected_es_node" ]] && continue
-                if ! echo "$SEARCHNODE_ES_VERSIONS" | jq -e --arg node "$expected_es_node" '.nodes | to_entries | any(.value.name == $node)' > /dev/null; then
-                    echo "Searchnode $expected_es_node did not report an Elasticsearch version. It may be offline or still upgrading."
-                    all_searchnodes_compatible=false
-                fi
-            done <<< "$expected_es_nodes"
-
-            if [[ "$all_searchnodes_compatible" == true ]]; then
-                echo "All Searchnodes are upgradable to Elasticsearch $target_es_version."
-                return 0
-            fi
-
-            echo "One or more Searchnodes cannot upgrade directly to Elasticsearch $target_es_version. Rechecking in $delay seconds. Attempt $((retry_count + 1)) of $retries."
-            ((retry_count++))
-            sleep $delay
-        done
-
-        return 1
-    }
-
-    # Gather heavynode version info and verify that each node is running a version compatible with the target ES version.
-    verify_heavynodes_es_target_compatibility() {
-        local heavynode_minions attempt
-        local retries=20
-        local retry_count=0
-        local delay=180
-        local heavynode_discovery_success=false
-        HEAVYNODE_ES_VERSIONS=""
-
-        for attempt in {1..3}; do
-            if heavynode_minions=$(set -o pipefail; salt-key --out=json --list=accepted 2> /dev/null | jq -r '.minions[]? | select(endswith("heavynode"))'); then
-                heavynode_discovery_success=true
-                break
-            fi
-
-            echo "Failed to retrieve grid heavynodes via salt-key... Retrying in 30 seconds. Attempt $attempt of 3."
-            sleep 30
-        done
-
-        if [[ "$heavynode_discovery_success" != "true" ]]; then
-            echo "Failed to retrieve grid heavynodes via salt-key."
-            return 1
-        fi
-
-        if [[ -z "$heavynode_minions" ]]; then
-            echo "No heavynodes detected. Skipping heavynode Elasticsearch version compatibility check."
-            return 0
-        fi
-
-        while [[ $retry_count -lt $retries ]]; do
-            HEAVYNODE_ES_VERSIONS=$(salt -C 'G@role:so-heavynode' cmd.run 'set -o pipefail; so-elasticsearch-query / --retry 5 --retry-delay 10 | jq -er ".version.number"' shell=/bin/bash --out=json 2> /dev/null)
-            local exit_status=$?
-
-            if [[ $exit_status -ne 0 ]]; then
-                echo "Failed to retrieve Elasticsearch version from one or more heavynodes... Retrying in $delay seconds. Attempt $((retry_count + 1)) of $retries."
-                ((retry_count++))
-                sleep $delay
-                continue
-            fi
-
-            local all_heavynodes_compatible=true
-            while IFS=$'\t' read -r node current_version; do
-                [[ -z "$node" ]] && continue
-                if ! es_version_can_upgrade_to_target "$current_version"; then
-                    echo "Heavynode $node is running Elasticsearch $current_version, which is not directly upgradable to Elasticsearch $target_es_version."
-                    all_heavynodes_compatible=false
-                fi
-            done < <(echo "$HEAVYNODE_ES_VERSIONS" | jq -r 'to_entries[] | [.key, .value] | @tsv')
-
-            while IFS= read -r heavynode_minion; do
-                [[ -z "$heavynode_minion" ]] && continue
-                if ! echo "$HEAVYNODE_ES_VERSIONS" | jq -se --arg minion "$heavynode_minion" 'add | has($minion)' > /dev/null; then
-                    echo "Heavynode $heavynode_minion did not report an Elasticsearch version. It may be offline or still upgrading."
-                    all_heavynodes_compatible=false
-                fi
-            done <<< "$heavynode_minions"
-
-            if [[ "$all_heavynodes_compatible" == true ]]; then
-                echo -e "\nAll heavynodes can upgrade to Elasticsearch $target_es_version."
-                return 0
-            fi
-
-            echo "One or more heavynodes cannot upgrade directly to Elasticsearch $target_es_version. Rechecking in $delay seconds. Attempt $((retry_count + 1)) of $retries."
-            ((retry_count++))
-            sleep $delay
-        done
-
-        return 1
-    }
-
-    if [[ ! -f "$es_verification_script" ]]; then
-        create_intermediate_upgrade_verification_script "$es_verification_script"
-    fi
-
     for statefile in "${es_required_version_statefile_base}"-*; do
         [[ -f $statefile ]] || continue
 
@@ -1202,6 +1012,10 @@ verify_es_version_compatibility() {
             continue
         fi
 
+        if [[ ! -f "$es_verification_script" ]]; then
+            create_intermediate_upgrade_verification_script "$es_verification_script"
+        fi
+
         echo -e "\n##############################################################################################################################\n"
         echo "A previously required intermediate Elasticsearch upgrade was detected. Verifying that all Searchnodes/Heavynodes have successfully upgraded Elasticsearch to $es_required_version_statefile_value before proceeding with soup to avoid potential data loss! This command can take up to an hour to complete."
         if ! timeout --foreground 4000 bash "$es_verification_script" "$es_required_version_statefile_value" "$statefile"; then
@@ -1223,26 +1037,6 @@ verify_es_version_compatibility() {
 
     # shellcheck disable=SC2076 # Do not want a regex here eg usage " 8.18.8 9.0.8 " =~ " 9.0.8 "
     if [[ " ${es_upgrade_map[$es_version]} " =~ " $target_es_version " || "$es_version" == "$target_es_version" ]]; then
-        if ! verify_searchnodes_es_target_compatibility || ! verify_heavynodes_es_target_compatibility; then
-            echo -e "\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"
-
-            echo "One or more Searchnode(s)/Heavynode(s) cannot upgrade directly to Elasticsearch $target_es_version. This can happen with soups that include Elasticsearch upgrades being run in quick succession. Typically, this will resolve itself as the grid synchronizes. Please allow time for all Searchnodes/Heavynodes to have upgraded Elasticsearch to a compatible version with $target_es_version before running soup again to avoid potential data loss!"
-
-            if [[ -n "$HEAVYNODE_ES_VERSIONS" ]]; then
-                echo "Current heavynode Elasticsearch versions:"
-                echo "$HEAVYNODE_ES_VERSIONS" | jq '.'
-            fi
-
-            if [[ -n "$SEARCHNODE_ES_VERSIONS" ]]; then
-                echo "Current searchnode Elasticsearch versions:"
-                echo "$SEARCHNODE_ES_VERSIONS" | jq '.nodes | to_entries | map({(.value.name): .value.version}) | sort | add'
-            fi
-
-            echo -e "\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"
-
-            exit 161
-        fi
-
         # supported upgrade
         return 0
     else
@@ -1528,13 +1322,7 @@ EOF
 
 # Keeping this block in case we need to do a hotfix that requires salt update
 apply_hotfix() {
-    if [[ "$INSTALLEDVERSION" == "3.1.0" ]] ; then
-       # Do not remove this fix_logstash_0013_lumberjack_pipeline_name in future hotfixes without first validating older
-       #  installs referencing "so/0013_input_lumberjack_fleet.conf" via pillar are upgradable
-       fix_logstash_0013_lumberjack_pipeline_name
-    else
-        echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
-    fi
+   echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
 }
 
 failed_soup_restore_items() {
@@ -1606,7 +1394,7 @@ main() {
   echo "Verifying we have the latest soup script."
   verify_latest_update_script
 
-  echo "Verifying Elasticsearch version compatibility across the grid before upgrading."
+  echo "Verifying Elasticsearch version compatibility before upgrading."
   verify_es_version_compatibility
 
   echo "Let's see if we need to update Security Onion."

salt/repo/client/init.sls

@@ -1,6 +1,5 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
-{# OL10 test path uses public repos; skip the SO repo state (which removes public repos and points at /nsm/repo) #}
-{% if GLOBALS.os == 'OEL' and GLOBALS.os_version|int == 9 %}
+{% if GLOBALS.os == 'OEL' %}
 include:
   - repo.client.oracle
 {% endif %}

salt/vars/globals.map.jinja

@@ -31,7 +31,6 @@
     'so_model': INIT.GRAINS.get('sosmodel',''),
     'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,
     'os': INIT.GRAINS.os,
-    'os_version': INIT.GRAINS.osmajorrelease,
     'os_family': INIT.GRAINS.os_family,
     'application_urls': {},
     'manager_roles': [

setup/so-functions

@@ -903,14 +903,14 @@ detect_cloud() {
 
 detect_os() {
 	title "Detecting Base OS"
-	if [ -f /etc/oracle-release ] && grep -qE "release (9|10)\b" /etc/oracle-release; then
+	if [ -f /etc/redhat-release ] && grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release && [ -f /etc/oracle-release ]; then
 		OS=oracle
-		OSVER=$(grep -oE "release [0-9]+" /etc/oracle-release | grep -oE "[0-9]+")
+		OSVER=9
 		is_oracle=true
 		is_rpm=true
 		is_supported=true
 	else
-		info "This OS is not supported. Security Onion requires Oracle Linux 9 or 10."
+		info "This OS is not supported. Security Onion requires Oracle Linux 9."
 		fail_setup
 	fi
 
@@ -1783,15 +1783,6 @@ ensure_pyyaml() {
 # - securityonion/salt/salt/minion.defaults.yaml
 
 securityonion_repo() {
-	if [[ "$OSVER" == "10" ]]; then
-		# TEST PATH: Oracle Linux 10 uses the public OL10 + EPEL + Docker CE repos.
-		# Keep the stock /etc/yum.repos.d/* in place, skip the SO mirror and local reposync.
-		gpg_rpm_import
-		logCmd "dnf -y install oracle-epel-release-el10"
-		logCmd "dnf -y config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo"
-		logCmd "dnf repolist"
-		return
-	fi
 	# Remove all the current repos
 	logCmd "dnf -v clean all"
 	logCmd "mkdir -vp /root/oldrepos"
@@ -1886,19 +1877,12 @@ saltify() {
 	info "Installing Salt $SALTVERSION"
 	chmod u+x ../salt/salt/scripts/bootstrap-salt.sh
 
-	# Normally Salt packages come from the SO mirror, so -r disables the bootstrap's own repo setup.
-	# On the OL10 test path there is no SO mirror, so let bootstrap configure the public Salt repo.
-	local saltrepoflag="-r"
-	if [[ "$OSVER" == "10" ]]; then
-		saltrepoflag=""
-	fi
-
 	if [[ $waitforstate ]]; then
 		# install all for a manager
-		retry 30 10 "bash ../salt/salt/scripts/bootstrap-salt.sh $saltrepoflag -M -X stable $SALTVERSION" || fail_setup
+		retry 30 10 "bash ../salt/salt/scripts/bootstrap-salt.sh -r -M -X stable $SALTVERSION" || fail_setup
 	else
 		# just a minion
-		retry 30 10 "bash ../salt/salt/scripts/bootstrap-salt.sh $saltrepoflag -X stable $SALTVERSION" || fail_setup
+		retry 30 10 "bash ../salt/salt/scripts/bootstrap-salt.sh -r -X stable $SALTVERSION" || fail_setup
 	fi
 
 	salt_install_module_deps