Removed Threat Stack agent 1.x support

Also switched over the kitchen tests to use docker, not vagrant. It now supports running tests on every supported platform.

* Currently using a fork of the `install.sh` file because the `kitchen-salt` gem does not properly identify Amazon Linux 2 (`bootstrap_url`). The PR to fix it is saltstack/kitchen-salt#319, once this is accepted and released, the `bootstrap_url` setting can be removed from `.kitchen.yml`.
* Fixed a bug where the formula was having a hard time formatting the Threat Stack Amazon Linux package repository URLs.

Author: Michael Chmielewski

.kitchen.yml

@@ -1,9 +1,10 @@
 ---
 driver:
-  name: vagrant
+  name: docker
 
 provisioner:
   name: salt_solo
+  bootstrap_url: 'https://raw.githubusercontent.com/olhado/kitchen-salt/master/assets/install.sh'
   is_file_root: true
   # Use this section (and comment out the `threatstack.sls` definition in the `pillars` section)
   # to grab pillar data from the `pillar.example` file
@@ -34,13 +35,138 @@ provisioner:
         - threatstack
 
 platforms:
-  - name: centos-6
-  - name: centos-7.6
-  - name: debian-8.11
-  - name: debian-9.6
-  - name: ubuntu-14.04
+  - name: amazonlinux-1
+    image: amazonlinux:1
+    driver_config:
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - chkconfig auditd on
+  - name: amazonlinux-2
+    image: amazonlinux:2
+    driver_config:
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - systemctl enable auditd.service
+    image: centos:7
+  - name: centos-7
+    image: centos:7
+    driver_config:
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - systemctl enable auditd.service
+  - name: centos-8
+    image: centos:8
+    driver_config:
+      run_command: /sbin/init
+      privileged: true
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - yum install -y audit initscripts
+        - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
+        - systemctl enable auditd.service
+  - name: debian-8
+    image: debian:8
+    driver_config:
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+  - name: debian-9
+    image: debian:9
+    driver_config:
+      run_command: /bin/systemd
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+  - name: debian-10
+    image: debian:10
+    driver_config:
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
   - name: ubuntu-16.04
+    image: ubuntu:16.04
+    driver_config:
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
   - name: ubuntu-18.04
+    image: ubuntu:18.04
+    driver_config:
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+  - name: ubuntu-20.04
+    image: ubuntu:20.04
+    driver_config:
+      run_command: /sbin/init
+      cap_add:
+        - SYS_ADMIN
+      run_options:
+        env: container=docker
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup
+      provision_command:
+        - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+        - systemctl enable ssh.service
+  # - name: amazonlinux-2
 
 suites:
   - name: default

Gemfile

@@ -1,15 +1,13 @@
-source 'https://rubygems.org'
-
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :development, :unit_tests do
-  gem 'rake',                        :require => false
+  gem 'rake',           :require => false
 end
 group :system_tests do
   gem 'serverspec',      :require => false
   gem 'test-kitchen',    :require => false
   gem 'kitchen-salt',  :require => false
-  gem 'kitchen-vagrant', :require => false
+  gem 'kitchen-docker', :require => false
 end
 
 # vim:ft=ruby

README.md

@@ -2,7 +2,13 @@
 
 A formula for installing Threat Stack agent
 
-This formula supports installing agent 1.x and agent 2.x
+This formula supports installing agent 2.x
+
+>>>
+**No longer supports Threat Stack agent 1.x**
+
+For 1.x support, look at the 2.x versions of this formula.
+>>>
 
 ## Available states
 The following states are available:
@@ -16,13 +22,10 @@ The following states are available:
 * `ts_configure_agent:`     [optional] If the agent should be configured during run.  Set to False if installing agent into an AMI.
     * ex. True
 * `ts_agent_version:`       [optional] Version of agent to install.  By default if this setting is omitted, the latest version will be installed.  Set a version to maintain consistency in an environment.
-    * ex. "1.4.5.0ubuntu14.0"
-* `ts_agent_config_args:`   [optional] Optional arguments to be passed to `cloudsight config` or `tsagent config` (depends on version of agent).  Use this to enable optional features.
-    * agent 1.x ex. "--enable_foo=1"
+    * ex. "2.0.0.0ubuntu20.0"
     * agent 2.x ex. "--set enable_foo 1"
-* `ts_agent_extra_args:`    [optional] Optional arguments to be passed to `cloudsight setup` or `tsagent setup` (depends on version of agent).
-    * Please refer to the agent documentation or check the appropriate help output for `cloudsight setup`/`tsagent setup`.
-* `ts_agent_1x_platforms:`  [required] This list defines the linux distributions (and versions) that should use the 1.x agent. This should only be changed if you have reviewed this salt formula, and understand the ramifications.
+* `ts_agent_extra_args:`    [optional] Optional arguments to be passed to `tsagent setup`.
+    * Please refer to the agent documentation or check the appropriate help output for `tsagent setup`.
 
 ## Testing
 There is currently no spec testing as a saltstack rspec module does not exist.

pillar.example

@@ -1,6 +1,5 @@
 deploy_key: "xxxx-xxxx-your-secret-key-xxxx"
 ts_configure_agent: True
-ts_agent_version: 1.4.5.0ubuntu14.0
-ts_agent_config_args: '--enable_foo=1'
+ts_agent_version: 2.3.0*
+ts_agent_config_args: '--set log.level info'
 ts_agent_extra_args: ''
-ts_agent_1x_platforms: ['CentOS-6', 'RHEL-6', 'Ubuntu-trusty', 'Debian-wheezy']

threatstack/init.sls

@@ -3,7 +3,6 @@
 {% set os_family = grains['os_family'] %}
 {% set os_name = grains['os'] %}
 {% set agent2_pkg_url_base = 'https://pkg.threatstack.com/v2' %}
-{% set agent1_pkg_url_base = 'https://pkg.threatstack.com' %}
 {% set pkg_location = { 'pkg_url': '' } %}
 
 # For Debian-based distributions
@@ -18,20 +17,17 @@
 
 # Check if OS is not supported in 2.X, and assign the repository URL appropriately
 {% if pkg_url is not defined %}
-  {% if ([os_name, os_maj_ver.ver]|join('-')) in pillar['ts_agent_1x_platforms'] %}
-    {% set _ = pkg_location.update({ 'pkg_url': agent1_pkg_url_base}) %}
-  {% else %}
-    {% set _ = pkg_location.update({ 'pkg_url': agent2_pkg_url_base}) %}
-  {% endif %}
+  {% set _ = pkg_location.update({ 'pkg_url': agent2_pkg_url_base}) %}
 
   # Set the rest of the URL path
   #
   # CentOS and EL are fundamentally the same package, so pull from the same place
   {% if os_family=="Debian" %}
     {% set _ = pkg_location.update({ 'pkg_url': ([pkg_location.pkg_url, 'Ubuntu']|join('/')) }) %}
   {% elif os_name=="Amazon" %}
-    {% if pkg_location.pkg_url==agent1_pkg_url_base %}
-      {% set _ = pkg_location.update({ 'pkg_url': ([pkg_location.pkg_url, 'Amazon']|join('/')) }) %}
+    # First version of Amazon Linux 1 was '2011.09'
+    {% if os_maj_ver.ver > 2010 %}
+      {% set _ = pkg_location.update({ 'pkg_url': ([pkg_location.pkg_url, 'Amazon', '1']|join('/')) }) %}
     {% else %}
       {% set _ = pkg_location.update({ 'pkg_url': ([pkg_location.pkg_url, 'Amazon', os_maj_ver.ver]|join('/')) }) %}
     {% endif %}
@@ -79,7 +75,7 @@ threatstack-repo:
     - file: '/etc/apt/sources.list.d/threatstack.list'
 {% elif os_family=="RedHat" %}
   cmd.run:
-    - name: 'curl {{ gpgkey }} -O {{ gpgkey_file }}'
+    - name: 'curl {{ gpgkey }} -o {{ gpgkey_file }}'
     - creates: {{ gpgkey_file }}
   pkgrepo.managed:
     - name: threatstack
@@ -113,10 +109,7 @@ threatstack-agent:
   {% endif %}
 
 # Configure identity file by running script, needs to be done only once
-# Agent 2.x uses `tsagent` to setup and configure the agent process
-# Agent 1.x uses `cloudsight` to setup and configure the agent process
 {% if pillar['ts_configure_agent'] is not defined or pillar['ts_configure_agent'] == True %}
-  {% if pkg_location.pkg_url.startswith(agent2_pkg_url_base) %}
 tsagent-setup:
   cmd.run:
     - cwd: /
@@ -125,7 +118,7 @@ tsagent-setup:
     - require:
       - pkg: threatstack-agent
 
-    {% if pillar['ts_agent_config_args'] is defined %}
+  {% if pillar['ts_agent_config_args'] is defined %}
 /opt/threatstack/etc/.config_args:
   file.managed:
     - user: root
@@ -140,58 +133,17 @@ tsagent-config:
     - name: tsagent config {{ pillar['ts_agent_config_args'] }}
     - watch:
       - file: /opt/threatstack/etc/.config_args
-    {% endif %}
-
-  {% else %}
-cloudsight-setup:
-  cmd.run:
-    - cwd: /
-    - name: cloudsight setup --deploy-key={{ pillar['deploy_key'] }} {{ agent_extra_args }}
-    - unless: test -f /opt/threatstack/cloudsight/config/.audit
-    - require:
-      - pkg: threatstack-agent
-
-    {% if pillar['ts_agent_config_args'] is defined %}
-/opt/threatstack/cloudsight/config/.config_args:
-  file.managed:
-    - user: root
-    - group: root
-    - mode: '0644'
-    - contents:
-      - {{ pillar['ts_agent_config_args'] }}
-
-cloudsight-config:
-  cmd.wait:
-    - cwd: /
-    - name: cloudsight config {{ pillar['ts_agent_config_args'] }}
-    - watch:
-      - file: /opt/threatstack/cloudsight/config/.config_args
-    {% endif %}
-
   {% endif %}
 {% endif %}
 
 # NOTE: We do not signal the cloudsight service to restart via the package
 # resource because the workflow differs between fresh installation and
 # upgrades.  The package scripts will handle this.
-# Agent 1.x is defined as the `cloudsight` service
-# Agent 2.x is defined as the `threatstack` service
-{% if pkg_location.pkg_url.startswith(agent2_pkg_url_base) %}
 threatstack:
   service.running:
     - enable: True
     - restart: True
-  {% if pillar['ts_agent_config_args'] is defined %}
+{% if pillar['ts_agent_config_args'] is defined %}
     - watch:
       - cmd: tsagent-config
-  {% endif %}
-{% else %}
-cloudsight:
-  service.running:
-    - enable: True
-    - restart: True
-  {% if pillar['ts_agent_config_args'] is defined %}
-    - watch:
-      - cmd: cloudsight-config
-  {% endif %}
 {% endif %}