Raid Setup for Appliances

2025-12-07 17:52:46 +01:00 · 2021-01-29 16:03:18 -05:00
parent aa93e2b48f
commit 18f2c7b482
6 changed files with 146 additions and 7 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -267,6 +267,19 @@ dockerreserveports:
    - source: salt://common/files/99-reserved-ports.conf
    - name: /etc/sysctl.d/99-reserved-ports.conf

+{% if salt['grains.get']('sosmodel', '') %}
+# Install raid check cron
+/usr/sbin/so-raid-status > /dev/null 2>&1:
+  cron.present:
+    - user: root
+    - minute: '*/15'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
+{% endif %}
+
 {% else %}

 {{sls}}_state_not_allowed:
--- a/salt/common/tools/sbin/so-raid-status
+++ b/salt/common/tools/sbin/so-raid-status
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+#check_boss_raid() {
+#    BOSSBIN=/opt/boss/mvcli
+#    BOSSRC=$($BOSSBIN info -o vd | grep functional)
+#
+#    if [[ $BOSSRC ]]; then
+#        # Raid is good
+#        BOSSRAID=0
+#    else
+#        BOSSRAID=1
+#    fi
+#}
+
+check_lsi_raid() {
+    # For use for LSI on Ubuntu
+    #MEGA=/opt/MegaRAID/MegeCli/MegaCli64
+    #LSIRC=$($MEGA -LDInfo -Lall -aALL | grep Optimal)
+    # Open Source Centos
+    MEGA=/opt/mega/megasasctl
+    LSIRC=$($MEGA | grep optimal)
+
+    if [[ $LSIRC ]]; then
+        # Raid is good
+        LSIRAID=0
+    else
+        LSIRAID=1
+    fi
+
+}
+
+check_software_raid() {
+    SWRC=$(grep "_" /proc/mdstat)
+
+    if [[ $SWRC ]]; then
+        # RAID is failed in some way
+        SWRAID=1
+    else
+        SWRAID=0
+    fi
+}
+
+# This script checks raid status if you use SO appliances
+
+# See if this is an appliance
+
+{%- if salt['grains.get']('sosmodel', '') %}
+mkdir -p /opt/so/log/raid
+  {%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %}
+#check_boss_raid
+check_software_raid
+echo "osraid=$BOSSRAID nsmraid=$SWRAID" > /opt/so/log/raid/status.log
+  {%- elif grains['sosmodel'] in ['SOS1000F', 'SOS1000', 'SOSSN7200', 'SOS10K', 'SOS4000'] %}
+#check_boss_raid
+check_lsi_raid
+echo "osraid=$BOSSRAID nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
+  {%- else %}
+exit 0
+  {%- endif %}
+{%- else %}
+exit 0
+{%- endif %}
+
+
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -1,12 +1,20 @@
 #!/bin/bash
-# Copyright 2020 Security Onion Solutions. All rights reserved.
-#
-# This program is distributed under the terms of version 2 of the
-# GNU General Public License.  See LICENSE for further details.
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
 #
 #    This program is distributed in the hope that it will be useful,
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+

 source $(dirname $0)/so-common

--- a/salt/zk/etc/zoo.cfg
+++ b/salt/zk/etc/zoo.cfg
@@ -0,0 +1,35 @@
+# The number of milliseconds of each tick
+tickTime=2000
+# The number of ticks that the initial 
+# synchronization phase can take
+initLimit=10
+# The number of ticks that can pass between 
+# sending a request and getting an acknowledgement
+syncLimit=5
+# the directory where the snapshot is stored.
+# do not use /tmp for storage, /tmp here is just 
+# example sakes.
+dataDir=/nsm/zk
+# the port at which the clients will connect
+clientPort=2181
+# the maximum number of client connections.
+# increase this if you need to handle more clients
+#maxClientCnxns=60
+#
+# Be sure to read the maintenance section of the 
+# administrator guide before turning on autopurge.
+#
+# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
+#
+# The number of snapshots to retain in dataDir
+#autopurge.snapRetainCount=3
+# Purge task interval in hours
+# Set to "0" to disable auto purge feature
+#autopurge.purgeInterval=1
+
+## Metrics Providers
+#
+# https://prometheus.io Metrics Exporter
+#metricsProvider.className=org.apache.zookeeper.metrics.prometheus.PrometheusMetricsProvider
+#metricsProvider.httpPort=7000
+#metricsProvider.exportJvmInfo=true
--- a/salt/zk/init.sls
+++ b/salt/zk/init.sls
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1786,6 +1786,8 @@ reserve_group_ids() {
 	groupadd -g 941 stenographer
 	groupadd -g 945 ossec
 	groupadd -g 946 cyberchef
+	groupadd -g 947 zookeeper
+	groupadd -g 948 kafka
 }

 reinstall_init() {