Remove QWEN 235B model from defaults.yaml

Removed QWEN 235B model and its associated details from defaults.yaml.
Merge pull request #15472 from Security-Onion-Solutions/jertel/wip
2026-02-18 21:24:27 +01:00 · 2026-02-09 11:47:58 -05:00 · 2026-02-09 09:48:46 -05:00 · 2026-02-09 09:29:07 -05:00 · 2026-02-06 13:16:51 -06:00 · 2026-02-06 13:13:42 -06:00
3 changed files with 27 additions and 21 deletions
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -165,7 +165,7 @@ EOF
 }

 airgap_update_dockers() {
-  if [[ $is_airgap -eq 0 ]] || [[ ! -z "$ISOLOC" ]]; then
+  if [[ $is_airgap -eq 0 ]] || [[ $nonairgap_useiso -eq 0 ]]; then
    # Let's copy the tarball
    if [[ ! -f $AGDOCKER/registry.tar ]]; then
      echo "Unable to locate registry. Exiting"
@@ -200,13 +200,24 @@ update_registry() {
 check_airgap() {
  # See if this is an airgap install
  AIRGAP=$(cat /opt/so/saltstack/local/pillar/global/soc_global.sls | grep airgap: | awk '{print $2}' | tr '[:upper:]' '[:lower:]')
+  if [[ ! -z "$ISOLOC" ]]; then
+    # flag to use ISO for non-airgap installs, won't be used everywhere is_airgap -eq 0 is used. Used to speed up network soups by using local storage for large files.
+    nonairgap_useiso=0
+  else
+    nonairgap_useiso=1
+  fi
+
  if [[ "$AIRGAP" == "true" ]]; then
      is_airgap=0
+    else
+      is_airgap=1
+  fi
+
+  # use ISO if its airgap install OR ISOLOC was set with -f <path>
+  if [[ "$AIRGAP" == "true" ]] || [[ $nonairgap_useiso -eq 0 ]]; then
      UPDATE_DIR=/tmp/soagupdate/SecurityOnion
      AGDOCKER=/tmp/soagupdate/docker
      AGREPO=/tmp/soagupdate/minimal/Packages
-  else
-      is_airgap=1
  fi
 }

@@ -1385,7 +1396,7 @@ so-yaml.py removelistitem /etc/salt/master file_roots.base /opt/so/rules/nids
 }

 determine_elastic_agent_upgrade() {
-  if [[ $is_airgap -eq 0 ]]; then
+  if [[ $is_airgap -eq 0 ]] || [[ $nonairgap_useiso -eq 0 ]]; then
    update_elastic_agent_airgap
  else
    set +e
@@ -2003,15 +2014,10 @@ main() {
  MINION_ROLE=$(lookup_role)
  echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
  echo ""
-  if [[ $is_airgap -eq 0 ]]; then
-    # Let's mount the ISO since this is airgap
+  if [[ $is_airgap -eq 0 ]] || [[ $nonairgap_useiso -eq 0 ]]; then
+    # Let's mount the ISO since this is airgap or non-airgap with -f used
    airgap_mounted
  else
-    # if not airgap but -f was used
-    if [[ ! -z "$ISOLOC" ]]; then
-      airgap_mounted
-      AGDOCKER=/tmp/soagupdate/docker
-    fi
    echo "Cloning Security Onion github repo into $UPDATE_DIR."
    echo "Removing previous upgrade sources."
    rm -rf $UPDATE_DIR
@@ -2031,7 +2037,8 @@ main() {
  upgrade_check_salt
  set -e

-  if [[ $is_airgap -eq 0 ]]; then
+  if [[ $is_airgap -eq 0 ]] || [[ $nonairgap_useiso -eq 0 ]]; then
+    # non-airgap with -f used can do an initial ISO repo update and so-repo-sync cron job will sync any diff later via network
    update_airgap_repo
    dnf clean all
    check_os_updates
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1518,6 +1518,7 @@ soc:
          anonymousCidr:
          apiKey:
        staticrbac:
+          defaultRole: ""
          roleFiles:
            - rbac/permissions
            - rbac/roles
@@ -2662,18 +2663,11 @@ soc:
          thresholdColorRatioMax: 1
          availableModels:
            - id: sonnet-4.5
-              displayName: Claude Sonnet 4.5 ($$$)
+              displayName: Claude Sonnet 4.5 
              origin: USA
              contextLimitSmall: 200000
              contextLimitLarge: 1000000
              lowBalanceColorAlert: 500000
              enabled: true
              adapter: SOAI
-            - id: qwen-235b
-              displayName: QWEN 235B ($)
-              origin: China
-              contextLimitSmall: 256000
-              contextLimitLarge: 256000
-              lowBalanceColorAlert: 500000
-              enabled: true
-              adapter: SOAI
+            
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -455,6 +455,11 @@ soc:
            global: True
            advanced: True
            forcedType: int
+        staticrbac:
+          defaultRole:
+            description: "Default role for new users that have not been assigned a role. When a role is specified, an attempt will be made to permanently assign the role to the user once the user accesses SOC. The role name must match exactly the name of an existing RBAC role. Standard system roles include: limited-auditor, limited-analyst, auditor, analyst, superuser"
+            global: True
+            advanced: False
        strelkaengine:
          aiRepoUrl:
            description: URL to the AI repository. This is used to pull in AI models for use in Strelka rules.
Author	SHA1	Message	Date
Mike Reeves	0661c3af1a	Remove QWEN 235B model from defaults.yaml Removed QWEN 235B model and its associated details from defaults.yaml.	2026-02-09 11:47:58 -05:00
Jason Ertel	4778bd6680	Merge pull request #15472 from Security-Onion-Solutions/jertel/wip default roles	2026-02-09 09:48:46 -05:00
Jason Ertel	5033462098	default roles	2026-02-09 09:29:07 -05:00
Jorge Reyes	6b4b1d74fd	Merge pull request #15468 from Security-Onion-Solutions/reyesj2/iso-soup don't set is_airgap when using nonairgap_useiso: not a true airgap sy…	2026-02-06 13:16:51 -06:00
reyesj2	f0df6a171c	don't set is_airgap when using nonairgap_useiso: not a true airgap system so we should keep it separate	2026-02-06 13:13:42 -06:00
Jorge Reyes	dc4cd93c02	Merge pull request #15465 from Security-Onion-Solutions/reyesj2/iso-soup allow network installs to use ISO for faster soupin	2026-02-06 12:52:55 -06:00
reyesj2	19157aa76c	consistently use nonairgap_useiso var	2026-02-06 11:55:50 -06:00
reyesj2	1c092bf791	allow network installs to use ISO for faster soup	2026-02-06 11:53:49 -06:00