diff --git a/salt/_runners/setup_hypervisor.py b/salt/_runners/setup_hypervisor.py index 0a2845813..c5588689f 100644 --- a/salt/_runners/setup_hypervisor.py +++ b/salt/_runners/setup_hypervisor.py @@ -370,18 +370,7 @@ def setup_environment(vm_name: str = 'sool9', disk_size: str = '220G', minion_id log.info("MAIN: No changes detected, using existing VM %s", vm_name) vm_result = { 'success': True, - 'vm_dir': f'/opt/so/saltstack/local/salt/libvirt/images/{vm_name}', - 'commands': [ - f"virsh pool-create-as --name {vm_name} --type dir --target /opt/so/saltstack/local/salt/libvirt/images/{vm_name}", - f"""virt-install --name {vm_name} \\ - --memory 4096 --vcpus 4 --cpu host \\ - --disk /opt/so/saltstack/local/salt/libvirt/images/{vm_name}/{vm_name}.qcow2,format=qcow2,bus=virtio \\ - --disk /opt/so/saltstack/local/salt/libvirt/images/{vm_name}/{vm_name}-cidata.iso,device=cdrom \\ - --network bridge=br0,model=virtio \\ - --os-variant=ol9.5 \\ - --import \\ - --noautoconsole""" - ] + 'vm_dir': f'/opt/so/saltstack/local/salt/libvirt/images/{vm_name}' } success = vm_result.get('success', False) @@ -614,23 +603,9 @@ runcmd: user_data_path, meta_data_path], check=True, capture_output=True) - # Generate commands for hypervisor - commands = [ - f"virsh pool-create-as --name {vm_name} --type dir --target {vm_dir}", - f"""virt-install --name {vm_name} \\ - --memory 4096 --vcpus 4 --cpu host \\ - --disk {vm_image},format=qcow2,bus=virtio \\ - --disk {cidata_iso},device=cdrom \\ - --network bridge=br0,model=virtio \\ - --os-variant=ol9.5 \\ - --import \\ - --noautoconsole""" - ] - return { 'success': True, - 'vm_dir': vm_dir, - 'commands': commands + 'vm_dir': vm_dir } except Exception as e: diff --git a/salt/libvirt/images/init.sls b/salt/libvirt/images/init.sls index 864a2e2eb..e36fd628c 100644 --- a/salt/libvirt/images/init.sls +++ b/salt/libvirt/images/init.sls @@ -1,6 +1,79 @@ -# the source location will be /opt/so/saltstack/local/salt/libvirt/images/sool9 -# this will need to change to save the images to /nsm -baseimagefiles: +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. +# +# Note: Per the Elastic License 2.0, the second limitation states: +# +# "You may not move, change, disable, or circumvent the license key functionality +# in the software, and you may not remove or obscure any functionality in the +# software that is protected by the license key." + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states or sls in allowed_states %} +{% if 'hvn' in salt['pillar.get']('features', []) %} + +include: + - libvirt.packages + +# Copy base image files +baseimagefiles_sool9: file.recurse: - - name: /var/lib/libvirt/images/sool9/ + - name: /nsm/libvirt/images/sool9/ - source: salt://libvirt/images/sool9/ + - makedirs: True + +# Define the storage pool +define_storage_pool_sool9: + virt.pool_defined: + - name: sool9 + - ptype: dir + - target: /nsm/libvirt/images/sool9 + - require: + - file: baseimagefiles_sool9 + - cmd: libvirt_python_module + +# Start the storage pool +start_storage_pool_sool9: + virt.pool_running: + - name: sool9 + - ptype: dir + - target: /nsm/libvirt/images/sool9 + - require: + - virt: define_storage_pool_sool9 + - cmd: libvirt_python_module + +# Create and start the VM using virt-install +create_vm_sool9: + cmd.run: + - name: | + virt-install --name sool9 \ + --memory 4096 --vcpus 4 --cpu host \ + --disk /nsm/libvirt/images/sool9/sool9.qcow2,format=qcow2,bus=virtio \ + --disk /nsm/libvirt/images/sool9/sool9-cidata.iso,device=cdrom \ + --network bridge=br0,model=virtio \ + --os-variant=ol9.5 \ + --import \ + --noautoconsole + - unless: virsh list --all | grep -q sool9 + - require: + - virt: start_storage_pool_sool9 + - pkg: install_virt-install + +{% else %} +{{sls}}_no_license_detected: + test.fail_without_changes: + - name: {{sls}}_no_license_detected + - comment: + - "Hypervisor nodes are a feature supported only for customers with a valid license. + Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com + for more information about purchasing a license to enable this feature." +{% endif %} + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/libvirt/init.sls b/salt/libvirt/init.sls index de67f2971..4321fdfb1 100644 --- a/salt/libvirt/init.sls +++ b/salt/libvirt/init.sls @@ -74,24 +74,21 @@ create_host_bridge: - forward: bridge - autostart: True -# set the default storage pool to point to the location we want -set_default_pool: - virt.pool_running: - - name: default - - ptype: dir - - target: /var/lib/libvirt/images/sool9 - - permissions: - - mode: 0711 - - owner: qemu - - group: qemu - - label: "system_u:object_r:virt_image_t:s0" # this doesnt seem to set the selinux context - - autostart: True +# Disable the default storage pool to avoid conflicts +disable_default_pool: + cmd.run: + - name: virsh pool-destroy default && virsh pool-autostart default --disable + - onlyif: virsh pool-list | grep default + - require: + - pkg: install_libvirt-client + - service: libvirt_service disable_default_bridge: cmd.run: - name: virsh net-destroy default && virsh net-autostart default --disable - require: - pkg: install_libvirt-client + - service: libvirt_service - onlyif: - virsh net-list | grep default