CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-21 16:33:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixin kafka.ssl state and include name for kafka_user

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-07-10 16:18:46 -04:00
parent cfe5c1d76a
commit 4a88dedcb8
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/kafka/config.sls
View File

@@ -14,6 +14,7 @@ kafka_group:
kafka_user: kafka_user:
user.present: user.present:
- name: kafka
- uid: 960 - uid: 960
- gid: 960 - gid: 960
- home: /opt/so/conf/kafka - home: /opt/so/conf/kafka

17
salt/kafka/ssl.sls
View File

@@ -4,9 +4,8 @@
# Elastic License 2.0. # Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% set kafka_password = salt['pillar.get']('kafka:password') %} {% set kafka_password = salt['pillar.get']('kafka:password') %}
include: include:
@@ -20,10 +19,9 @@ include:
{% endfor %} {% endfor %}
{% set ca_server = global_ca_server[0] %} {% set ca_server = global_ca_server[0] %}
{% if GLOBALS.pipeline == "KAFKA" %} {% if GLOBALS.pipeline == "KAFKA" %}
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %} {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone'] %}
kafka_client_key: kafka_client_key:
x509.private_key_managed: x509.private_key_managed:
- name: /etc/pki/kafka-client.key - name: /etc/pki/kafka-client.key
@@ -71,7 +69,7 @@ kafka_client_crt_perms:
- group: 939 - group: 939
{% endif %} {% endif %}
{% if grains['role'] in ['so-manager', 'so-managersearch','so-receiver', 'so-standalone'] %} {% if GLOBALS.role in ['so-manager', 'so-managersearch','so-receiver', 'so-standalone'] %}
kafka_key: kafka_key:
x509.private_key_managed: x509.private_key_managed:
- name: /etc/pki/kafka.key - name: /etc/pki/kafka.key
@@ -132,7 +130,7 @@ kafka_pkcs12_perms:
# Standalone needs kafka-logstash for automated testing. Searchnode/manager search need it for logstash to consume from Kafka. # Standalone needs kafka-logstash for automated testing. Searchnode/manager search need it for logstash to consume from Kafka.
# Manager will have cert, but be unused until a pipeline is created and logstash enabled. # Manager will have cert, but be unused until a pipeline is created and logstash enabled.
{% if grains['role'] in ['so-standalone', 'so-managersearch', 'so-searchnode', 'so-manager'] %} {% if GLOBALS.role in ['so-standalone', 'so-managersearch', 'so-searchnode', 'so-manager'] %}
kafka_logstash_key: kafka_logstash_key:
x509.private_key_managed: x509.private_key_managed:
- name: /etc/pki/kafka-logstash.key - name: /etc/pki/kafka-logstash.key
@@ -192,5 +190,12 @@ kafka_logstash_pkcs12_perms:
- group: 939 - group: 939
{% endif %} {% endif %}
{% endif %}
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %} {% endif %}