CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

start of dynamic annotations for hypervisor

Browse Source
This commit is contained in:
Josh Patterson
2025-02-12 13:21:39 -05:00
parent 010c205eec
commit 5123a86062
13 changed files with 295 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
salt/hypervisor/defaults.yaml
View File

@@ -1,62 +1,93 @@
hypervisor:
nodes: []
model1:
hardware:
cpu:
total: 128
free: 128
memory:
total: 128
free: 128
disks:
free:
3: pci_0000_c7_00_0
4: pci_0000_c8_00_0
claimed:
1: pci_0000_c5_00_0
2: pci_0000_c6_00_0
copper:
free:
1: pci_0000_c4_00_0
2: pci_0000_c4_00_1
3: pci_0000_c4_00_2
4: pci_0000_c4_00_3
claimed: {}
sfp:
free:
5: pci_0000_41_00_0
6: pci_0000_41_00_1
claimed: {}
model2:
hardware:
cpu:
total: 128
free: 128
memory:
total: 512
free: 512
disks:
free:
3: pci_0000_c8_00_0
4: pci_0000_c9_00_0
5: pci_0000_c10_00_0
6: pci_0000_c11_00_0
claimed:
1: pci_0000_c6_00_0
2: pci_0000_c7_00_0
copper:
free:
1: pci_0000_c4_00_0
2: pci_0000_c4_00_1
3: pci_0000_c4_00_2
4: pci_0000_c4_00_3
5: pci_0000_c5_00_0
6: pci_0000_c5_00_1
7: pci_0000_c5_00_2
8: pci_0000_c5_00_3
claimed: {}
sfp:
free:
9: pci_0000_41_00_0
10: pci_0000_41_00_1
claimed: {}
model:
testModel:
hardware:
cpu:
total: 128
free: 128
memory:
total: 128
free: 128
disks:
free:
3: pci_0000_c7_00_0
4: pci_0000_c8_00_0
claimed:
1: pci_0000_c5_00_0 # hypervisor
2: pci_0000_c6_00_0 # hypervisor
copper:
free:
3: pci_0000_c4_00_0
4: pci_0000_c4_00_1
5: pci_0000_c4_00_2
6: pci_0000_c4_00_3
claimed:
1: pci_0000_c1_00_0 # hypervisor
2: pci_0000_c1_00_1 # hypervisor
sfp:
free:
5: pci_0000_02_00_0
6: pci_0000_02_00_1
7: pci_0000_41_00_0
8: pci_0000_41_00_1
claimed: {}
model1:
hardware:
cpu:
total: 128
free: 128
memory:
total: 128
free: 128
disks:
free:
3: pci_0000_c7_00_0
4: pci_0000_c8_00_0
claimed:
1: pci_0000_c5_00_0
2: pci_0000_c6_00_0
copper:
free:
1: pci_0000_c4_00_0
2: pci_0000_c4_00_1
3: pci_0000_c4_00_2
4: pci_0000_c4_00_3
claimed: {}
sfp:
free:
5: pci_0000_41_00_0
6: pci_0000_41_00_1
claimed: {}
model2:
hardware:
cpu:
total: 128
free: 128
memory:
total: 512
free: 512
disks:
free:
3: pci_0000_c8_00_0
4: pci_0000_c9_00_0
5: pci_0000_c10_00_0
6: pci_0000_c11_00_0
claimed:
1: pci_0000_c6_00_0
2: pci_0000_c7_00_0
copper:
free:
1: pci_0000_c4_00_0
2: pci_0000_c4_00_1
3: pci_0000_c4_00_2
4: pci_0000_c4_00_3
5: pci_0000_c5_00_0
6: pci_0000_c5_00_1
7: pci_0000_c5_00_2
8: pci_0000_c5_00_3
claimed: {}
sfp:
free:
9: pci_0000_41_00_0
10: pci_0000_41_00_1
claimed: {}

29
salt/hypervisor/pillar.map.jinja
View File

@@ -1,29 +0,0 @@
{% set HYPERVISORHOSTS = salt['pillar.get']('hypervisor:hosts', {}) %}
{% import_yaml 'setup/virt/sensor.yaml' as SENSOR %}
{% import_yaml 'setup/virt/searchnode.yaml' as SEARCHNODE %}
{% set vars = {
'sensor': SENSOR,
'searchnode': SEARCHNODE
} %}
{% for host, guestDetails in HYPERVISORHOSTS.items() %}
{% if guestDetails['add_guest'] | length > 0 %}
{% for newGuest in guestDetails['add_guest'] %}
{% set indx = guestDetails['add_guest'].index(newGuest) %}
{% do guestDetails['add_guest'].pop(indx) %}
{% set NODETYPE = newGuest.split('_') | last %}
{% do guestDetails['guests'].update({
newGuest: {
'cpu': vars[NODETYPE].CPU,
'memory': vars[NODETYPE].MEMORY,
'disk': vars[NODETYPE].DISKS,
'copper': vars[NODETYPE].COPPER,
'sfp': vars[NODETYPE].SFP
}
}) %}
{% endfor %}
{% endif %}
{% endfor %}

48
salt/hypervisor/pillarExample.sls
View File

@@ -1,48 +0,0 @@
hypervisor:
hardware:
cpu:
total: 128
free: 128
memory:
total: 128
free: 128
disks:
free:
3: pci_0000_c7_00_0
4: pci_0000_c8_00_0
claimed:
1: pci_0000_c5_00_0
2: pci_0000_c6_00_0
copper:
free:
1: pci_0000_c4_00_0
2: pci_0000_c4_00_1
3: pci_0000_c4_00_2
4: pci_0000_c4_00_3
claimed: {}
sfp:
free:
5: pci_0000_41_00_0
6: pci_0000_41_00_1
claimed: {}
hypervisor:
hardware:
cpu:
total: 16
free: 16
memory:
total: 16
free: 16
disks:
free: {}
claimed: {}
copper:
free:
2: pci_0000_00_13_0
claimed:
1: pci_0000_00_12_0
sfp:
free: {}
claimed: {}

32
salt/soc/dyanno/hypervisor/hardwareMap.example Normal file
View File

@@ -0,0 +1,32 @@
# this file will exist in /opt/so/saltstack/local/salt/hypervisor/hosts/HOSTNAME/hardwareMap
hypervisor:
hardware:
copper:
claimed:
1: pci_0000_c1_00_0
2: pci_0000_c1_00_1
free:
3: pci_0000_c4_00_0
4: pci_0000_c4_00_1
5: pci_0000_c4_00_2
6: pci_0000_c4_00_3
cpu:
free: 120
total: 120
disk:
claimed:
1: pci_0000_c5_00_0
2: pci_0000_c6_00_0
free:
3: pci_0000_c7_00_0
4: pci_0000_c8_00_0
memory:
free: 120
total: 120
sfp:
claimed: {}
free:
8: pci_0000_02_00_1
7: pci_0000_02_00_0
9: pci_0000_41_00_0
10: pci_0000_41_00_1

50
salt/soc/dyanno/hypervisor/hypervisor.yaml Normal file
View File

@@ -0,0 +1,50 @@
hypervisor:
hosts:
defaultHost:
hardwareMap:
title: 'All Hardware'
description: This shows hardware available to the hypervisor and PCIe -> INT mapping.
file: true
readonly: true
global: true # set to true to remove host drop down
multiline: true
vmMap:
title: 'VM Map'
description: This shows the VMs and the hardware they have claimed.
file: true
readonly: true
global: true
multiline: true
nodes:
description: 'Available CPU: CPUFREE | Available Memory: MEMFREE | Available Disk: DISKFREE | Available Copper NIC: COPPERFREE | Available SFP NIC: SFPFREE'
syntax: json
uiElements:
- field: hostname
label: Enter the hostname
forcedType: string
- field: nodetype
label: sensor or searchnode
- field: network_mode
label: Choose static4 or dhcp4. If static4, populate IP details below.
- field: ip4
label: IP Address with netmask. ex. 192.168.1.10/24
- field: gw4
label: Gateway
- field: dns4
label: DNS. Comma seperated list. ex. 192.168.1.1,8.8.8.8
- field: search4
label: Search domain
- field: cpu
label: Number of CPU cores to assign. ex. 8
- field: memory
label: Memory, in GB to assign. ex. 16
- field: disk
label: Choose a disk or disks to assign for passthrough. Comma seperated list.
- field: copper
label: Choose a copper port or ports to assign for passthrough. Comma seperated list.
- filed: sfp
label: Choose a sfp port or ports to assign for passthrough. Comma seperated list.
file: true
global: true
vms: {}

8
salt/soc/dynamic_annotations/hypervisor/init.sls → salt/soc/dyanno/hypervisor/init.sls
View File

@@ -1,9 +1,9 @@
{% from 'soc/dynamic_annotations/hypervisor/map.jinja' import HYPERVISORS %}
{% from 'soc/dyanno/hypervisor/map.jinja' import HYPERVISORS %}
hypervisor_annotation:
file.managed:
- name: /opt/so/saltstack/default/salt/hypervisor/soc_hypervisor.yaml
- source: salt://soc/dynamic_annotations/hypervisor/soc_hypervisor.yaml.jinja
- source: salt://soc/dyanno/hypervisor/soc_hypervisor.yaml.jinja
- template: jinja
- defaults:
HYPERVISORS: {{ HYPERVISORS }}
@@ -18,11 +18,11 @@ hypervisor_host_directory_{{hypervisor}}:
add_searchnode_file_{{hypervisor}}:
file.managed:
- name: /opt/so/saltstack/local/salt/hypervisor/hosts/{{hypervisor}}/add_searchnode
- source: salt://soc/dynamic_annotations/hypervisor/add_node
- source: salt://soc/dyanno/hypervisor/add_node
add_sensor_file_{{hypervisor}}:
file.managed:
- name: /opt/so/saltstack/local/salt/hypervisor/hosts/{{hypervisor}}/add_sensor
- source: salt://soc/dynamic_annotations/hypervisor/add_node
- source: salt://soc/dyanno/hypervisor/add_node
{% endfor %}
{% endfor %}

0
salt/soc/dynamic_annotations/hypervisor/map.jinja → salt/soc/dyanno/hypervisor/map.jinja
View File

67
salt/soc/dyanno/hypervisor/soc_hypervisor.yaml.example Normal file
View File

@@ -0,0 +1,67 @@
# This is the start of an example of what this file will look like. It will be generated by Salt, so this yaml file is not used by Salt.
hypervisor:
hosts:
jpphype1:
hardwareMap:
title: 'All Hardware'
description: This shows hardware available to the hypervisor and PCIe -> INT mapping.
file: true
readonly: true
global: true # set to true to remove host drop down
multiline: true
cpufree:
title: 'Available CPU: 120'
description: Available CPU for this hypervisor.
readonly: true
global: true # set to true to remove host drop down
memfree:
title: 'Available Memory: 120'
description: Available memory for this hypervisor.
readonly: true
global: true # set to true to remove host drop down
diskfree:
title: 'Available Disk: 3,4'
description: Available disk for this hypervisor.
readonly: true
global: true # set to true to remove host drop down
copperfree:
title: 'Available Copper NIC: 3,4,5,6'
description: Available copper NIC for this hypervisor.
readonly: true
global: true # set to true to remove host drop down
sfpfree:
title: 'Available SFP NIC: 7,8,9,10'
description: Available SFP NIC for this hypervisor.
readonly: true
global: true # set to true to remove host drop down
nodes:
description: List of VMs.
syntax: json
uiElements:
- field: hostname
label: Enter the hostname
forcedType: string
- field: nodetype
label: sensor or searchnode
- field: network_mode
label: Choose static4 or dhcp4. If static4, populate IP details below.
- field: ip4
label: IP Address with netmask. ex. 192.168.1.10/24
- field: gw4
label: Gateway
- field: dns4
label: DNS. Comma seperated list. ex. 192.168.1.1,8.8.8.8
- field: search4
label: Search domain
- field: cpu
label: Number of CPU cores to assign. ex. 8
- field: memory
label: Memory, in GB to assign. ex. 16
- field: disk
label: Choose a disk or disks to assign for passthrough. Comma seperated list.
- field: copper
label: Choose a copper port or ports to assign for passthrough. Comma seperated list.
- filed: sfp
label: Choose a sfp port or ports to assign for passthrough. Comma seperated list.
file: true
global: true # set to true to remove host drop down

36
salt/soc/dyanno/hypervisor/soc_hypervisor.yaml.jinja Normal file
View File

@@ -0,0 +1,36 @@
{%- import_yaml 'soc/dyanno/hypervisor/hypervisor.yaml' as ANNOTATION -%}
{%- set TEMPLATE = ANNOTATION.hypervisor.hosts.pop('defaultHost') -%}
{%- macro update_description(description, cpu_free, mem_free, disk_free, copper_free, sfp_free) -%}
{{- description | replace('CPUFREE', cpu_free | string)
| replace('MEMFREE', mem_free | string)
| replace('DISKFREE', disk_free | string)
| replace('COPPERFREE', copper_free | string)
| replace('SFPFREE', sfp_free | string) -}}
{%- endmacro -%}
{%- for role in HYPERVISORS -%}
{%- for hypervisor in HYPERVISORS[role].keys() -%}
{%- set cpu_free = HYPERVISORS[role][hypervisor].available_cpu -%}
{%- set mem_free = HYPERVISORS[role][hypervisor].available_memory -%}
{%- set disk_free = HYPERVISORS[role][hypervisor].available_disk -%}
{%- set copper_free = HYPERVISORS[role][hypervisor].available_copper -%}
{%- set sfp_free = HYPERVISORS[role][hypervisor].available_sfp -%}
{%- set updated_template = TEMPLATE.copy() -%}
{%- do updated_template.nodes.update({
'description': update_description(
TEMPLATE.nodes.description,
cpu_free,
mem_free,
disk_free,
copper_free,
sfp_free
)
}) -%}
{%- do ANNOTATION.hypervisor.hosts.update({hypervisor: updated_template}) -%}
{%- endfor -%}
{%- endfor -%}
{{- ANNOTATION | yaml(False) -}}

14
salt/soc/dyanno/hypervisor/vmMap.example Normal file
View File

@@ -0,0 +1,14 @@
hypervisor:
vm:
sen41_sensor:
cpu: 16
memory: 24
disk: 3
copper: 3,4
sfp: 7,8
sea42_searchnode:
cpu: 16
memory: 24
disk: 4
copper:
sfp:

11
salt/soc/dynamic_annotations/hypervisor/add_node
View File

@@ -1,11 +0,0 @@
hostname:
network_mode:
ip4:
gw4:
dns4:
search4:
cpu:
memory:
disk:
copper:
sfp:

40
salt/soc/dynamic_annotations/hypervisor/hypervisor.yaml
View File

@@ -1,40 +0,0 @@
hypervisor:
hosts:
defaultHost:
add_searchnode:
description: Add a new searchnode to the hypervisor.
file: True
global: True
multiline: True
add_sensor:
description: Add a new sensor to the hypervisor.
file: True
global: True
multiline: True
guests:
defaultGuest:
copper:
description: Copper nics
forcedType: "[]int"
global: True
multiline: True
sfp:
description: sfp nics
forcedType: string
global: True
multiline: True
disks:
description: disk
forcedType: "[]int"
global: True
multiline: True
cpu:
description: cpu
forcedType: int
global: True
multiline: True
memory:
description: mem
forcedType: int
global: True
multiline: True

13
salt/soc/dynamic_annotations/hypervisor/soc_hypervisor.yaml.jinja
View File

@@ -1,13 +0,0 @@
{% import_yaml 'soc/dynamic_annotations/hypervisor/hypervisor.yaml' as ANNOTATION %}
{% set TEMPLATE = ANNOTATION.hypervisor.hosts.pop('defaultHost') %}
{# remove defaultGuest so that it is not shown in Grid Configuration UI #}
{% do TEMPLATE['guests'].pop('defaultGuest') %}
{% for role in HYPERVISORS %}
{% for hypervisor in HYPERVISORS[role].keys() %}
{% do ANNOTATION.hypervisor.hosts.update({hypervisor: TEMPLATE}) %}
{% endfor %}
{% endfor %}
{{ ANNOTATION | yaml(False) }}