From 160ed46d964a93ffe9b6f82296c6e43aed12dfcd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 17 Feb 2023 14:59:07 -0500 Subject: [PATCH] podman and remove filebeat --- salt/podman/init.sls | 20 +++++++++++++++++++- salt/top.sls | 34 ---------------------------------- setup/so-setup | 2 +- 3 files changed, 20 insertions(+), 36 deletions(-) diff --git a/salt/podman/init.sls b/salt/podman/init.sls index 3bd77417c..eb6ab5503 100644 --- a/salt/podman/init.sls +++ b/salt/podman/init.sls @@ -1,3 +1,5 @@ +{% from 'docker/docker.map.jinja' import DOCKER %} + Podman pkg: pkg.installed: - name: podman @@ -7,15 +9,18 @@ Podman service: file.managed: - name: /usr/lib/systemd/system/podman.service - source: salt://podman/podman.service +#} Podman socket: +{# file.managed: - name: /usr/lib/systemd/system/podman.socket - source: salt://podman/podman.socket +#} service.running: - name: podman.socket - enable: true -#} + Docker socket: file.symlink: @@ -26,3 +31,16 @@ podman_docker_symlink: file.symlink: - name: /usr/bin/docker - target: /usr/local/bin/podman + +sos_docker_net: + docker_network.present: + - name: sobridge + - subnet: {{ DOCKER.sorange }} + - gateway: {{ DOCKER.sobip }} + - options: + com.docker.network.bridge.name: 'sobridge' + com.docker.network.driver.mtu: '1500' + com.docker.network.bridge.enable_ip_masquerade: 'true' + com.docker.network.bridge.enable_icc: 'true' + com.docker.network.bridge.host_binding_ipv4: '0.0.0.0' + - unless: 'docker network ls | grep sobridge' diff --git a/salt/top.sls b/salt/top.sls index f0b60deb5..272e6d8a9 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -8,7 +8,6 @@ {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %} {% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %} -{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', False) %} {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %} {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %} {% set REDIS = salt['pillar.get']('redis:enabled', True) %} @@ -62,9 +61,6 @@ base: {%- if STRELKA %} - strelka {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - schedule - docker_clean @@ -102,9 +98,6 @@ base: {%- if STRELKA %} - strelka {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - curator {%- if ELASTALERT %} - elastalert @@ -153,9 +146,6 @@ base: {%- if ELASTALERT %} - elastalert {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - utility - schedule - soctopus @@ -202,9 +192,6 @@ base: {%- if STRELKA %} - strelka {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - curator {%- if ELASTALERT %} - elastalert @@ -229,9 +216,6 @@ base: {%- if LOGSTASH %} - logstash {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - schedule - docker_clean @@ -270,9 +254,6 @@ base: {%- if ELASTALERT %} - elastalert {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - utility - schedule - soctopus @@ -296,9 +277,6 @@ base: - redis {%- endif %} - curator - {%- if FILEBEAT %} - - filebeat - {%- endif %} {%- if STRELKA %} - strelka {%- endif %} @@ -307,9 +285,6 @@ base: {%- if ZEEKVER != 'SURICATA' %} - zeek {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - schedule - docker_clean @@ -336,9 +311,6 @@ base: {%- if KIBANA %} - kibana.so_savedobjects_defaults {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - utility - suricata - zeek @@ -358,9 +330,6 @@ base: {%- if REDIS %} - redis {%- endif %} - {%- if FILEBEAT %} - - filebeat - {%- endif %} - schedule - docker_clean @@ -372,9 +341,6 @@ base: - firewall - schedule - docker_clean - {%- if FILEBEAT %} - - filebeat - {%- endif %} - idh 'J@workstation:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': diff --git a/setup/so-setup b/setup/so-setup index 9448a4011..f9243dfa5 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -579,7 +579,7 @@ if ! [[ -f $install_opt_file ]]; then logCmd "salt-call state.apply common.packages" logCmd "salt-call state.apply common" - logCmd "salt-call state.apply docker" + logCmd "salt-call state.apply podman" firewall_generate_templates set_initial_firewall_policy