mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-29 05:38:19 +02:00
Mike Reeves
698a746d6d
Mirror the kernel repo to full parity with the main package repo so the grid can pull the Oracle UEK8 kernel: - setup/so-functions: securityonion_repo() emits a [securityonionkernel] section in every branch (mirrorlist on non-airgap, https://$MSRV/kernelrepo for airgap/minion, file:///nsm/kernelrepo/ for manager); repo_sync_local() and create_repo() sync and build /nsm/kernelrepo. - manager/init.sls: create /nsm/kernelrepo and deploy mirror-kernel.txt. - nginx/enabled.sls: serve /nsm/kernelrepo at https://<repo_host>/kernelrepo. - repo/client/oracle.sls: add so_kernel_repo, gated by onlyif test -e /opt/so/state/nic_names_pinned so the kernel repo is only assigned once NICs are pinned by MAC. - update_packages(): run so-nic-pin before the dnf update that pulls the kernel, freezing interface names and dropping the pin marker so the kernel isn't downgraded then re-upgraded on the first highstate.
19 lines
410 B
Plaintext
19 lines
410 B
Plaintext
[main]
|
|
gpgcheck=1
|
|
installonly_limit=3
|
|
clean_requirements_on_remove=True
|
|
best=True
|
|
skip_if_unavailable=False
|
|
cachedir=/opt/so/conf/reposync/cache
|
|
keepcache=0
|
|
[securityonionsync]
|
|
name=Security Onion Repo repo
|
|
mirrorlist=file:///opt/so/conf/reposync/mirror.txt
|
|
enabled=1
|
|
gpgcheck=1
|
|
[securityonionkernel]
|
|
name=Security Onion Repo repo
|
|
mirrorlist=file:///opt/so/conf/reposync/mirror-kernel.txt
|
|
enabled=1
|
|
gpgcheck=1
|