Bind both steno and sensoroni processes to host network

2026-02-12 10:13:40 +01:00 · 2020-06-21 10:50:10 -04:00
parent 76e3118bd3
commit 81ed656ba0
1 changed files with 20 additions and 29 deletions
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -31,17 +31,6 @@ stenographer:
    - gid: 941
    - home: /opt/so/conf/steno

-sensoronigroup:
-  group.present:
-    - name: sensoroni
-    - gid: 948
-
-sensoroni:
-  user.present:
-    - uid: 948
-    - gid: 948
-    - home: /opt/so/conf/steno
-
 stenoconfdir:
  file.directory:
    - name: /opt/so/conf/steno
@@ -49,6 +38,13 @@ stenoconfdir:
    - group: 939
    - makedirs: True

+sensoroniconfdir:
+  file.directory:
+    - name: /opt/so/conf/sensoroni
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 {% if BPF_STENO %}
   {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" "),cwd='/root') %}
   {% if BPF_CALC['stderr'] == "" %}
@@ -78,8 +74,8 @@ sensoroniagentconf:
  file.managed:
    - name: /opt/so/conf/sensoroni/sensoroni.json
    - source: salt://pcap/files/sensoroni.json
-    - user: sensoroni
-    - group: sensoroni
+    - user: 939
+    - group: 939
    - mode: 600
    - template: jinja

@@ -106,8 +102,8 @@ pcaptmpdir:
 pcapoutdir:
  file.directory:
    - name: /nsm/pcapout
-    - user: sensoroni
-    - group: sensoroni
+    - user: 939
+    - group: 939
    - makedirs: True

 pcapindexdir:
@@ -124,20 +120,20 @@ stenolog:
    - group: 941
    - makedirs: True

-pcap_network:
-  docker_network.present
+sensoronilog:
+  file.directory:
+    - name: /opt/so/log/sensoroni
+    - user: 939
+    - group: 939
+    - makedirs: True

 so-steno:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
    - network_mode: host
    - privileged: True
-    - networks:
-      - pcap_network:
-        - aliases:
-          - steno
-    - require:
-      - docker_network: pcap_network
+    - port_bindings:
+      - 127.0.0.1:1234:1234
    - binds:
      - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
      - /opt/so/conf/steno/config:/etc/stenographer/config:rw
@@ -151,12 +147,7 @@ so-steno:
 so-sensoroni:
  docker_container.running:
    - image: {{ MASTER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
-    - networks:
-      - pcap_network:
-        - aliases:
-          - sensoroni
-    - require:
-      - docker_network: pcap_network
+    - network_mode: host
    - binds:
      - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
      - /nsm/pcapout:/nsm/pcapout:rw