Add dynamic ability for IP range for sosnet

2025-12-06 17:22:49 +01:00 · 2022-11-14 20:20:38 -05:00
parent e41361e127
commit 6016b0e38a
6 changed files with 45 additions and 6 deletions
--- a/salt/docker/defaults.yaml
+++ b/salt/docker/defaults.yaml
@@ -1,6 +1,8 @@
 docker:
-  bip: 172.17.0.1/24
+  bip: 172.17.0.1
  range: 172.17.0.0/24
+  sosrange: 172.17.1.0/24
+  sosbip: 172.17.1.1
  containers:
    'so-elasticsearch':
      final_octet: 22
--- a/salt/docker/init.sls
+++ b/salt/docker/init.sls
@@ -3,6 +3,8 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

+{% from 'docker/docker.map.jinja' import DOCKER %}
+
 dockergroup:
  group.present:
    - name: docker
@@ -50,3 +52,7 @@ dockerreserveports:
    - source: salt://common/files/99-reserved-ports.conf
    - name: /etc/sysctl.d/99-reserved-ports.conf

+sosnet:
+  docker_network.present:
+    - subnet: {{ DOCKER.sosnet }}
+    - gateway: {{ DOCKER.sosbip }} 
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -290,6 +290,8 @@ so-elasticsearch:
    - hostname: elasticsearch
    - name: so-elasticsearch
    - user: elasticsearch
+    - networks:
+      - sosnet:
        - ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }}
    - extra_hosts:  {{ REDIS_NODES }} 
    - environment:
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -254,11 +254,16 @@ collect_dns_domain() {

 collect_dockernet() {
 	if ! whiptail_dockernet_check; then
-		whiptail_dockernet_net "172.17.0.0"
+		whiptail_dockernet_sosnet "172.17.1.0"
+		whiptail_dockernet_nososnet "172.17.0.0"

 		while ! valid_ip4 "$DOCKERNET"; do
 			whiptail_invalid_input
-			whiptail_dockernet_net "$DOCKERNET"
+			whiptail_dockernet_nonsosnet "$DOCKERNET"
+		done
+		while ! valid_ip4 "$DOCKERNET2"; do
+			whiptail_invalid_input
+			whiptail_dockernet_sosnet "$DOCKERNET2"
 		done
 	fi
 }
@@ -996,6 +1001,9 @@ docker_registry() {
 	if [ -z "$DOCKERNET" ]; then
 		DOCKERNET=172.17.0.0
 	fi
+	if [ -z "$DOCKERNET2" ]; then
+		DOCKERNET2=172.17.1.0
+	fi
 	# Make the host use the manager docker registry
 	DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
 	if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi
@@ -1376,9 +1384,12 @@ create_global() {

 	if [ -z "$DOCKERNET" ]; then
 		DOCKERNET=172.17.0.0
+		DOCKERNET2=172.17.1.0
 		DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
+		DOCKER2BIP=$(echo $DOCKERNET2 | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
 	else
 		DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
+		DOCKER2BIP=$(echo $DOCKERNET2 | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
 	fi

 	if [ -f "$global_pillar_file" ]; then
@@ -1462,6 +1473,8 @@ docker_pillar() {
 	touch $adv_docker_pillar_file
 	printf '%s\n'\
 		"docker:"\
+		"  sosrange: '$DOCKERNET2/24'"\
+		"  sosbip: '$DOCKER2BIP'"\
 		"  range: '$DOCKERNET/24'"\
 		"  bip: '$DOCKERBIP'" > $docker_pillar_file
 }
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -319,6 +319,7 @@ if ! [[ -f $install_opt_file ]]; then
 		check_elastic_license
 		check_requirements "manager"
 		networking_needful
+		collect_dockernet
 		whiptail_airgap
 		detect_cloud
 		set_minion_info
@@ -339,6 +340,7 @@ if ! [[ -f $install_opt_file ]]; then
 		check_elastic_license
 		check_requirements "manager"
 		networking_needful
+		collect_dockernet
 		whiptail_airgap
 		detect_cloud
 		set_minion_info
@@ -357,6 +359,7 @@ if ! [[ -f $install_opt_file ]]; then
 		waitforstate=true
 		check_requirements "manager"
 		networking_needful
+		collect_dockernet
 		whiptail_airgap
 		detect_cloud
 		set_default_log_size >> $setup_log 2>&1
@@ -373,6 +376,7 @@ if ! [[ -f $install_opt_file ]]; then
 		waitforstate=true
 		check_requirements "manager"
 		networking_needful
+		collect_dockernet
 		whiptail_airgap
 		detect_cloud
 		set_default_log_size >> $setup_log 2>&1
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -325,12 +325,24 @@ whiptail_dockernet_check(){

 }

-whiptail_dockernet_net() {
+whiptail_dockernet_sosnet() {
+
+	[ -n "$TESTING" ] && return
+
+	DOCKERNET2=$(whiptail --title "$whiptail_title" --inputbox \
+	"\nEnter a /24 size network range for SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+
+}
+
+whiptail_dockernet_nososnet() {

 	[ -n "$TESTING" ] && return

 	DOCKERNET=$(whiptail --title "$whiptail_title" --inputbox \
-	"\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
+	"\nEnter a /24 size network range for NON SOS containers to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus