comments

2025-12-06 09:12:45 +01:00 · 2025-02-21 14:34:08 -05:00
parent b68f561e6f
commit 3246176c0a
13 changed files with 237 additions and 10 deletions
--- a/salt/common/tools/sbin_jinja/so-salt-emit-vm-deployment-status-event
+++ b/salt/common/tools/sbin_jinja/so-salt-emit-vm-deployment-status-event
@@ -4,6 +4,14 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{%   if 'hvn' in salt['pillar.get']('features', []) -%}

 """
 Script for emitting VM deployment status events to the Salt event bus.
@@ -114,3 +122,11 @@ def main():

 if __name__ == '__main__':
    main()
+
+{%- else -%}
+
+echo "Hypervisor nodes are a feature supported only for customers with a valid license. \
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com \
+      for more information about purchasing a license to enable this feature."
+
+{% endif -%}
--- a/salt/hypervisor/init.sls
+++ b/salt/hypervisor/init.sls
@@ -23,6 +23,13 @@ hypervisor_sbin:
    - source: salt://hypervisor/tools/sbin
    - file_mode: 744

+hypervisor_sbin_jinja:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://hypervisor/tools/sbin_jinja
+    - template: jinja
+    - file_mode: 744
+
 {%   else %}
 {{sls}}_no_license_detected:
  test.fail_without_changes:
--- a/salt/hypervisor/map.jinja
+++ b/salt/hypervisor/map.jinja
@@ -1,3 +1,16 @@
+{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+   https://securityonion.net/license; you may not use this file except in compliance with the
+   Elastic License 2.0. 
+   
+   Note: Per the Elastic License 2.0, the second limitation states:
+
+    "You may not move, change, disable, or circumvent the license key functionality
+     in the software, and you may not remove or obscure any functionality in the
+     software that is protected by the license key." #}
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}
+
 {# Import defaults.yaml for model hardware capabilities #}
 {% import_yaml 'hypervisor/defaults.yaml' as DEFAULTS %}

@@ -83,3 +96,13 @@
    }) %}
  {% endfor %}
 {% endfor %}
+
+{% else %}
+
+{% do salt.log.error(
+  'Hypervisor nodes are a feature supported only for customers with a valid license.'
+  'Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com'
+  'for more information about purchasing a license to enable this feature.'
+) %}
+
+{% endif %}
--- a/salt/hypervisor/tools/sbin_jinja/so-kvm-modify-hardware
+++ b/salt/hypervisor/tools/sbin_jinja/so-kvm-modify-hardware
@@ -4,6 +4,14 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}

 """
 Script for managing hardware configurations of KVM virtual machines. This script provides
@@ -347,3 +355,11 @@ def main():

 if __name__ == '__main__':
    main()
+
+{%- else -%}
+
+echo "Hypervisor nodes are a feature supported only for customers with a valid license. \
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com \
+      for more information about purchasing a license to enable this feature."
+
+{% endif -%}
--- a/salt/hypervisor/tools/sbin_jinja/so-qcow2-modify-network
+++ b/salt/hypervisor/tools/sbin_jinja/so-qcow2-modify-network
@@ -4,6 +4,14 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) -%}

 """
 Script for modifying network configurations within QCOW2 virtual machine images. This script provides
@@ -513,3 +521,11 @@ def main():

 if __name__ == '__main__':
    main()
+
+{%- else -%}
+
+echo "Hypervisor nodes are a feature supported only for customers with a valid license. \
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com \
+      for more information about purchasing a license to enable this feature."
+
+{% endif -%}
--- a/salt/manager/tools/sbin_jinja/so-salt-cloud
+++ b/salt/manager/tools/sbin_jinja/so-salt-cloud
@@ -4,6 +4,14 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{%   if 'hvn' in salt['pillar.get']('features', []) -%}

 """
 Script for automated virtual machine provisioning and configuration in Security Onion's virtualization infrastructure. 
@@ -601,3 +609,11 @@ def main():

 if __name__ == "__main__":
    main()
+
+{%- else -%}
+
+echo "Hypervisor nodes are a feature supported only for customers with a valid license. \
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com \
+      for more information about purchasing a license to enable this feature."
+
+{% endif -%}
--- a/salt/orch/dyanno_hypervisor.sls
+++ b/salt/orch/dyanno_hypervisor.sls
@@ -1,3 +1,16 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}
+
 {% do salt.log.info('dyanno_hypervisor_orch: Running') %}
 {% set event_data = pillar.get('event_data', {}) %}
 {% set event_tag = pillar.get('event_tag', '') %}
@@ -70,7 +83,7 @@ write_vm_status:
 {% endif %}
 #}

-{#
+{# We will need to populate hypervisor:hosts in this orch and pass to state to run as runner
 update_hypervisor_status:
  salt.runner:
    - name: state.orchestrate
@@ -95,3 +108,13 @@ update_hypervisor_annotation:
 {% endif %#}

 {% do salt.log.info('dyanno_hypervisor_orch: Completed') %}
+
+{% else %}
+
+{% do salt.log.error(
+  'Hypervisor nodes are a feature supported only for customers with a valid license.'
+  'Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com'
+  'for more information about purchasing a license to enable this feature.'
+) %}
+
+{% endif %}
--- a/salt/reactor/vm_status.sls
+++ b/salt/reactor/vm_status.sls
@@ -1,3 +1,8 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
 {% do salt.log.debug('vm_status_reactor: Running') %}
 {% do salt.log.debug('vm_status_reactor: tag: ' ~ tag | string) %}

--- a/salt/salt/engines/master/virtual_node_manager.py
+++ b/salt/salt/engines/master/virtual_node_manager.py
@@ -4,6 +4,12 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."

 """
 Salt Engine for Virtual Node Management
--- a/salt/soc/dyanno/hypervisor/init.sls
+++ b/salt/soc/dyanno/hypervisor/init.sls
@@ -1,4 +1,17 @@
-{% from 'hypervisor/map.jinja' import HYPERVISORS %}
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}
+
+{%   from 'hypervisor/map.jinja' import HYPERVISORS %}

 hypervisor_annotation:
  file.managed:
@@ -10,8 +23,8 @@ hypervisor_annotation:
    - defaults:
        HYPERVISORS: {{ HYPERVISORS }}

-{% for role in HYPERVISORS %}
-{%   for hypervisor in HYPERVISORS[role].keys() %}
+{%   for role in HYPERVISORS %}
+{%     for hypervisor in HYPERVISORS[role].keys() %}
 hypervisor_host_directory_{{hypervisor}}:
  file.directory:
    - name: /opt/so/saltstack/local/salt/hypervisor/hosts/{{hypervisor}}
@@ -21,5 +34,17 @@ hypervisor_host_directory_{{hypervisor}}:
    - recurse:
      - user
      - group
+{%     endfor %}
 {%   endfor %}
-{% endfor %}
+
+{% else %}
+
+{{sls}}_no_license_detected:
+  test.fail_without_changes:
+    - name: {{sls}}_no_license_detected
+    - comment:
+      - "Hypervisor nodes are a feature supported only for customers with a valid license.
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
+      for more information about purchasing a license to enable this feature."
+
+{% endif %}
--- a/salt/soc/dyanno/hypervisor/soc_hypervisor.yaml.jinja
+++ b/salt/soc/dyanno/hypervisor/soc_hypervisor.yaml.jinja
@@ -1,3 +1,16 @@
+{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+   https://securityonion.net/license; you may not use this file except in compliance with the
+   Elastic License 2.0. 
+   
+   Note: Per the Elastic License 2.0, the second limitation states:
+
+    "You may not move, change, disable, or circumvent the license key functionality
+     in the software, and you may not remove or obscure any functionality in the
+     software that is protected by the license key." #}
+
+{%- if 'hvn' in salt['pillar.get']('features', []) -%}
+
 {%- import_yaml 'soc/dyanno/hypervisor/hypervisor.yaml' as ANNOTATION -%}
 {%- from 'hypervisor/map.jinja' import HYPERVISORS -%}

@@ -119,3 +132,13 @@ No Virtual Machines Found
 {%- endfor -%}

 {{- ANNOTATION | yaml(False) -}}
+
+{%- else -%}
+
+{%- do salt.log.error(
+  'Hypervisor nodes are a feature supported only for customers with a valid license.'
+  'Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com'
+  'for more information about purchasing a license to enable this feature.'
+) -%}
+
+{%- endif -%}
--- a/salt/soc/dyanno/hypervisor/write_status.sls
+++ b/salt/soc/dyanno/hypervisor/write_status.sls
@@ -1,3 +1,16 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}
+
 {% do salt.log.info('soc/dyanno/hypervisor/write_status: Running') %}
 {% set vm_name = pillar.get('vm_name') %}
 {% set hypervisor = pillar.get('hypervisor') %}
@@ -64,6 +77,19 @@ write_status_file:
    - require:
      - file: ensure_status_dir
 {% else %}
+
 {%   do salt.log.debug('soc/dyanno/hypervisor/write_status: File not written. ' ~ process_steps[new_index] ~ ' cannot overwrite ' ~ process_steps[current_index] ~ '.' ) %}
+
 {% endif %}
+
 {% do salt.log.info('soc/dyanno/hypervisor/write_status: Completed') %}
+
+{% else %}
+
+{% do salt.log.error(
+  'Hypervisor nodes are a feature supported only for customers with a valid license.'
+  'Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com'
+  'for more information about purchasing a license to enable this feature.'
+) %}
+
+{% endif %}
--- a/salt/vm_status/init.sls
+++ b/salt/vm_status/init.sls
@@ -1,3 +1,16 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}
+
 # Send highstate trigger event for VM deployment status tracking
 # so-salt-emit-vm-deployment-status sets event_tag = f'soc/dyanno/hypervisor/{status.lower()}'
 vm_highstate_trigger:
@@ -8,3 +21,15 @@ vm_highstate_trigger:
        vm_name: {{ grains.id }}
        hypervisor: {{ salt['grains.get']('salt-cloud:profile', '').split('-')[1] }}
    - order: 1  # Ensure this runs early in the highstate process
+
+{% else %}
+
+{{sls}}_no_license_detected:
+  test.fail_without_changes:
+    - name: {{sls}}_no_license_detected
+    - comment:
+      - "Hypervisor nodes are a feature supported only for customers with a valid license.
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
+      for more information about purchasing a license to enable this feature."
+
+{% endif %}