add option to enable or disable to steno docker container - https://github.com/Security-Onion-Solutions/securityonion/issues/1601

salt/pcap/init.sls

@@ -23,7 +23,7 @@
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
 {% set BPF_COMPILED = "" %}
-{% from "pcap/map.jinja" import START with context %}
+{% from "pcap/map.jinja" import STENOOPTIONS with context %}
 
 # PCAP Section
 
@@ -135,9 +135,9 @@ sensoronilog:
     - makedirs: True
 
 so-steno:
-  docker_container.running:
+  docker_container.{{ STENOOPTIONS.status }}:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
-    - start: {{ START }}
+    - start: {{ STENOOPTIONS.start }}
     - network_mode: host
     - privileged: True
     - port_bindings:

salt/pcap/map.jinja

@@ -1,6 +1,15 @@
-# don't start the docker container if it is an import node
-{% if grains.id.split('_')|last == 'import' %}
-  {% set START = False %}
+{% set PCAPOPTIONS = {} %}
+{% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %}
+
+# don't start the docker container if it is an import node or disabled via pillar
+{% if grains.id.split('_')|last == 'import' || ENABLED is sameas false %}
+  {% set PCAPOPTIONS['start'] = False %}
 {% else %}
-  {% set START = True %}
+  {% set PCAPOPTIONS['start'] = True %}
+{% endif %}
+
+{% if ENABLED is sameas false %}
+  {% set PCAPOPTIONS['status'] = 'stopped' %}
+{% else %}
+  {% set PCAPOPTIONS['status'] = 'running' %}
 {% endif %}