mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-12 06:10:46 +02:00
postsalt: enable PG-canonical pillar mode by default during so-setup
Drops a local pillar override (postgres.so_pillar.enabled = True) right after secrets_pillar so the install-time highstate brings up schema_pillar, ext_pillar_postgres, and the pg_notify_pillar engine without operator intervention. Without this the whole PG-canonical stack stays gated off on the default-False flag and the install lands in legacy disk-pillar mode — which defeats the point of being on the postsalt branch at all. The new enable_so_pillar_postgres() function in so-functions is idempotent (overwrites adv_postgres.sls with a fixed body) and the generated file is mode 0644 socore:socore so it merges into pillar under the existing local-pillar directory ownership convention. Rollback path: edit /opt/so/saltstack/local/pillar/postgres/adv_postgres.sls to set enabled: False, or delete the file. The schema and engine config states will tear themselves down on the next highstate via their existing else-branch absent states.
This commit is contained in:
Mike Reeves
@@ -676,6 +676,10 @@ if ! [[ -f $install_opt_file ]]; then
|
||||
info "Populating the secrets pillar"
|
||||
# Create the secrets pillar
|
||||
secrets_pillar
|
||||
info "Enabling postsalt PG-canonical pillar mode"
|
||||
# Flip postgres:so_pillar:enabled so schema_pillar / ext_pillar_postgres /
|
||||
# pg_notify_pillar engine states deploy as part of the install highstate.
|
||||
enable_so_pillar_postgres
|
||||
info "Add socore user"
|
||||
# Add the socore user
|
||||
add_socore_user_manager
|
||||
|
||||
Reference in New Issue
Block a user