CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12294 from Security-Onion-Solutions/jppffa

Browse Source 
Jppffa
This commit is contained in:
Josh Brower
2024-02-01 09:47:18 -05:00
committed by GitHub
parent e090518b59 ae32ac40c2
commit 3d478b92b2
4 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/docker/defaults.yaml
View File

@@ -84,6 +84,13 @@ docker:
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: [] extra_env: []
'so-nginx-fleet-node':
final_octet: 31
port_bindings:
- 8443:8443
custom_bind_mounts: []
extra_hosts: []
extra_env: []
'so-playbook': 'so-playbook':
final_octet: 32 final_octet: 32
port_bindings: port_bindings:

1
salt/docker/soc_docker.yaml
View File

@@ -48,6 +48,7 @@ docker:
so-logstash: *dockerOptions so-logstash: *dockerOptions
so-mysql: *dockerOptions so-mysql: *dockerOptions
so-nginx: *dockerOptions so-nginx: *dockerOptions
so-nginx-fleet-node: *dockerOptions
so-playbook: *dockerOptions so-playbook: *dockerOptions
so-redis: *dockerOptions so-redis: *dockerOptions
so-sensoroni: *dockerOptions so-sensoroni: *dockerOptions

2
salt/firewall/containers.map.jinja
View File

@@ -95,7 +95,7 @@
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-elastic-fleet', 'so-elastic-fleet',
'so-logstash', 'so-logstash',
'so-nginx' 'so-nginx-fleet-node'
] %} ] %}
{% elif GLOBALS.role == 'so-sensor' %} {% elif GLOBALS.role == 'so-sensor' %}

23
salt/nginx/enabled.sls
View File

@@ -94,17 +94,24 @@ make-rule-dir-nginx:
{% endif %} {% endif %}
{# if this is an so-fleet node then we want to use the port bindings, custom bind mounts defined for fleet #}
{% if GLOBALS.role == 'so-fleet' %}
{% set container_config = 'so-nginx-fleet-node' %}
{% else %}
{% set container_config = 'so-nginx' %}
{% endif %}
so-nginx: so-nginx:
docker_container.running: docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }} - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }}
- hostname: so-nginx - hostname: so-nginx
- networks: - networks:
- sobridge: - sobridge:
- ipv4_address: {{ DOCKER.containers['so-nginx'].ip }} - ipv4_address: {{ DOCKER.containers[container_config].ip }}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-nginx'].extra_hosts %} {% if DOCKER.containers[container_config].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-nginx'].extra_hosts %} {% for XTRAHOST in DOCKER.containers[container_config].extra_hosts %}
- {{ XTRAHOST }} - {{ XTRAHOST }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
@@ -124,20 +131,20 @@ so-nginx:
- /nsm/repo:/opt/socore/html/repo:ro - /nsm/repo:/opt/socore/html/repo:ro
- /nsm/rules:/nsm/rules:ro - /nsm/rules:/nsm/rules:ro
{% endif %} {% endif %}
{% if DOCKER.containers['so-nginx'].custom_bind_mounts %} {% if DOCKER.containers[container_config].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-nginx'].custom_bind_mounts %} {% for BIND in DOCKER.containers[container_config].custom_bind_mounts %}
- {{ BIND }} - {{ BIND }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if DOCKER.containers['so-nginx'].extra_env %} {% if DOCKER.containers[container_config].extra_env %}
- environment: - environment:
{% for XTRAENV in DOCKER.containers['so-nginx'].extra_env %} {% for XTRAENV in DOCKER.containers[container_config].extra_env %}
- {{ XTRAENV }} - {{ XTRAENV }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
- cap_add: NET_BIND_SERVICE - cap_add: NET_BIND_SERVICE
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-nginx'].port_bindings %} {% for BINDING in DOCKER.containers[container_config].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
{% endfor %} {% endfor %}
- watch: - watch: