CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

bridge and pools

Browse Source
This commit is contained in:
m0duspwnens
2024-08-16 11:58:49 -04:00
parent 2a35e45920
commit 30e998edf7
3 changed files with 41 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/libvirt/defaults.yaml
View File

@@ -10,9 +10,9 @@ libvirt:
unix_sock_rw_perms: "0770" unix_sock_rw_perms: "0770"
unix_sock_admin_perms: "0700" unix_sock_admin_perms: "0700"
unix_sock_dir: "/run/libvirt" unix_sock_dir: "/run/libvirt"
auth_unix_ro: "none" auth_unix_ro: "polkit"
auth_unix_rw: "none" auth_unix_rw: "polkit"
auth_tcp: "none" auth_tcp: "sasl"
auth_tls: "none" auth_tls: "none"
tcp_min_ssf: 112 tcp_min_ssf: 112
access_drivers: ["polkit"] access_drivers: ["polkit"]

49
salt/libvirt/init.sls
View File

@@ -23,10 +23,11 @@ libvirt_conf_dir:
libvirt_config: libvirt_config:
file.managed: file.managed:
- name: /opt/so/conf/libvirt/libvirtd.conf - name: /opt/so/conf/libvirt/libvirtd.conf
- source: salt://libvirt/etc/libvirtd.conf.jinja - source: salt://libvirt/configstockstock
- template: jinja # - source: salt://libvirt/etc/libvirtd.conf.jinja
- defaults: # - template: jinja
LIBVIRTMERGED: {{ LIBVIRTMERGED }} # - defaults:
# LIBVIRTMERGED: {{ LIBVIRTMERGED }}
# since the libvirtd service looks for the config at /etc/libvirt/libvirtd.conf, and we dont want to manage the service looking in a new location, create this symlink to the managed config # since the libvirtd service looks for the config at /etc/libvirt/libvirtd.conf, and we dont want to manage the service looking in a new location, create this symlink to the managed config
config_symlink: config_symlink:
@@ -34,6 +35,8 @@ config_symlink:
- name: /etc/libvirt/libvirtd.conf - name: /etc/libvirt/libvirtd.conf
- target: /opt/so/conf/libvirt/libvirtd.conf - target: /opt/so/conf/libvirt/libvirtd.conf
- force: True - force: True
- user: qemu
- group: qemu
libvirt_service: libvirt_service:
service.running: service.running:
@@ -54,20 +57,40 @@ install_qemu:
pkg.installed: pkg.installed:
- name: qemu-kvm - name: qemu-kvm
create_host_bridge: #create_host_bridge:
# virt.network_running:
# - name: host-bridge
# - bridge: br0
# - forward: bridge
# - autostart: True
set_default_bridge:
virt.network_running: virt.network_running:
- name: host-bridge - name: default
- bridge: br0 - bridge: br0
- forward: bridge - forward: bridge
- autostart: True - autostart: True
disable_default_bridge: # set the default storage pool to point to the location we want
cmd.run: set_default_pool:
- name: virsh net-destroy default && virsh net-autostart default --disable virt.pool_running:
- require: - name: default
- pkg: install_libvirt-client - ptype: dir
- onlyif: - target: /var/lib/libvirt/images/coreol9
- virsh net-info | grep default - permissions:
- mode: 0711
- owner: qemu
- group: qemu
- label: "system_u:object_r:virt_image_t:s0" # this doesnt seem to set the selinux context
- autostart: True
#disable_default_bridge:
# cmd.run:
# - name: virsh net-destroy default && virsh net-autostart default --disable
# - require:
# - pkg: install_libvirt-client
# - onlyif:
# - virsh net-info | grep default
# this should only run during the first highstate after setup. it will transfer connection from mgmt to br0 # this should only run during the first highstate after setup. it will transfer connection from mgmt to br0
down_original_mgmt_interface: down_original_mgmt_interface:

2
salt/libvirt/ssh/users.sls
View File

@@ -14,6 +14,8 @@ create_soqemussh_user:
{% if not GLOBALS.is_manager %} {% if not GLOBALS.is_manager %}
- groups: - groups:
- wheel - wheel
- qemu
- libvirt
{% endif %} {% endif %}
{% if GLOBALS.is_manager %} {% if GLOBALS.is_manager %}