mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-24 19:28:15 +02:00
Mike Reeves
698a746d6d
Mirror the kernel repo to full parity with the main package repo so the grid can pull the Oracle UEK8 kernel: - setup/so-functions: securityonion_repo() emits a [securityonionkernel] section in every branch (mirrorlist on non-airgap, https://$MSRV/kernelrepo for airgap/minion, file:///nsm/kernelrepo/ for manager); repo_sync_local() and create_repo() sync and build /nsm/kernelrepo. - manager/init.sls: create /nsm/kernelrepo and deploy mirror-kernel.txt. - nginx/enabled.sls: serve /nsm/kernelrepo at https://<repo_host>/kernelrepo. - repo/client/oracle.sls: add so_kernel_repo, gated by onlyif test -e /opt/so/state/nic_names_pinned so the kernel repo is only assigned once NICs are pinned by MAC. - update_packages(): run so-nic-pin before the dnf update that pulls the kernel, freezing interface names and dropping the pin marker so the kernel isn't downgraded then re-upgraded on the first highstate.