CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove possible race condition caused by vm init cron for setup.virt.init. setup.virt and mine updated during salt-cloud call with init_script

Browse Source
This commit is contained in:
m0duspwnens
2025-01-29 14:23:10 -05:00
parent 3c85b48291
commit 8d1ce0460f
3 changed files with 9 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja
View File

@@ -3,6 +3,8 @@
https://securityonion.net/license; you may not use this file except in compliance with the https://securityonion.net/license; you may not use this file except in compliance with the
Elastic License 2.0. #} Elastic License 2.0. #}
{#- https://docs.saltproject.io/en/latest/topics/cloud/misc.html #}
{%- for role, hosts in HYPERVISORS.items() %} {%- for role, hosts in HYPERVISORS.items() %}
{%- for host in hosts.keys() -%} {%- for host in hosts.keys() -%}
@@ -34,17 +36,15 @@ sool9-{{host}}:
#preflight_cmds: #preflight_cmds:
# - echo "preflight_cmds" # - echo "preflight_cmds"
# the destination directory will be created if it doesn't exist # the destination directory will be created if it doesn't exist
file_map: #file_map:
/opt/so/saltstack/default/salt/setup/virt/initial_schedule.sls: /opt/so/conf/salt/cloud_file_map/salt/setup/virt/initial_schedule.sls # /opt/so/saltstack/default/salt/salt/mine_functions.sls: /opt/so/conf/salt/cloud_file_map/salt/salt/mine_functions.sls
/opt/so/saltstack/default/salt/salt/mine_functions.sls: /opt/so/conf/salt/cloud_file_map/salt/salt/mine_functions.sls # if calling states with pillar values, need to pass them in since minion pillars are not set until setup.virt.sominion state runs
inline_script: inline_script:
- | - |
sudo salt-call state.apply salt.mine_functions \ sudo salt-call state.apply salt.mine_functions \
--local \
--file-root=/opt/so/conf/salt/cloud_file_map/salt/ \
pillar='{"host": {"mainint": "eth0"}}' pillar='{"host": {"mainint": "eth0"}}'
- "sudo salt-call state.apply setup.virt.initial_schedule --local --file-root=/opt/so/conf/salt/cloud_file_map/salt/" - 'sudo salt-call mine.update'
# - "rpm --import /tmp/securityonion.pub" - 'sudo salt-call state.apply setup.virt'
# grains to add to the minion # grains to add to the minion
{%- endfor %} {%- endfor %}

13
salt/setup/virt/initial_schedule.sls
View File

@@ -1,13 +0,0 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
# initially tried to use schedule.present here, but that state trys to return data to the master even if run with --local
# that causes it to fail since th firewall may not yet be open on the manager
init_node_cron:
cron.present:
- name: salt-call state.apply setup.virt.init
- identifier: init_node_cron
- user: root
- minute: '*/1'

14
salt/setup/virt/setSalt.sls
View File

@@ -8,21 +8,11 @@ set_role_grain:
- name: role - name: role
- value: so-{{ grains.id.split("_") | last }} - value: so-{{ grains.id.split("_") | last }}
# remove the initial cron
remove_init_node_cron:
cron.absent:
- name: salt-call state.apply setup.virt.init
- identifier: init_node_cron
- user: root
set_highstate: set_highstate:
file.append: file.append:
- name: /etc/salt/minion - name: /etc/salt/minion
- text: 'startup_states: highstate' - text: 'startup_states: highstate'
restart_salt_minion: enable_salt_minion:
service.running: service.enabled:
- name: salt-minion - name: salt-minion
- enable: True
- watch:
- file: set_highstate