From 79388af6450a38806f5d14f4ee2a11a0857756b8 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Tue, 25 Mar 2025 10:17:43 -0400 Subject: [PATCH] only managers need node_ips --- pillar/top.sls | 6 +- salt/top.sls | 158 ++++++++++++++++++++++++------------------------- 2 files changed, 84 insertions(+), 80 deletions(-) diff --git a/pillar/top.sls b/pillar/top.sls index b8d694e23..33b5feb2d 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -24,10 +24,10 @@ base: - firewall.adv_firewall - nginx.soc_nginx - nginx.adv_nginx - - node_data.ips '*_manager or *_managersearch': - match: compound + - node_data.ips {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth {% endif %} @@ -90,6 +90,7 @@ base: - soc.license '*_eval': + - node_data.ips - secrets - healthcheck.eval - elasticsearch.index_templates @@ -138,6 +139,7 @@ base: - minions.adv_{{ grains.id }} '*_standalone': + - node_data.ips - logstash.nodes - logstash.soc_logstash - logstash.adv_logstash @@ -260,6 +262,7 @@ base: - soc.license '*_import': + - node_data.ips - secrets - elasticsearch.index_templates {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} @@ -305,6 +308,7 @@ base: - minions.adv_{{ grains.id }} '*_fleet': + - node_data.ips - backup.soc_backup - backup.adv_backup - logstash.nodes diff --git a/salt/top.sls b/salt/top.sls index 552cd1ea7..d33b23932 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -22,11 +22,7 @@ base: - salt.minion-state-apply-test - salt.minion - '*_eval or *_manager* or *_standalone or *_import and I@node_data:False': - - match: compound - - mine.update - - '* and G@saltversion:{{saltversion}} and not I@node_data:False': + '* and G@saltversion:{{saltversion}}': - match: compound - salt.minion - patch.os.schedule @@ -37,21 +33,9 @@ base: - docker - docker_clean - '*_sensor and G@saltversion:{{saltversion}} and not I@node_data:False': + '*_manager* or *_standalone or *_eval or *_import and I@node_data:False': - match: compound - - sensor - - ssl - - sensoroni - - telegraf - - firewall - - nginx - - pcap - - suricata - - healthcheck - - zeek - - strelka - - elasticfleet.install_agent_grid - - stig + - mine.update '*_eval and G@saltversion:{{saltversion}} and not I@node_data:False': - match: compound @@ -85,37 +69,6 @@ base: - utility - elasticfleet - '*_manager and G@saltversion:{{saltversion}} and not I@node_data:False': - - match: compound - - salt.master - - ca - - ssl - - registry - - nginx - - influxdb - - strelka.manager - - soc - - kratos - - hydra - - firewall - - manager - - sensoroni - - telegraf - - backup.config_backup - - idstools - - suricata.manager - - elasticsearch - - logstash - - redis - - elastic-fleet-package-registry - - kibana - - curator.disabled - - elastalert - - utility - - elasticfleet - - stig - - kafka - '*_standalone and G@saltversion:{{saltversion}} and not I@node_data:False': - match: compound - salt.master @@ -152,16 +105,34 @@ base: - stig - kafka - '*_searchnode and G@saltversion:{{saltversion}} and not I@node_data:False': + '*_manager and G@saltversion:{{saltversion}} and not I@node_data:False': - match: compound - - firewall + - salt.master + - ca - ssl - - elasticsearch - - logstash + - registry + - nginx + - influxdb + - strelka.manager + - soc + - kratos + - hydra + - firewall + - manager - sensoroni - telegraf - - nginx - - elasticfleet.install_agent_grid + - backup.config_backup + - idstools + - suricata.manager + - elasticsearch + - logstash + - redis + - elastic-fleet-package-registry + - kibana + - curator.disabled + - elastalert + - utility + - elasticfleet - stig - kafka @@ -196,25 +167,6 @@ base: - stig - kafka - '*_heavynode and G@saltversion:{{saltversion}} and not I@node_data:False': - - match: compound - - sensor - - ssl - - sensoroni - - telegraf - - nginx - - firewall - - elasticsearch - - logstash - - redis - - curator.disabled - - strelka - - pcap - - suricata - - zeek - - elasticfleet.install_agent_grid - - elasticagent - '*_import and G@saltversion:{{saltversion}} and not I@node_data:False': - match: compound - salt.master @@ -243,7 +195,55 @@ base: - zeek - elasticfleet - '*_receiver and G@saltversion:{{saltversion}} and not I@node_data:False': + '*_searchnode and G@saltversion:{{saltversion}}': + - match: compound + - firewall + - ssl + - elasticsearch + - logstash + - sensoroni + - telegraf + - nginx + - elasticfleet.install_agent_grid + - stig + - kafka + + '*_sensor and G@saltversion:{{saltversion}}': + - match: compound + - sensor + - ssl + - sensoroni + - telegraf + - firewall + - nginx + - pcap + - suricata + - healthcheck + - zeek + - strelka + - elasticfleet.install_agent_grid + - stig + + '*_heavynode and G@saltversion:{{saltversion}}': + - match: compound + - sensor + - ssl + - sensoroni + - telegraf + - nginx + - firewall + - elasticsearch + - logstash + - redis + - curator.disabled + - strelka + - pcap + - suricata + - zeek + - elasticfleet.install_agent_grid + - elasticagent + + '*_receiver and G@saltversion:{{saltversion}}': - match: compound - ssl - sensoroni @@ -255,7 +255,7 @@ base: - kafka - stig - '*_idh and G@saltversion:{{saltversion}} and not I@node_data:False': + '*_idh and G@saltversion:{{saltversion}}': - match: compound - ssl - sensoroni @@ -264,7 +264,7 @@ base: - elasticfleet.install_agent_grid - idh - '*_fleet and G@saltversion:{{saltversion}} and not I@node_data:False': + '*_fleet and G@saltversion:{{saltversion}}': - match: compound - ssl - sensoroni @@ -276,7 +276,7 @@ base: - elasticfleet.install_agent_grid - schedule - '*_desktop and G@saltversion:{{saltversion}} and not I@node_data:False': + '*_desktop and G@saltversion:{{saltversion}}': - ssl - sensoroni - telegraf