mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-16 05:53:09 +01:00
Add statics to all containers
This commit is contained in:
Mike Reeves
@@ -6,7 +6,7 @@ docker:
|
||||
containers:
|
||||
'registry':
|
||||
final_octet: 20
|
||||
'so-elastic-agent':
|
||||
'so-elastic-fleet':
|
||||
final_octet: 21
|
||||
'so-elasticsearch':
|
||||
final_octet: 22
|
||||
@@ -14,7 +14,7 @@ docker:
|
||||
final_octet: 23
|
||||
'so-grafana':
|
||||
final_octet: 24
|
||||
'so-idh':
|
||||
'so-idstools':
|
||||
final_octet: 25
|
||||
'so-influxdb':
|
||||
final_octet: 26
|
||||
@@ -44,3 +44,7 @@ docker:
|
||||
final_octet: 38
|
||||
'so-strelka-manager':
|
||||
final_octet: 39
|
||||
'so-strelka-gatekeeper':
|
||||
final_octet: 40
|
||||
'so-strelka-coordinator':
|
||||
final_octet: 41
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
|
||||
# These values are generated during node install and stored in minion pillar
|
||||
{% set SERVICETOKEN = salt['pillar.get']('elasticfleet:server:es_token','') %}
|
||||
@@ -47,6 +48,9 @@ so-elastic-fleet:
|
||||
- hostname: Fleet-{{ GLOBALS.hostname }}
|
||||
- detach: True
|
||||
- user: 947
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-elastic-fleet'].ip }}
|
||||
- extra_hosts:
|
||||
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
|
||||
- port_bindings:
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% from 'filebeat/modules.map.jinja' import MODULESMERGED with context %}
|
||||
{% from 'filebeat/modules.map.jinja' import MODULESENABLED with context %}
|
||||
@@ -97,6 +98,9 @@ so-filebeat:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-filebeat:{{ GLOBALS.so_version }}
|
||||
- hostname: so-filebeat
|
||||
- user: root
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-filebeat'].ip }}
|
||||
- extra_hosts: {{ FILEBEAT_EXTRA_HOSTS }}
|
||||
- binds:
|
||||
- /nsm:/nsm:ro
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
{% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %}
|
||||
|
||||
@@ -126,6 +125,9 @@ so-grafana:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-grafana:{{ GLOBALS.so_version }}
|
||||
- hostname: grafana
|
||||
- user: socore
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-grafana'].ip }}
|
||||
- binds:
|
||||
- /nsm/grafana:/var/lib/grafana:rw
|
||||
- /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% import_yaml 'docker/defaults.yaml' as DOCKERDEFAULTS %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% set RESTRICTIDHSERVICES = salt['pillar.get']('idh:restrict_management_ip', False) %}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
# Elastic License 2.0.
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% set proxy = salt['pillar.get']('manager:proxy') %}
|
||||
|
||||
@@ -31,6 +32,9 @@ so-idstools:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-idstools:{{ GLOBALS.so_version }}
|
||||
- hostname: so-idstools
|
||||
- user: socore
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-idstools'].ip }}
|
||||
{% if proxy %}
|
||||
- environment:
|
||||
- http_proxy={{ proxy }}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
@@ -47,6 +48,9 @@ so-influxdb:
|
||||
docker_container.running:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-influxdb:{{ GLOBALS.so_version }}
|
||||
- hostname: influxdb
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-influxdb'].ip }}
|
||||
- environment:
|
||||
- INFLUXDB_HTTP_LOG_ENABLED=false
|
||||
- binds:
|
||||
|
||||
@@ -5,12 +5,10 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
|
||||
{% import_yaml 'kibana/defaults.yaml' as default_settings %}
|
||||
{% set KIBANA_SETTINGS = salt['grains.filter_by'](default_settings, default='kibana', merge=salt['pillar.get']('kibana', {})) %}
|
||||
|
||||
{% from 'kibana/config.map.jinja' import KIBANACONFIG with context %}
|
||||
|
||||
# Add ES Group
|
||||
@@ -84,6 +82,9 @@ so-kibana:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kibana:{{ GLOBALS.so_version }}
|
||||
- hostname: kibana
|
||||
- user: kibana
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-kibana'].ip }}
|
||||
- environment:
|
||||
- ELASTICSEARCH_HOST={{ GLOBALS.manager }}
|
||||
- ELASTICSEARCH_PORT=9200
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
# Add Kratos Group
|
||||
@@ -58,6 +59,9 @@ so-kratos:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kratos:{{ GLOBALS.so_version }}
|
||||
- hostname: kratos
|
||||
- name: so-kratos
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-kratos'].ip }}
|
||||
- binds:
|
||||
- /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro
|
||||
- /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro
|
||||
|
||||
@@ -6,19 +6,19 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'logstash/map.jinja' import REDIS_NODES with context %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{% from 'logstash/map.jinja' import REDIS_NODES with context %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
# Logstash Section - Decide which pillar to use
|
||||
{% set lsheap = salt['pillar.get']('logstash_settings:lsheap') %}
|
||||
{% if GLOBALS.role in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
|
||||
# Logstash Section - Decide which pillar to use
|
||||
{% set lsheap = salt['pillar.get']('logstash_settings:lsheap') %}
|
||||
{% if GLOBALS.role in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
|
||||
{% set nodetype = GLOBALS.role %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %}
|
||||
{% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %}
|
||||
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
|
||||
{% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %}
|
||||
{% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %}
|
||||
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
|
||||
|
||||
include:
|
||||
- ssl
|
||||
@@ -139,6 +139,9 @@ so-logstash:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-logstash:{{ GLOBALS.so_version }}
|
||||
- hostname: so-logstash
|
||||
- name: so-logstash
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-logstash'].ip }}
|
||||
- user: logstash
|
||||
- extra_hosts: {{ REDIS_NODES }}
|
||||
- environment:
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql') %}
|
||||
|
||||
# MySQL Setup
|
||||
@@ -84,6 +84,9 @@ so-mysql:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-mysql:{{ GLOBALS.so_version }}
|
||||
- hostname: so-mysql
|
||||
- user: socore
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-mysql'].ip }}
|
||||
- port_bindings:
|
||||
- 0.0.0.0:3306:3306
|
||||
- environment:
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
|
||||
include:
|
||||
- ssl
|
||||
@@ -83,6 +84,9 @@ so-nginx:
|
||||
docker_container.running:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }}
|
||||
- hostname: so-nginx
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-nginx'].ip }}
|
||||
- binds:
|
||||
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- /opt/so/log/nginx/:/var/log/nginx:rw
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql') -%}
|
||||
{%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook_db') -%}
|
||||
|
||||
@@ -80,6 +80,9 @@ so-playbook:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-playbook:{{ GLOBALS.so_version }}
|
||||
- hostname: playbook
|
||||
- name: so-playbook
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-playbook'].ip }}
|
||||
- binds:
|
||||
- /opt/so/log/playbook:/playbook/log:rw
|
||||
- environment:
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
include:
|
||||
@@ -46,6 +46,9 @@ so-redis:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }}
|
||||
- hostname: so-redis
|
||||
- user: socore
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-redis'].ip }}
|
||||
- port_bindings:
|
||||
- 0.0.0.0:6379:6379
|
||||
- 0.0.0.0:9696:9696
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
|
||||
include:
|
||||
- ssl
|
||||
@@ -37,6 +38,9 @@ so-dockerregistry:
|
||||
docker_container.running:
|
||||
- image: ghcr.io/security-onion-solutions/registry:latest
|
||||
- hostname: so-registry
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['registry'].ip }}
|
||||
- restart_policy: always
|
||||
- port_bindings:
|
||||
- 0.0.0.0:5000:5000
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
include:
|
||||
@@ -63,6 +63,9 @@ so-soctopus:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soctopus:{{ GLOBALS.so_version }}
|
||||
- hostname: soctopus
|
||||
- name: so-soctopus
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-soctopus'].ip }}
|
||||
- binds:
|
||||
- /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro
|
||||
- /opt/so/log/soctopus/:/var/log/SOCtopus/:rw
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
|
||||
{% import_yaml 'strelka/defaults.yaml' as strelka_config with context %}
|
||||
@@ -152,6 +152,9 @@ strelka_coordinator:
|
||||
docker_container.running:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }}
|
||||
- name: so-strelka-coordinator
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-strelka-coordinator'].ip }}
|
||||
- entrypoint: redis-server --save "" --appendonly no
|
||||
- port_bindings:
|
||||
- 0.0.0.0:6380:6379
|
||||
@@ -165,6 +168,9 @@ strelka_gatekeeper:
|
||||
docker_container.running:
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }}
|
||||
- name: so-strelka-gatekeeper
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-strelka-gatekeeper'].ip }}
|
||||
- entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru
|
||||
- port_bindings:
|
||||
- 0.0.0.0:6381:6379
|
||||
@@ -182,6 +188,9 @@ strelka_frontend:
|
||||
- /nsm/strelka/log/:/var/log/strelka/:rw
|
||||
- privileged: True
|
||||
- name: so-strelka-frontend
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-strelka-frontend'].ip }}
|
||||
- command: strelka-frontend
|
||||
- port_bindings:
|
||||
- 0.0.0.0:57314:57314
|
||||
@@ -198,6 +207,9 @@ strelka_backend:
|
||||
- /opt/so/conf/strelka/backend/:/etc/strelka/:ro
|
||||
- /opt/so/conf/strelka/rules/:/etc/yara/:ro
|
||||
- name: so-strelka-backend
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-strelka-backend'].ip }}
|
||||
- command: strelka-backend
|
||||
- restart_policy: on-failure
|
||||
|
||||
@@ -212,6 +224,9 @@ strelka_manager:
|
||||
- binds:
|
||||
- /opt/so/conf/strelka/manager/:/etc/strelka/:ro
|
||||
- name: so-strelka-manager
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-strelka-manager'].ip }}
|
||||
- command: strelka-manager
|
||||
|
||||
append_so-strelka-manager_so-status.conf:
|
||||
@@ -226,6 +241,9 @@ strelka_filestream:
|
||||
- /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
|
||||
- /nsm/strelka:/nsm/strelka
|
||||
- name: so-strelka-filestream
|
||||
- networks:
|
||||
- sosnet:
|
||||
- ipv4_address: {{ DOCKER.containers['so-strelka-filestream'].ip }}
|
||||
- command: strelka-filestream
|
||||
|
||||
append_so-strelka-filestream_so-status.conf:
|
||||
|
||||
Reference in New Issue
Block a user