CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7363 from Security-Onion-Solutions/soup_singlenode_30

Browse Source 
allow for check_log_size_limit to work without salt-master running
This commit is contained in:
Josh Patterson
2022-02-28 17:13:42 -05:00
committed by GitHub
parent f824717094 a51f833f36
commit 6b3b5e9a1f
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/common/tools/sbin/so-common
View File

@@ -249,6 +249,7 @@ lookup_salt_value() {
group=$2
kind=$3
output=${4:-newline_values_only}
local=$5
if [ -z "$kind" ]; then
kind=pillar
@@ -258,7 +259,13 @@ lookup_salt_value() {
group=${group}:
fi
salt-call --no-color ${kind}.get ${group}${key} --out=${output}
if [[ "$local" == "--local" ]] || [[ "$local" == "local" ]]; then
local="--local"
else
local=""
fi
salt-call --no-color ${kind}.get ${group}${key} --out=${output} ${local}
}
lookup_pillar() {

13
salt/common/tools/sbin/soup
View File

@@ -245,7 +245,6 @@ check_sudoers() {
}
check_log_size_limit() {
local num_minion_pillars
num_minion_pillars=$(find /opt/so/saltstack/local/pillar/minions/ -type f | wc -l)
@@ -255,7 +254,7 @@ check_log_size_limit() {
fi
else
local minion_id
minion_id=$(lookup_salt_value "id" "" "grains")
minion_id=$(lookup_salt_value "id" "" "grains" "" "local")
local minion_arr
IFS='_' read -ra minion_arr <<< "$minion_id"
@@ -263,7 +262,15 @@ check_log_size_limit() {
local node_type="${minion_arr[0]}"
local current_limit
current_limit=$(lookup_pillar "log_size_limit" "elasticsearch")
# since it is possible for the salt-master service to be stopped when this is run, we need to check the pillar values locally
# we need to combine default local and default pillars before doing this so we can define --pillar-root in salt-call
local epoch_date=$(date +%s%N)
mkdir -vp /opt/so/saltstack/soup_tmp_${epoch_date}/
cp -r /opt/so/saltstack/default/pillar/ /opt/so/saltstack/soup_tmp_${epoch_date}/
# use \cp here to overwrite any pillar files from default with those in local for the tmp directory
\cp -r /opt/so/saltstack/local/pillar/ /opt/so/saltstack/soup_tmp_${epoch_date}/
current_limit=$(salt-call pillar.get elasticsearch:log_size_limit --local --pillar-root=/opt/so/saltstack/soup_tmp_${epoch_date}/pillar --out=newline_values_only)
rm -rf /opt/so/saltstack/soup_tmp_${epoch_date}/
local percent
case $node_type in