From 6016b0e38a6b9a1198cde39bf689af33e65b085d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 14 Nov 2022 20:20:38 -0500 Subject: [PATCH] Add dynamic ability for IP range for sosnet --- salt/docker/defaults.yaml | 4 +++- salt/docker/init.sls | 6 ++++++ salt/elasticsearch/init.sls | 4 +++- setup/so-functions | 17 +++++++++++++++-- setup/so-setup | 4 ++++ setup/so-whiptail | 16 ++++++++++++++-- 6 files changed, 45 insertions(+), 6 deletions(-) diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index 486c9ebb4..ae41918e9 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -1,6 +1,8 @@ docker: - bip: 172.17.0.1/24 + bip: 172.17.0.1 range: 172.17.0.0/24 + sosrange: 172.17.1.0/24 + sosbip: 172.17.1.1 containers: 'so-elasticsearch': final_octet: 22 \ No newline at end of file diff --git a/salt/docker/init.sls b/salt/docker/init.sls index 8b698c281..2497ddae5 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -3,6 +3,8 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. +{% from 'docker/docker.map.jinja' import DOCKER %} + dockergroup: group.present: - name: docker @@ -50,3 +52,7 @@ dockerreserveports: - source: salt://common/files/99-reserved-ports.conf - name: /etc/sysctl.d/99-reserved-ports.conf +sosnet: + docker_network.present: + - subnet: {{ DOCKER.sosnet }} + - gateway: {{ DOCKER.sosbip }} diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 9c95422d4..fc26991a3 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -290,7 +290,9 @@ so-elasticsearch: - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch - - ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }} + - networks: + - sosnet: + - ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }} - extra_hosts: {{ REDIS_NODES }} - environment: {% if REDIS_NODES | length == 1 %} diff --git a/setup/so-functions b/setup/so-functions index 56d2a0394..4941f48ad 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -254,11 +254,16 @@ collect_dns_domain() { collect_dockernet() { if ! whiptail_dockernet_check; then - whiptail_dockernet_net "172.17.0.0" + whiptail_dockernet_sosnet "172.17.1.0" + whiptail_dockernet_nososnet "172.17.0.0" while ! valid_ip4 "$DOCKERNET"; do whiptail_invalid_input - whiptail_dockernet_net "$DOCKERNET" + whiptail_dockernet_nonsosnet "$DOCKERNET" + done + while ! valid_ip4 "$DOCKERNET2"; do + whiptail_invalid_input + whiptail_dockernet_sosnet "$DOCKERNET2" done fi } @@ -996,6 +1001,9 @@ docker_registry() { if [ -z "$DOCKERNET" ]; then DOCKERNET=172.17.0.0 fi + if [ -z "$DOCKERNET2" ]; then + DOCKERNET2=172.17.1.0 + fi # Make the host use the manager docker registry DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi @@ -1376,9 +1384,12 @@ create_global() { if [ -z "$DOCKERNET" ]; then DOCKERNET=172.17.0.0 + DOCKERNET2=172.17.1.0 DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 + DOCKER2BIP=$(echo $DOCKERNET2 | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 else DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 + DOCKER2BIP=$(echo $DOCKERNET2 | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 fi if [ -f "$global_pillar_file" ]; then @@ -1462,6 +1473,8 @@ docker_pillar() { touch $adv_docker_pillar_file printf '%s\n'\ "docker:"\ + " sosrange: '$DOCKERNET2/24'"\ + " sosbip: '$DOCKER2BIP'"\ " range: '$DOCKERNET/24'"\ " bip: '$DOCKERBIP'" > $docker_pillar_file } diff --git a/setup/so-setup b/setup/so-setup index a114233d6..9bdf2bc33 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -319,6 +319,7 @@ if ! [[ -f $install_opt_file ]]; then check_elastic_license check_requirements "manager" networking_needful + collect_dockernet whiptail_airgap detect_cloud set_minion_info @@ -339,6 +340,7 @@ if ! [[ -f $install_opt_file ]]; then check_elastic_license check_requirements "manager" networking_needful + collect_dockernet whiptail_airgap detect_cloud set_minion_info @@ -357,6 +359,7 @@ if ! [[ -f $install_opt_file ]]; then waitforstate=true check_requirements "manager" networking_needful + collect_dockernet whiptail_airgap detect_cloud set_default_log_size >> $setup_log 2>&1 @@ -373,6 +376,7 @@ if ! [[ -f $install_opt_file ]]; then waitforstate=true check_requirements "manager" networking_needful + collect_dockernet whiptail_airgap detect_cloud set_default_log_size >> $setup_log 2>&1 diff --git a/setup/so-whiptail b/setup/so-whiptail index d7f3bd535..88635216b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -325,12 +325,24 @@ whiptail_dockernet_check(){ } -whiptail_dockernet_net() { +whiptail_dockernet_sosnet() { + + [ -n "$TESTING" ] && return + + DOCKERNET2=$(whiptail --title "$whiptail_title" --inputbox \ + "\nEnter a /24 size network range for SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + +whiptail_dockernet_nososnet() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "$whiptail_title" --inputbox \ - "\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3) + "\nEnter a /24 size network range for NON SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus