Merge pull request #9464 from Security-Onion-Solutions/mkr24

Add global annotation and influx support

salt/global/soc_global.yaml

@@ -0,0 +1,49 @@
+global:
+  soversion:
+    description: Current version of Security Onion. 
+    global: True
+    readonly: True
+  managerip:
+    description: The IP address of the grid manager.
+    global: True
+  mdengine:
+    description: What engine to use for meta data generation. Options are ZEEK and SURICATA.
+    global: True
+  ids:
+    description: Which IDS engine to use. Currently only Suricata is supported.
+    global: True
+    readonly: True
+    advanced: True
+  url_base:
+    description: Used for handling of authentication cookies. 
+    global: True
+  airgap:
+    description: Sets airgap mode.
+    global: True
+    readonly: True
+  imagerepo:
+    description: Image repo to pull image from.
+    global: True
+    advanced: True
+  pipeline:
+    description: Sets which pipeline technology for events to use. Currently only Redsi is supported.
+    global: True
+    readonly: True
+    advanced: True
+  repo_host:
+    description: Specify the host where operating system packages will be served from.
+    global: True
+    advanced: True
+  registry_host:
+    description: Specify the host where docker/podman images will be pulled from.
+    global: True
+    advanced: True
+  influxdb_host:
+    description: Specify the host where influxdb is hosted.
+    global: True
+    advanced: True
+  engamehost:
+    description: Allows use of Endgame with Security Onion. This feature requires a license from Endgame.
+    global: True
+    advanced: True
+

salt/grafana/etc/datasources/influxdb.yaml

@@ -9,7 +9,7 @@ datasources:
     type: influxdb
     access: proxy
     database: telegraf
-    url: https://{{ GLOBALS.manager_ip }}:8086
+    url: https://{{ GLOBALS.influxdb_host }}:8086
     jsonData:
       tlsAuth: false
       tlsAuthWithCACert: false

salt/soc/defaults.map.jinja

@@ -15,7 +15,7 @@
 {% do SOCDEFAULTS.soc.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %}
 
 {% if GLOBALS.role != 'so-import' %}
-{%   do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.manager_ip ~ ':8086'}) %}
+{%   do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}
 {% endif %}
 
 {% do SOCDEFAULTS.soc.server.modules.statickeyauth.update({'anonymousCidr': GLOBALS.docker_range, 'apiKey': pillar.sensoroni.sensoronikey}) %}

salt/telegraf/etc/telegraf.conf

@@ -1,5 +1,5 @@
 # Telegraf Configuration
-{%- set MANAGER = GLOBALS.manager %}
+{%- set INFLUXDBHOST = GLOBALS.influxdb_host %}
 {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
 {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 {%- set NODEIP = GLOBALS.node_ip %}
@@ -72,7 +72,7 @@
 
 # Configuration for sending metrics to InfluxDB
 [[outputs.influxdb]]
-  urls = ["https://{{ MANAGER }}:8086"]
+  urls = ["https://{{ INFLUXDBHOST }}:8086"]
 
   ## Optional TLS Config for use on HTTP connections.
    tls_ca = "/etc/telegraf/ca.crt"

salt/vars/globals.map.jinja

@@ -16,6 +16,7 @@
     'image_repo': INIT.PILLAR.global.imagerepo,
     'repo_host': INIT.PILLAR.global.repo_host,
     'registry_host': INIT.PILLAR.global.registry_host,
+    'influxdb_host': INIT.PILLAR.global.influxdb_host,
     'manager_ip': INIT.PILLAR.global.managerip,
     'md_engine': INIT.PILLAR.global.mdengine,
     'pipeline': INIT.PILLAR.global.pipeline,

setup/so-functions

@@ -1431,6 +1431,7 @@ create_global() {
 	echo "  imagerepo: '$IMAGEREPO'" >> $global_pillar_file
 	echo "  pipeline: 'redis'" >> $global_pillar_file
 	echo "  repo_host: '$HOSTNAME'" >> $global_pillar_file
+	echo "  influxdb_host: '$HOSTNAME'" >> $global_pillar_file
 	echo "  registry_host: '$HOSTNAME'" >> $global_pillar_file
 	echo "  endgamehost: '$ENDGAMEHOST'" >> $global_pillar_file
 }