CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

docker ips changes

Browse Source
This commit is contained in:
m0duspwnens
2023-07-21 16:06:52 -04:00
parent 87b1207ac0
commit 36a936d3d6
7 changed files with 14 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/docker/defaults.yaml
View File

@@ -1,8 +1,6 @@
docker: docker:
bip: '172.17.0.1' range: '172.17.1.0/24'
range: '172.17.0.0/24' bip: '172.17.1.1'
sorange: '172.17.1.0/24'
sobip: '172.17.1.1'
containers: containers:
'so-dockerregistry': 'so-dockerregistry':
final_octet: 20 final_octet: 20
@@ -202,4 +200,4 @@ docker:
final_octet: 99 final_octet: 99
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: [] extra_env: []

4
salt/docker/init.sls
View File

@@ -102,8 +102,8 @@ dockerreserveports:
sos_docker_net: sos_docker_net:
docker_network.present: docker_network.present:
- name: sobridge - name: sobridge
- subnet: {{ DOCKER.sorange }} - subnet: {{ DOCKER.range }}
- gateway: {{ DOCKER.sobip }} - gateway: {{ DOCKER.bip }}
- options: - options:
com.docker.network.bridge.name: 'sobridge' com.docker.network.bridge.name: 'sobridge'
com.docker.network.driver.mtu: '1500' com.docker.network.driver.mtu: '1500'

10
salt/docker/soc_docker.yaml
View File

@@ -7,14 +7,6 @@ docker:
description: Default docker IP range for containers. description: Default docker IP range for containers.
helpLink: docker.html helpLink: docker.html
advanced: True advanced: True
sobip:
description: Bind IP for the SO docker interface.
helpLink: docker.html
advanced: True
sorange:
description: IP range for the SO docker containers.
helpLink: docker.html
advanced: True
containers: containers:
so-curator: &dockerOptions so-curator: &dockerOptions
final_octet: final_octet:
@@ -68,4 +60,4 @@ docker:
so-strelka-filestream: *dockerOptions so-strelka-filestream: *dockerOptions
so-strelka-frontend: *dockerOptions so-strelka-frontend: *dockerOptions
so-strelka-gatekeeper: *dockerOptions so-strelka-gatekeeper: *dockerOptions
so-strelka-manager: *dockerOptions so-strelka-manager: *dockerOptions

4
salt/podman/init.sls
View File

@@ -44,8 +44,8 @@ podman_docker_symlink:
sos_docker_net: sos_docker_net:
docker_network.present: docker_network.present:
- name: sobridge - name: sobridge
- subnet: {{ DOCKER.sorange }} - subnet: {{ DOCKER.range }}
- gateway: {{ DOCKER.sobip }} - gateway: {{ DOCKER.bip }}
- options: - options:
com.docker.network.bridge.name: 'sobridge' com.docker.network.bridge.name: 'sobridge'
com.docker.network.driver.mtu: '1500' com.docker.network.driver.mtu: '1500'

4
salt/vars/globals.map.jinja
View File

@@ -22,8 +22,8 @@
'md_engine': INIT.PILLAR.global.mdengine, 'md_engine': INIT.PILLAR.global.mdengine,
'pipeline': INIT.PILLAR.global.pipeline, 'pipeline': INIT.PILLAR.global.pipeline,
'so_version': INIT.PILLAR.global.soversion, 'so_version': INIT.PILLAR.global.soversion,
'so_docker_bip': DOCKER.sobip, 'so_docker_bip': DOCKER.bip,
'so_docker_range': DOCKER.sorange, 'so_docker_range': DOCKER.range,
'url_base': INIT.PILLAR.global.url_base, 'url_base': INIT.PILLAR.global.url_base,
'so_model': INIT.GRAINS.get('sosmodel',''), 'so_model': INIT.GRAINS.get('sosmodel',''),
'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey, 'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,

19
setup/so-functions
View File

@@ -254,15 +254,10 @@ collect_dns_domain() {
collect_dockernet() { collect_dockernet() {
if ! whiptail_dockernet_check; then if ! whiptail_dockernet_check; then
whiptail_dockernet_sosnet "172.17.1.0" whiptail_dockernet_sosnet "172.17.1.0"
whiptail_dockernet_nososnet "172.17.0.0"
while ! valid_ip4 "$DOCKERNET"; do while ! valid_ip4 "$DOCKERNET"; do
whiptail_invalid_input whiptail_invalid_input
whiptail_dockernet_nonsosnet "$DOCKERNET" whiptail_dockernet_sosnet "$DOCKERNET"
done
while ! valid_ip4 "$DOCKERNET2"; do
whiptail_invalid_input
whiptail_dockernet_sosnet "$DOCKERNET2"
done done
fi fi
} }
@@ -1105,10 +1100,7 @@ docker_registry() {
logCmd "mkdir -p /etc/docker" logCmd "mkdir -p /etc/docker"
# This will get applied so docker can attempt to start # This will get applied so docker can attempt to start
if [ -z "$DOCKERNET" ]; then if [ -z "$DOCKERNET" ]; then
DOCKERNET=172.17.0.0 DOCKERNET=172.17.1.0
fi
if [ -z "$DOCKERNET2" ]; then
DOCKERNET2=172.17.1.0
fi fi
# Make the host use the manager docker registry # Make the host use the manager docker registry
DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
@@ -1491,13 +1483,10 @@ create_global() {
fi fi
if [ -z "$DOCKERNET" ]; then if [ -z "$DOCKERNET" ]; then
DOCKERNET=172.17.0.0 DOCKERNET=172.17.1.0
DOCKERNET2=172.17.1.0
DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
DOCKER2BIP=$(echo $DOCKERNET2 | awk -F'.' '{print $1,$2,$3,1}' OFS='.')
else else
DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
DOCKER2BIP=$(echo $DOCKERNET2 | awk -F'.' '{print $1,$2,$3,1}' OFS='.')
fi fi
if [ -f "$global_pillar_file" ]; then if [ -f "$global_pillar_file" ]; then
@@ -1562,8 +1551,6 @@ docker_pillar() {
touch $adv_docker_pillar_file touch $adv_docker_pillar_file
printf '%s\n'\ printf '%s\n'\
"docker:"\ "docker:"\
" sorange: '$DOCKERNET2/24'"\
" sobip: '$DOCKER2BIP'"\
" range: '$DOCKERNET/24'"\ " range: '$DOCKERNET/24'"\
" bip: '$DOCKERBIP'" > $docker_pillar_file " bip: '$DOCKERBIP'" > $docker_pillar_file
} }

14
setup/so-whiptail
View File

@@ -329,20 +329,8 @@ whiptail_dockernet_sosnet() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
DOCKERNET2=$(whiptail --title "$whiptail_title" --inputbox \
"\nEnter a /24 size network range for SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_dockernet_nososnet() {
[ -n "$TESTING" ] && return
DOCKERNET=$(whiptail --title "$whiptail_title" --inputbox \ DOCKERNET=$(whiptail --title "$whiptail_title" --inputbox \
"\nEnter a /24 size network range for NON SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3) "\nEnter a /24 size network range for SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus