CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 11:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

manage with contents to simplify salt cloud profile file_map

Browse Source
This commit is contained in:
m0duspwnens
2025-01-29 08:12:50 -05:00
parent ea2e026c56
commit 3c85b48291
3 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja
View File

@@ -35,9 +35,15 @@ sool9-{{host}}:
# - echo "preflight_cmds" # - echo "preflight_cmds"
# the destination directory will be created if it doesn't exist # the destination directory will be created if it doesn't exist
file_map: file_map:
/opt/so/saltstack/default/salt/setup/virt/initial_schedule.sls: /opt/so/conf/salt/cloud_file_map/salt/initial_schedule.sls /opt/so/saltstack/default/salt/setup/virt/initial_schedule.sls: /opt/so/conf/salt/cloud_file_map/salt/setup/virt/initial_schedule.sls
/opt/so/saltstack/default/salt/salt/mine_functions.sls: /opt/so/conf/salt/cloud_file_map/salt/salt/mine_functions.sls
inline_script: inline_script:
- "sudo salt-call state.apply initial_schedule --local --file-root=/opt/so/conf/salt/cloud_file_map/salt/" - |
sudo salt-call state.apply salt.mine_functions \
--local \
--file-root=/opt/so/conf/salt/cloud_file_map/salt/ \
pillar='{"host": {"mainint": "eth0"}}'
- "sudo salt-call state.apply setup.virt.initial_schedule --local --file-root=/opt/so/conf/salt/cloud_file_map/salt/"
# - "rpm --import /tmp/securityonion.pub" # - "rpm --import /tmp/securityonion.pub"
# grains to add to the minion # grains to add to the minion

14
salt/salt/etc/minion.d/mine_functions.conf.jinja
View File

@@ -1,14 +0,0 @@
{% if grains.role == 'so-hypervisor' %}
{% set interface = 'br0' %}
{% else %}
{% set interface = pillar.host.mainint %}
{% endif %}
mine_interval: 25
mine_functions:
network.ip_addrs:
- interface: {{ interface }}
{%- if grains.role in ['so-eval','so-import','so-manager','so-managersearch','so-standalone'] %}
x509.get_pem_entries:
- glob_path: '/etc/pki/ca.crt'
{% endif -%}

19
salt/salt/mine_functions.sls
View File

@@ -6,8 +6,23 @@
# this state was seperated from salt.minion state since it is called during setup # this state was seperated from salt.minion state since it is called during setup
# GLOBALS are imported in the salt.minion state and that is not available at that point in setup # GLOBALS are imported in the salt.minion state and that is not available at that point in setup
# this state is included in the salt.minion state # this state is included in the salt.minion state
{% set role = salt['grains.get']('role', '') %}
{% if role == 'so-hypervisor' -%}
{% set interface = 'br0' %}
{% else %}
{% set interface = pillar.host.mainint %}
{% endif %}
mine_functions: mine_functions:
file.managed: file.managed:
- name: /etc/salt/minion.d/mine_functions.conf - name: /etc/salt/minion.d/mine_functions.conf
- source: salt://salt/etc/minion.d/mine_functions.conf.jinja - contents: |
- template: jinja mine_interval: 25
mine_functions:
network.ip_addrs:
- interface: {{ interface }}
{%- if role in ['so-eval','so-import','so-manager','so-managersearch','so-standalone'] %}
x509.get_pem_entries:
- glob_path: '/etc/pki/ca.crt'
{% endif -%}