CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

check defaults or pillar file

Browse Source
This commit is contained in:
Josh Patterson
2025-10-02 11:55:50 -04:00
parent e3ac1dd1b4
commit 7deef44ff6
1 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
salt/salt/engines/master/virtual_node_manager.py
View File

@@ -161,6 +161,7 @@ DEFAULT_BASE_PATH = '/opt/so/saltstack/local/salt/hypervisor/hosts'
VALID_ROLES = ['sensor', 'searchnode', 'idh', 'receiver', 'heavynode', 'fleet'] VALID_ROLES = ['sensor', 'searchnode', 'idh', 'receiver', 'heavynode', 'fleet']
LICENSE_PATH = '/opt/so/saltstack/local/pillar/soc/license.sls' LICENSE_PATH = '/opt/so/saltstack/local/pillar/soc/license.sls'
DEFAULTS_PATH = '/opt/so/saltstack/default/salt/hypervisor/defaults.yaml' DEFAULTS_PATH = '/opt/so/saltstack/default/salt/hypervisor/defaults.yaml'
HYPERVISOR_PILLAR_PATH = '/opt/so/saltstack/local/pillar/hypervisor/soc_hypervisor.sls'
# Define the retention period for destroyed VMs (in hours) # Define the retention period for destroyed VMs (in hours)
DESTROYED_VM_RETENTION_HOURS = 48 DESTROYED_VM_RETENTION_HOURS = 48
@@ -295,16 +296,48 @@ def get_hypervisor_model(hypervisor: str) -> str:
raise raise
def load_hardware_defaults(model: str) -> dict: def load_hardware_defaults(model: str) -> dict:
"""Load hardware configuration from defaults.yaml.""" """Load hardware configuration from defaults.yaml and optionally override with pillar configuration."""
config = None
config_source = None
try: try:
# First, try to load from defaults.yaml
log.debug("Checking for model %s in %s", model, DEFAULTS_PATH)
defaults = read_yaml_file(DEFAULTS_PATH) defaults = read_yaml_file(DEFAULTS_PATH)
if not defaults or 'hypervisor' not in defaults: if not defaults or 'hypervisor' not in defaults:
raise ValueError("Invalid defaults.yaml structure") raise ValueError("Invalid defaults.yaml structure")
if 'model' not in defaults['hypervisor']: if 'model' not in defaults['hypervisor']:
raise ValueError("No model configurations found in defaults.yaml") raise ValueError("No model configurations found in defaults.yaml")
if model not in defaults['hypervisor']['model']:
raise ValueError(f"Model {model} not found in defaults.yaml") # Check if model exists in defaults
return defaults['hypervisor']['model'][model] if model in defaults['hypervisor']['model']:
config = defaults['hypervisor']['model'][model]
config_source = DEFAULTS_PATH
log.debug("Found model %s in %s", model, DEFAULTS_PATH)
# Then, try to load from pillar file (if it exists)
try:
log.debug("Checking for model %s in %s", model, HYPERVISOR_PILLAR_PATH)
pillar_config = read_yaml_file(HYPERVISOR_PILLAR_PATH)
if pillar_config and 'hypervisor' in pillar_config:
if 'model' in pillar_config['hypervisor']:
if model in pillar_config['hypervisor']['model']:
# Override with pillar configuration
config = pillar_config['hypervisor']['model'][model]
config_source = HYPERVISOR_PILLAR_PATH
log.debug("Found model %s in %s (overriding defaults)", model, HYPERVISOR_PILLAR_PATH)
except FileNotFoundError:
log.debug("Pillar file %s not found, using defaults only", HYPERVISOR_PILLAR_PATH)
except Exception as e:
log.warning("Failed to read pillar file %s: %s (using defaults)", HYPERVISOR_PILLAR_PATH, str(e))
# If model was not found in either file, raise an error
if config is None:
raise ValueError(f"Model {model} not found in {DEFAULTS_PATH} or {HYPERVISOR_PILLAR_PATH}")
log.debug("Using hardware configuration for model %s from %s", model, config_source)
return config
except Exception as e: except Exception as e:
log.error("Failed to load hardware defaults: %s", str(e)) log.error("Failed to load hardware defaults: %s", str(e))
raise raise