Break out FS & DS into their own states

2025-12-06 17:22:49 +01:00 · 2020-01-02 11:43:28 -05:00
parent bbd95c977c
commit 5a772e4f1c
4 changed files with 119 additions and 93 deletions
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -0,0 +1,51 @@
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Create the group
+dstatsgroup:
+  group.present:
+    - name: domainstats
+    - gid: 936
+
+# Add user
+domainstats:
+  user.present:
+    - uid: 936
+    - gid: 936
+    - home: /opt/so/conf/domainstats
+    - createhome: False
+
+# Create the log directory
+dstatslogdir:
+  file.directory:
+    - name: /opt/so/log/domainstats
+    - user: 936
+    - group: 939
+    - makedirs: True
+
+so-domainstatsimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-domainstats:HH1.0.3
+
+so-domainstats:
+  docker_container.running:
+    - require:
+      - so-domainstatsimage
+    - image: docker.io/soshybridhunter/so-domainstats:HH1.0.3
+    - hostname: domainstats
+    - name: so-domainstats
+    - user: domainstats
+    - binds:
+      - /opt/so/log/domainstats:/var/log/domain_stats
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -1,4 +1,4 @@
-# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC

 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -16,22 +16,16 @@

 {% set esclustername = salt['pillar.get']('master:esclustername', '') %}
 {% set esheap = salt['pillar.get']('master:esheap', '') %}
-{% set freq = salt['pillar.get']('master:freq', '0') %}
-{% set dstats = salt['pillar.get']('master:dstats', '0') %}

 {% elif grains['role'] == 'so-eval' %}

 {% set esclustername = salt['pillar.get']('master:esclustername', '') %}
 {% set esheap = salt['pillar.get']('master:esheap', '') %}
-{% set freq = salt['pillar.get']('master:freq', '0') %}
-{% set dstats = salt['pillar.get']('master:dstats', '0') %}

 {% elif grains['role'] == 'so-node' %}

 {% set esclustername = salt['pillar.get']('node:esclustername', '') %}
 {% set esheap = salt['pillar.get']('node:esheap', '') %}
-{% set freq = salt['pillar.get']('node:freq', '0') %}
-{% set dstats = salt['pillar.get']('node:dstats', '0') %}

 {% endif %}

@@ -150,87 +144,3 @@ so-elasticsearch-pipelines:
 # Tell the main cluster I am here
 #curl -XPUT http://\$ELASTICSEARCH_HOST:\$ELASTICSEARCH_PORT/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"$HOSTNAME": {"skip_unavailable": "true", "seeds": ["$DOCKER_INTERFACE:$REVERSE_PORT"]}}}}}'

-# See if Freqserver is enabled
-{% if freq == 1 %}
-
-# Create the user
-fservergroup:
-  group.present:
-    - name: freqserver
-    - gid: 935
-
-# Add ES user
-freqserver:
-  user.present:
-    - uid: 935
-    - gid: 935
-    - home: /opt/so/conf/freqserver
-    - createhome: False
-
-# Create the log directory
-freqlogdir:
-  file.directory:
-    - name: /opt/so/log/freq_server
-    - user: 935
-    - group: 935
-    - makedirs: True
-
-so-freqimage:
- cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-freqserver:HH1.0.3
-
-so-freq:
-  docker_container.running:
-    - require:
-      - so-freqimage
-    - image: docker.io/soshybridhunter/so-freqserver:HH1.0.3
-    - hostname: freqserver
-    - name: so-freqserver
-    - user: freqserver
-    - binds:
-      - /opt/so/log/freq_server:/var/log/freq_server:rw
-
-
-{% endif %}
-
-{% if dstats == 1 %}
-
-# Create the group
-dstatsgroup:
-  group.present:
-    - name: domainstats
-    - gid: 936
-
-# Add user
-domainstats:
-  user.present:
-    - uid: 936
-    - gid: 936
-    - home: /opt/so/conf/domainstats
-    - createhome: False
-
-# Create the log directory
-dstatslogdir:
-  file.directory:
-    - name: /opt/so/log/domainstats
-    - user: 936
-    - group: 939
-    - makedirs: True
-
-so-domainstatsimage:
- cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-domainstats:HH1.0.3
-
-so-domainstats:
-  docker_container.running:
-    - require:
-      - so-domainstatsimage
-    - image: docker.io/soshybridhunter/so-domainstats:HH1.0.3
-    - hostname: domainstats
-    - name: so-domainstats
-    - user: domainstats
-    - binds:
-      - /opt/so/log/domainstats:/var/log/domain_stats
-
-
-{% endif %}
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -0,0 +1,52 @@
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Create the user
+fservergroup:
+  group.present:
+    - name: freqserver
+    - gid: 935
+
+# Add ES user
+freqserver:
+  user.present:
+    - uid: 935
+    - gid: 935
+    - home: /opt/so/conf/freqserver
+    - createhome: False
+
+# Create the log directory
+freqlogdir:
+  file.directory:
+    - name: /opt/so/log/freq_server
+    - user: 935
+    - group: 935
+    - makedirs: True
+
+so-freqimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-freqserver:HH1.0.3
+
+so-freq:
+  docker_container.running:
+    - require:
+      - so-freqimage
+    - image: docker.io/soshybridhunter/so-freqserver:HH1.0.3
+    - hostname: freqserver
+    - name: so-freqserver
+    - user: freqserver
+    - binds:
+      - /opt/so/log/freq_server:/var/log/freq_server:rw
+
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -4,6 +4,9 @@
 {%- set GRAFANA = salt['pillar.get']('master:grafana', '0') -%}
 {%- set THEHIVE = salt['pillar.get']('master:thehive', '0') -%}
 {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
+{%- set FREQSERVER = salt['pillar.get']('master:freq', '0') -%}
+{%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
+
 base:
  '*':
    - patch.os.schedule
@@ -77,7 +80,12 @@ base:
    {%- if PLAYBOOK != 0 %}
    - playbook
    {%- endif %}
-
+    {%- if FREQSERVER != 0 %}
+    - freqserver
+    {%- endif %}
+    {%- if DOMAINSTATS != 0 %}
+    - domainstats
+    {%- endif %}


  'G@role:so-master':
@@ -113,7 +121,12 @@ base:
    {%- if PLAYBOOK != 0 %}
    - playbook
    {%- endif %}
-
+    {%- if FREQSERVER != 0 %}
+    - freqserver
+    {%- endif %}
+    {%- if DOMAINSTATS != 0 %}
+    - domainstats
+    {%- endif %}

  # Search node logic