CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into issue/3220

Browse Source
This commit is contained in:
William Wernert
2021-05-17 10:58:06 -04:00
parent 192b5db25a 891e414cb6
commit 5821a122cc
3 changed files with 39 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/influxdb/init.sls
View File

@@ -2,6 +2,9 @@
{% if sls in allowed_states %} {% if sls in allowed_states %}
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -9,9 +12,7 @@
{% set influxdb = salt['grains.filter_by'](default_settings, default='influxdb', merge=salt['pillar.get']('influxdb', {})) %} {% set influxdb = salt['grains.filter_by'](default_settings, default='influxdb', merge=salt['pillar.get']('influxdb', {})) %}
{% from 'salt/map.jinja' import PYTHON3INFLUX with context %} {% from 'salt/map.jinja' import PYTHON3INFLUX with context %}
{% from 'salt/map.jinja' import PYTHONINFLUXVERSION with context %} {% from 'salt/map.jinja' import PYTHONINFLUXVERSION with context %}
{% set PYTHONINFLUXVERSIONINSTALLED = salt['cmd.run']("python3 -c 'import influxdb; print (influxdb.__version__)'", python_shell=True) %} {% set PYTHONINFLUXVERSIONINSTALLED = salt['cmd.run']("python3 -c \"exec('try:import influxdb; print (influxdb.__version__)\\nexcept:print(\\'Module Not Found\\')')\"", python_shell=True) %}
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
include: include:
- salt.minion - salt.minion

26
salt/salt/python3-influxdb.sls
View File

@@ -15,6 +15,9 @@ python3_influxdb:
{{PYTHONINSTALLER}}.installed: {{PYTHONINSTALLER}}.installed:
- name: {{ PYTHON3INFLUX }} - name: {{ PYTHON3INFLUX }}
# We circumvent the file.patch state putting ERROR in the log by using the unless and file.touch below
# https://github.com/saltstack/salt/pull/47010 and https://github.com/saltstack/salt/issues/52329
#https://github.com/saltstack/salt/issues/59766 #https://github.com/saltstack/salt/issues/59766
influxdb_continuous_query.present_patch: influxdb_continuous_query.present_patch:
file.patch: file.patch:
@@ -23,6 +26,13 @@ influxdb_continuous_query.present_patch:
- require: - require:
- {{PYTHONINSTALLER}}: python3_influxdb - {{PYTHONINSTALLER}}: python3_influxdb
- pkg: patch_package - pkg: patch_package
- unless: ls /opt/so/state/influxdb_continuous_query.py.patched
influxdb_continuous_query.py.patched:
file.touch:
- name: /opt/so/state/influxdb_continuous_query.py.patched
- onchanges:
- file: influxdb_continuous_query.present_patch
#https://github.com/saltstack/salt/issues/59761 #https://github.com/saltstack/salt/issues/59761
influxdb_retention_policy.present_patch: influxdb_retention_policy.present_patch:
@@ -32,6 +42,13 @@ influxdb_retention_policy.present_patch:
- require: - require:
- {{PYTHONINSTALLER}}: python3_influxdb - {{PYTHONINSTALLER}}: python3_influxdb
- pkg: patch_package - pkg: patch_package
- unless: ls /opt/so/state/influxdb_retention_policy.py.patched
influxdb_retention_policy.py.patched:
file.touch:
- name: /opt/so/state/influxdb_retention_policy.py.patched
- onchanges:
- file: influxdb_retention_policy.present_patch
# We should be able to set reload_modules: True in this state in order to tell salt to reload its python modules due to us possibly installing # We should be able to set reload_modules: True in this state in order to tell salt to reload its python modules due to us possibly installing
# and possibly modifying modules in this state. This is bugged according to https://github.com/saltstack/salt/issues/24925 # and possibly modifying modules in this state. This is bugged according to https://github.com/saltstack/salt/issues/24925
@@ -42,3 +59,12 @@ influxdbmod.py_shard_duration_patch:
- require: - require:
- {{PYTHONINSTALLER}}: python3_influxdb - {{PYTHONINSTALLER}}: python3_influxdb
- pkg: patch_package - pkg: patch_package
- unless: ls /opt/so/state/influxdbmod.py.patched
influxdbmod.py.patched:
file.touch:
- name: /opt/so/state/influxdbmod.py.patched
- onchanges:
- file: influxdbmod.py_shard_duration_patch

9
setup/so-setup
View File

@@ -837,6 +837,13 @@ echo "1" > /root/accept_changes
set_progress_str 73 "Update playbook rules" set_progress_str 73 "Update playbook rules"
so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 & so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &
fi fi
if [[ "$GRAFANA" = 1 ]]; then
set_progress_str 74 "Installing InfluxDB and Grafana"
salt-call state.apply -l info influxdb >> $setup_log 2>&1
salt-call state.apply -l info grafana >> $setup_log 2>&1
fi
fi fi
if [[ "$OSQUERY" = 1 ]]; then if [[ "$OSQUERY" = 1 ]]; then
@@ -919,7 +926,7 @@ if [[ $success != 0 ]]; then SO_ERROR=1; fi
# Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
# Ignore "Status .* was not found" due to output from salt http.query or http.wait_for_successful_query states used with retry # Ignore "Status .* was not found" due to output from salt http.query or http.wait_for_successful_query states used with retry
if grep -q -E "ERROR|Result: False" $setup_log | grep -qvE "Status .* was not found" || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then if grep -E "ERROR|Result: False" $setup_log | grep -qvE "Status .* was not found" || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then
SO_ERROR=1 SO_ERROR=1
grep --color=never "ERROR" "$setup_log" | grep -qvE "Status .* was not found" > "$error_log" grep --color=never "ERROR" "$setup_log" | grep -qvE "Status .* was not found" > "$error_log"