From 6033e9a0de361b1a75fc42620cae49454ed2aae0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Jan 2023 10:15:10 -0500 Subject: [PATCH] use port_bindings from docker defaults in docker states --- salt/elastic-fleet-package-registry/init.sls | 4 +++- salt/elastic-fleet/init.sls | 4 +++- salt/elasticsearch/init.sls | 5 +++-- salt/filebeat/init.sls | 6 +++--- salt/grafana/init.sls | 4 +++- salt/influxdb/init.sls | 4 +++- salt/kibana/init.sls | 4 +++- salt/kratos/init.sls | 5 +++-- salt/logstash/init.sls | 4 ++-- salt/mysql/init.sls | 4 +++- salt/nginx/init.sls | 5 +++-- salt/playbook/init.sls | 4 +++- salt/redis/init.sls | 5 +++-- salt/registry/init.sls | 4 +++- salt/soc/init.sls | 4 +++- salt/soctopus/init.sls | 4 +++- salt/strelka/init.sls | 12 +++++++++--- 17 files changed, 56 insertions(+), 26 deletions(-) diff --git a/salt/elastic-fleet-package-registry/init.sls b/salt/elastic-fleet-package-registry/init.sls index acb8bfb63..2a72a417d 100644 --- a/salt/elastic-fleet-package-registry/init.sls +++ b/salt/elastic-fleet-package-registry/init.sls @@ -34,7 +34,9 @@ so-elastic-fleet-package-registry: - extra_hosts: - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} - port_bindings: - - 0.0.0.0:8080:8080 + {% for BINDING in DOCKER.containers['so-elastic-fleet-package-registry'].port_bindings %} + - {{ BINDING }} + {% endfor %} append_so-elastic-fleet-package-registry_so-status.conf: file.append: diff --git a/salt/elastic-fleet/init.sls b/salt/elastic-fleet/init.sls index 36df7af35..1460fda38 100644 --- a/salt/elastic-fleet/init.sls +++ b/salt/elastic-fleet/init.sls @@ -54,7 +54,9 @@ so-elastic-fleet: - extra_hosts: - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} - port_bindings: - - 0.0.0.0:8220:8220 + {% for BINDING in DOCKER.containers['so-elastic-fleet'].port_bindings %} + - {{ BINDING }} + {% endfor %} - binds: - /opt/so/conf/elastic-fleet/certs:/etc/pki:ro - /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 900cddd45..e713e933a 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -304,8 +304,9 @@ so-elasticsearch: - nofile=65536:65536 - nproc=4096 - port_bindings: - - 0.0.0.0:9200:9200 - - 0.0.0.0:9300:9300 + {% for BINDING in DOCKER.containers['so-elasticsearch'].port_bindings %} + - {{ BINDING }} + {% endfor %} - binds: - /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index dfef2d720..0bb1eaf34 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -116,9 +116,9 @@ so-filebeat: - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro - /opt/so/log:/logs:ro - port_bindings: - - 0.0.0.0:514:514/udp - - 0.0.0.0:514:514/tcp - - 0.0.0.0:5066:5066/tcp + {% for BINDING in DOCKER.containers['so-filebeat'].port_bindings %} + - {{ BINDING }} + {% endfor %} {% for module in MODULESMERGED.modules.keys() %} {% for submodule in MODULESMERGED.modules[module] %} {% if MODULESMERGED.modules[module][submodule].enabled and MODULESMERGED.modules[module][submodule]["var.syslog_port"] is defined %} diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 9f6d2c79f..f0363c754 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -138,7 +138,9 @@ so-grafana: - environment: - GF_SECURITY_ADMIN_PASSWORD={{ ADMINPASS }} - port_bindings: - - 0.0.0.0:3000:3000 + {% for BINDING in DOCKER.containers['so-grafana'].port_bindings %} + - {{ BINDING }} + {% endfor %} - watch: - file: /opt/so/conf/grafana/* - require: diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 58a394bbe..5a4936843 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -60,7 +60,9 @@ so-influxdb: - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro - port_bindings: - - 0.0.0.0:8086:8086 + {% for BINDING in DOCKER.containers['so-influxdb'].port_bindings %} + - {{ BINDING }} + {% endfor %} - watch: - file: influxdbconf - require: diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index f7c4e81a3..4ac0af025 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -95,7 +95,9 @@ so-kibana: - /opt/so/conf/kibana/customdashboards:/usr/share/kibana/custdashboards:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro - port_bindings: - - 0.0.0.0:5601:5601 + {% for BINDING in DOCKER.containers['so-kibana'].port_bindings %} + - {{ BINDING }} + {% endfor %} - watch: - file: kibanaconfig diff --git a/salt/kratos/init.sls b/salt/kratos/init.sls index ab7692951..ef77951d9 100644 --- a/salt/kratos/init.sls +++ b/salt/kratos/init.sls @@ -77,8 +77,9 @@ so-kratos: - /opt/so/log/kratos/:/kratos-log:rw - /nsm/kratos/db:/kratos-data:rw - port_bindings: - - 0.0.0.0:4433:4433 - - 0.0.0.0:4434:4434 + {% for BINDING in DOCKER.containers['so-kratos'].port_bindings %} + - {{ BINDING }} + {% endfor %} - restart_policy: unless-stopped - watch: - file: kratosschema diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 10b3cb07b..05b184239 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -147,9 +147,9 @@ so-logstash: - environment: - LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }} - port_bindings: - {% for BINDING in DOCKER_OPTIONS.port_bindings %} + {% for BINDING in DOCKER.containers['so-logstash'].port_bindings %} - {{ BINDING }} - {% endfor %} + {% endfor %} - binds: - /opt/so/conf/elasticsearch/templates/:/templates/:ro - /opt/so/conf/logstash/etc/:/usr/share/logstash/config/:ro diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index 2ab88f7fe..ebb9b09e7 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -88,7 +88,9 @@ so-mysql: - sosbridge: - ipv4_address: {{ DOCKER.containers['so-mysql'].ip }} - port_bindings: - - 0.0.0.0:3306:3306 + {% for BINDING in DOCKER.containers['so-mysql'].port_bindings %} + - {{ BINDING }} + {% endfor %} - environment: - MYSQL_ROOT_HOST={{ GLOBALS.manager_ip }} - MYSQL_ROOT_PASSWORD=/etc/mypass diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index dd8f1b829..6547732df 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -106,8 +106,9 @@ so-nginx: {% endif %} - cap_add: NET_BIND_SERVICE - port_bindings: - - 80:80 - - 443:443 + {% for BINDING in DOCKER.containers['so-nginx'].port_bindings %} + - {{ BINDING }} + {% endfor %} - watch: - file: nginxconf - file: nginxconfdir diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index 88f86d31d..237cc398b 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -91,7 +91,9 @@ so-playbook: - REDMINE_DB_USERNAME=playbookdbuser - REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }} - port_bindings: - - 0.0.0.0:3200:3000 + {% for BINDING in DOCKER.containers['so-playbook'].port_bindings %} + - {{ BINDING }} + {% endfor %} append_so-playbook_so-status.conf: file.append: diff --git a/salt/redis/init.sls b/salt/redis/init.sls index 95598cbbd..dce00bd8b 100644 --- a/salt/redis/init.sls +++ b/salt/redis/init.sls @@ -50,8 +50,9 @@ so-redis: - sosbridge: - ipv4_address: {{ DOCKER.containers['so-redis'].ip }} - port_bindings: - - 0.0.0.0:6379:6379 - - 0.0.0.0:9696:9696 + {% for BINDING in DOCKER.containers['so-redis'].port_bindings %} + - {{ BINDING }} + {% endfor %} - binds: - /opt/so/log/redis:/var/log/redis:rw - /opt/so/conf/redis/etc/redis.conf:/usr/local/etc/redis/redis.conf:ro diff --git a/salt/registry/init.sls b/salt/registry/init.sls index ab85f4af3..321b1c3d2 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -43,7 +43,9 @@ so-dockerregistry: - ipv4_address: {{ DOCKER.containers['so-dockerregistry'].ip }} - restart_policy: always - port_bindings: - - 0.0.0.0:5000:5000 + {% for BINDING in DOCKER.containers['so-dockerregistry'].port_bindings %} + - {{ BINDING }} + {% endfor %} - binds: - /opt/so/conf/docker-registry/etc/config.yml:/etc/docker/registry/config.yml:ro - /opt/so/conf/docker-registry:/var/lib/registry:rw diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 35a58d8ec..40cb4487d 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -117,7 +117,9 @@ so-soc: {%- endfor %} {%- endif %} - port_bindings: - - 0.0.0.0:9822:9822 + {% for BINDING in DOCKER.containers['so-soc'].port_bindings %} + - {{ BINDING }} + {% endfor %} - watch: - file: /opt/so/conf/soc/* - require: diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 792353a27..5097ea112 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -76,7 +76,9 @@ so-soctopus: - /nsm/repo/rules/sigma:/soctopus/sigma {% endif %} - port_bindings: - - 0.0.0.0:7000:7000 + {% for BINDING in DOCKER.containers['so-soctopus'].port_bindings %} + - {{ BINDING }} + {% endfor %} - extra_hosts: - {{GLOBALS.url_base}}:{{GLOBALS.manager_ip}} - require: diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index c67ad5d7f..6c4657ac4 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -173,7 +173,9 @@ strelka_coordinator: - ipv4_address: {{ DOCKER.containers['so-strelka-coordinator'].ip }} - entrypoint: redis-server --save "" --appendonly no - port_bindings: - - 0.0.0.0:6380:6379 + {% for BINDING in DOCKER.containers['so-strelka-cordinator'].port_bindings %} + - {{ BINDING }} + {% endfor %} append_so-strelka-coordinator_so-status.conf: file.append: @@ -189,7 +191,9 @@ strelka_gatekeeper: - ipv4_address: {{ DOCKER.containers['so-strelka-gatekeeper'].ip }} - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru - port_bindings: - - 0.0.0.0:6381:6379 + {% for BINDING in DOCKER.containers['so-strelka-gatekeeper'].port_bindings %} + - {{ BINDING }} + {% endfor %} append_so-strelka-gatekeeper_so-status.conf: file.append: @@ -209,7 +213,9 @@ strelka_frontend: - ipv4_address: {{ DOCKER.containers['so-strelka-frontend'].ip }} - command: strelka-frontend - port_bindings: - - 0.0.0.0:57314:57314 + {% for BINDING in DOCKER.containers['so-strelka-frontend'].port_bindings %} + - {{ BINDING }} + {% endfor %} append_so-strelka-frontend_so-status.conf: file.append: