enable/disable each strelka container in ui

2025-12-15 21:52:47 +01:00 · 2023-05-10 15:50:07 -04:00
parent 02e1a29f0c
commit 54c9a3ec71
43 changed files with 1119 additions and 368 deletions
--- a/salt/strelka/gatekeeper/config.sls
+++ b/salt/strelka/gatekeeper/config.sls
@@ -0,0 +1,19 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - strelka.config
+  - strelka.gatekeeper.sostatus
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/strelka/gatekeeper/disabled.sls
+++ b/salt/strelka/gatekeeper/disabled.sls
@@ -0,0 +1,27 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - strelka.gatekeeper.sostatus
+  
+so-strelka-gatekeeper:
+  docker_container.absent:
+    - force: True
+
+so-strelka-gatekeeper_so-status.disabled:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-strelka-gatekeeper$
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/strelka/gatekeeper/enabled.sls
+++ b/salt/strelka/gatekeeper/enabled.sls
@@ -0,0 +1,41 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+{%   from 'docker/docker.map.jinja' import DOCKER %}
+{%   from 'vars/globals.map.jinja' import GLOBALS %}
+
+include:
+  - strelka.gatekeeper.config
+  - strelka.gatekeeper.sostatus
+
+strelka_gatekeeper:
+  docker_container.running:
+    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }}
+    - name: so-strelka-gatekeeper
+    - networks:
+      - sobridge:
+        - ipv4_address: {{ DOCKER.containers['so-strelka-gatekeeper'].ip }}
+    - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru
+    - extra_hosts:
+      - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
+    - port_bindings:
+      {% for BINDING in DOCKER.containers['so-strelka-gatekeeper'].port_bindings %}
+      - {{ BINDING }}
+      {% endfor %}
+
+delete_so-strelka-gatekeeper_so-status.disabled:
+  file.uncomment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-strelka-gatekeeper$
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/strelka/gatekeeper/init.sls
+++ b/salt/strelka/gatekeeper/init.sls
@@ -0,0 +1,13 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'strelka/map.jinja' import STRELKAMERGED %}
+
+include:
+{% if STRELKAMERGED.gatekeeper.enabled %}
+  - strelka.gatekeeper.enabled
+{% else %}
+  - strelka.gatekeeper.disabled
+{% endif %}
--- a/salt/strelka/gatekeeper/sostatus.sls
+++ b/salt/strelka/gatekeeper/sostatus.sls
@@ -0,0 +1,21 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+append_so-strelka-gatekeeper_so-status.conf:
+  file.append:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - text: so-strelka-gatekeeper
+    - unless: grep -q so-strelka-gatekeeper /opt/so/conf/so-status/so-status.conf
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}