From 4440ecd43390283c98fec08dbf0251ca18b8416f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 12 May 2023 15:51:00 -0400 Subject: [PATCH] enabled/disable registry in ui --- salt/registry/config.sls | 46 ++++++++++++++++++ salt/registry/defaults.yaml | 2 + salt/registry/enabled.sls | 55 ++++++++++++++++++++++ salt/registry/init.sls | 83 ++++----------------------------- salt/registry/map.jinja | 7 +++ salt/registry/soc_registry.yaml | 4 ++ 6 files changed, 124 insertions(+), 73 deletions(-) diff --git a/salt/registry/config.sls b/salt/registry/config.sls index e69de29bb..098633829 100644 --- a/salt/registry/config.sls +++ b/salt/registry/config.sls @@ -0,0 +1,46 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +include: + - ssl + +# Create the config directory for the docker registry +dockerregistryconfdir: + file.directory: + - name: /opt/so/conf/docker-registry/etc + - user: 939 + - group: 939 + - makedirs: True + +dockerregistrydir: + file.directory: + - name: /nsm/docker-registry/docker + - user: 939 + - group: 939 + - makedirs: True + +dockerregistrylogdir: + file.directory: + - name: /opt/so/log/docker-registry + - user: 939 + - group: 939 + - makedirs: true + +# Copy the config +dockerregistryconf: + file.managed: + - name: /opt/so/conf/docker-registry/etc/config.yml + - source: salt://registry/etc/config.yml + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/registry/defaults.yaml b/salt/registry/defaults.yaml index e69de29bb..f6d2b2946 100644 --- a/salt/registry/defaults.yaml +++ b/salt/registry/defaults.yaml @@ -0,0 +1,2 @@ +registry: + enabled: False diff --git a/salt/registry/enabled.sls b/salt/registry/enabled.sls index e69de29bb..fc0e07441 100644 --- a/salt/registry/enabled.sls +++ b/salt/registry/enabled.sls @@ -0,0 +1,55 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} +{% from 'docker/docker.map.jinja' import DOCKER %} + +include: + - registry.config + - registry.sostatus + +# Install the registry container +so-dockerregistry: + docker_container.running: + - image: ghcr.io/security-onion-solutions/registry:latest + - hostname: so-registry + - networks: + - sobridge: + - ipv4_address: {{ DOCKER.containers['so-dockerregistry'].ip }} + - restart_policy: always + - port_bindings: + {% for BINDING in DOCKER.containers['so-dockerregistry'].port_bindings %} + - {{ BINDING }} + {% endfor %} + - binds: + - /opt/so/conf/docker-registry/etc/config.yml:/etc/docker/registry/config.yml:ro + - /opt/so/conf/docker-registry:/var/lib/registry:rw + - /nsm/docker-registry/docker:/var/lib/registry/docker:rw + - /etc/pki/registry.crt:/etc/pki/registry.crt:ro + - /etc/pki/registry.key:/etc/pki/registry.key:ro + - client_timeout: 180 + - environment: + - HOME=/root + - retry: + attempts: 5 + interval: 30 + - require: + - file: dockerregistryconf + - x509: registry_crt + - x509: registry_key + +delete_so-registry_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-registry$ + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/registry/init.sls b/salt/registry/init.sls index cb8035e44..b2b5912f2 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -1,77 +1,14 @@ -{% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} -{% from 'docker/docker.map.jinja' import DOCKER %} + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'registry/map.jinja' import REGISTRYMERGED %} include: - - ssl - -# Create the config directory for the docker registry -dockerregistryconfdir: - file.directory: - - name: /opt/so/conf/docker-registry/etc - - user: 939 - - group: 939 - - makedirs: True - -dockerregistrydir: - file.directory: - - name: /nsm/docker-registry/docker - - user: 939 - - group: 939 - - makedirs: True - -dockerregistrylogdir: - file.directory: - - name: /opt/so/log/docker-registry - - user: 939 - - group: 939 - - makedirs: true - -# Copy the config -dockerregistryconf: - file.managed: - - name: /opt/so/conf/docker-registry/etc/config.yml - - source: salt://registry/etc/config.yml - -# Install the registry container -so-dockerregistry: - docker_container.running: - - image: ghcr.io/security-onion-solutions/registry:latest - - hostname: so-registry - - networks: - - sobridge: - - ipv4_address: {{ DOCKER.containers['so-dockerregistry'].ip }} - - restart_policy: always - - port_bindings: - {% for BINDING in DOCKER.containers['so-dockerregistry'].port_bindings %} - - {{ BINDING }} - {% endfor %} - - binds: - - /opt/so/conf/docker-registry/etc/config.yml:/etc/docker/registry/config.yml:ro - - /opt/so/conf/docker-registry:/var/lib/registry:rw - - /nsm/docker-registry/docker:/var/lib/registry/docker:rw - - /etc/pki/registry.crt:/etc/pki/registry.crt:ro - - /etc/pki/registry.key:/etc/pki/registry.key:ro - - client_timeout: 180 - - environment: - - HOME=/root - - retry: - attempts: 5 - interval: 30 - - require: - - file: dockerregistryconf - - x509: registry_crt - - x509: registry_key - -append_so-dockerregistry_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-dockerregistry - +{% if REGISTRYMERGED.enabled %} + - registry.enabled {% else %} - -{{sls}}_state_not_allowed: - test.fail_without_changes: - - name: {{sls}}_state_not_allowed - + - registry.disabled {% endif %} diff --git a/salt/registry/map.jinja b/salt/registry/map.jinja index e69de29bb..d8b18b231 100644 --- a/salt/registry/map.jinja +++ b/salt/registry/map.jinja @@ -0,0 +1,7 @@ +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at + https://securityonion.net/license; you may not use this file except in compliance with the + Elastic License 2.0. #} + +{% import_yaml 'registry/defaults.yaml' as REGISTRYDEFAULTS with context %} +{% set REGISTRYMERGED = salt['pillar.get']('registry', REGISTRYDEFAULTS.registry, merge=True) %} diff --git a/salt/registry/soc_registry.yaml b/salt/registry/soc_registry.yaml index e69de29bb..7fc3a161f 100644 --- a/salt/registry/soc_registry.yaml +++ b/salt/registry/soc_registry.yaml @@ -0,0 +1,4 @@ +registry: + enabled: + description: You can enable or disable the registry. + advanced: True