mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-27 21:45:28 +02:00
Wire postgres credentials into SOC module config
- Create vars/postgres.map.jinja for postgres auth globals - Add POSTGRES_GLOBALS to all manager-type role vars (manager, eval, standalone, managersearch, import) - Add postgres module config to soc/defaults.yaml - Inject so_postgres credentials from auth pillar into soc/defaults.map.jinja (conditional on auth pillar existing)
This commit is contained in:
Mike Reeves
@@ -24,6 +24,10 @@
|
|||||||
|
|
||||||
{% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %}
|
{% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %}
|
||||||
|
|
||||||
|
{% if GLOBALS.postgres is defined and GLOBALS.postgres.auth is defined %}
|
||||||
|
{% do SOCDEFAULTS.soc.config.server.modules.postgres.update({'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass}) %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}
|
{% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}
|
||||||
{% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %}
|
{% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %}
|
||||||
{% for tool in SOCDEFAULTS.soc.config.server.client.tools %}
|
{% for tool in SOCDEFAULTS.soc.config.server.client.tools %}
|
||||||
|
|||||||
@@ -1491,6 +1491,14 @@ soc:
|
|||||||
org: Security Onion
|
org: Security Onion
|
||||||
bucket: telegraf/so_short_term
|
bucket: telegraf/so_short_term
|
||||||
verifyCert: false
|
verifyCert: false
|
||||||
|
postgres:
|
||||||
|
hostUrl: so-postgres
|
||||||
|
port: 5432
|
||||||
|
username:
|
||||||
|
password:
|
||||||
|
dbname: securityonion
|
||||||
|
sslMode: require
|
||||||
|
assistantEnabled: true
|
||||||
playbook:
|
playbook:
|
||||||
autoUpdateEnabled: true
|
autoUpdateEnabled: true
|
||||||
playbookImportFrequencySeconds: 86400
|
playbookImportFrequencySeconds: 86400
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
||||||
|
{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %}
|
||||||
{% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %}
|
{% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %}
|
||||||
|
|
||||||
{% set ROLE_GLOBALS = {} %}
|
{% set ROLE_GLOBALS = {} %}
|
||||||
@@ -6,6 +7,7 @@
|
|||||||
{% set EVAL_GLOBALS =
|
{% set EVAL_GLOBALS =
|
||||||
[
|
[
|
||||||
ELASTICSEARCH_GLOBALS,
|
ELASTICSEARCH_GLOBALS,
|
||||||
|
POSTGRES_GLOBALS,
|
||||||
SENSOR_GLOBALS
|
SENSOR_GLOBALS
|
||||||
]
|
]
|
||||||
%}
|
%}
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
||||||
|
{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %}
|
||||||
{% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %}
|
{% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %}
|
||||||
|
|
||||||
{% set ROLE_GLOBALS = {} %}
|
{% set ROLE_GLOBALS = {} %}
|
||||||
@@ -6,6 +7,7 @@
|
|||||||
{% set IMPORT_GLOBALS =
|
{% set IMPORT_GLOBALS =
|
||||||
[
|
[
|
||||||
ELASTICSEARCH_GLOBALS,
|
ELASTICSEARCH_GLOBALS,
|
||||||
|
POSTGRES_GLOBALS,
|
||||||
SENSOR_GLOBALS
|
SENSOR_GLOBALS
|
||||||
]
|
]
|
||||||
%}
|
%}
|
||||||
|
|||||||
@@ -1,12 +1,14 @@
|
|||||||
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
||||||
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
|
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
|
||||||
|
{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %}
|
||||||
|
|
||||||
{% set ROLE_GLOBALS = {} %}
|
{% set ROLE_GLOBALS = {} %}
|
||||||
|
|
||||||
{% set MANAGER_GLOBALS =
|
{% set MANAGER_GLOBALS =
|
||||||
[
|
[
|
||||||
ELASTICSEARCH_GLOBALS,
|
ELASTICSEARCH_GLOBALS,
|
||||||
LOGSTASH_GLOBALS
|
LOGSTASH_GLOBALS,
|
||||||
|
POSTGRES_GLOBALS
|
||||||
]
|
]
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
|||||||
@@ -1,12 +1,14 @@
|
|||||||
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
||||||
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
|
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
|
||||||
|
{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %}
|
||||||
|
|
||||||
{% set ROLE_GLOBALS = {} %}
|
{% set ROLE_GLOBALS = {} %}
|
||||||
|
|
||||||
{% set MANAGERSEARCH_GLOBALS =
|
{% set MANAGERSEARCH_GLOBALS =
|
||||||
[
|
[
|
||||||
ELASTICSEARCH_GLOBALS,
|
ELASTICSEARCH_GLOBALS,
|
||||||
LOGSTASH_GLOBALS
|
LOGSTASH_GLOBALS,
|
||||||
|
POSTGRES_GLOBALS
|
||||||
]
|
]
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,16 @@
|
|||||||
|
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
Elastic License 2.0. #}
|
||||||
|
|
||||||
|
{% import 'vars/init.map.jinja' as INIT %}
|
||||||
|
|
||||||
|
{%
|
||||||
|
set POSTGRES_GLOBALS = {
|
||||||
|
'postgres': {}
|
||||||
|
}
|
||||||
|
%}
|
||||||
|
|
||||||
|
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/postgres/auth.sls') %}
|
||||||
|
{% do POSTGRES_GLOBALS.postgres.update({'auth': INIT.PILLAR.postgres.auth}) %}
|
||||||
|
{% endif %}
|
||||||
@@ -1,5 +1,6 @@
|
|||||||
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
|
||||||
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
|
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
|
||||||
|
{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %}
|
||||||
{% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %}
|
{% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %}
|
||||||
|
|
||||||
{% set ROLE_GLOBALS = {} %}
|
{% set ROLE_GLOBALS = {} %}
|
||||||
@@ -8,6 +9,7 @@
|
|||||||
[
|
[
|
||||||
ELASTICSEARCH_GLOBALS,
|
ELASTICSEARCH_GLOBALS,
|
||||||
LOGSTASH_GLOBALS,
|
LOGSTASH_GLOBALS,
|
||||||
|
POSTGRES_GLOBALS,
|
||||||
SENSOR_GLOBALS
|
SENSOR_GLOBALS
|
||||||
]
|
]
|
||||||
%}
|
%}
|
||||||
|
|||||||
Reference in New Issue
Block a user