From 93916ba358623fdf1a1f2c2bd18a2acd236e443f Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 20 Jun 2018 13:22:57 -0400
Subject: [PATCH] Re-Architecting Network Setup on all containers

---
 salt/common/init.sls        |  7 +++----
 salt/elasticsearch/init.sls |  8 ++++----
 salt/filebeat/init.sls      |  2 +-
 salt/firewall/init.sls      | 24 ++++++++++++++----------
 salt/kibana/init.sls        |  1 -
 salt/logstash/init.sls      |  2 +-
 salt/redis/init.sls         |  2 +-
 7 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 001e8bf7b..eb142eeae 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -66,9 +66,9 @@ docker:
 #    - driver: bridge
 
 # dockernet work around
-dockernet:
-  cmd.script:
-    - source: salt://common/scripts/dockernet.sh
+#dockernet:
+#  cmd.script:
+#    - source: salt://common/scripts/dockernet.sh
     
 
 # Snag the so-core docker
@@ -118,7 +118,6 @@ so-core:
       - /opt/so/log/nginx/:/var/log/nginx:rw
       - /opt/so/tmp/nginx/:/var/lib/nginx:rw
       - /opt/so/tmp/nginx/:/run:rw
-    - network_mode: so-elastic-net
     - cap_add: NET_BIND_SERVICE
     - port_bindings:
       - 80:80
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index becbe1b4b..66fee7910 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -98,7 +98,7 @@ so-elasticsearch:
       - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
       - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
       - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
-    - network_mode: so-elastic-net
+
 
 # See if Freqserver is enabled
 {% if freq == 1 %}
@@ -132,7 +132,7 @@ so-freq:
     - user: freqserver
     - binds:
       - /opt/so/log/freq_server:/var/log/freq_server:rw
-    - network_mode: so-elastic-net
+
 
 {% endif %}
 
@@ -168,7 +168,7 @@ so-domainstats:
     - user: domainstats
     - binds:
       - /opt/so/log/domainstats:/var/log/domain_stats
-    - network_mode: so-elastic-net
+
 
 {% endif %}
 
@@ -237,7 +237,7 @@ so-curator:
       - /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro
       - /opt/so/conf/curator/action/:/etc/curator/action:ro
       - /opt/so/log/curator:/var/log/curator
-    - network_mode: so-elastic-net
+
 
 # Begin Curator Cron Jobs
 
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index f6d65f952..5dc537f6d 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -53,4 +53,4 @@ so-filebeat:
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
       - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
-    - network_mode: so-elastic-net
+
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 0ea1c9d76..8ce2e4517 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -62,16 +62,6 @@ del_return_rule:
 # Make it so all the minions can talk to salt and update etc.
 {% for ip in pillar.get('minions')  %}
 
-enable_salt_minions_3142_{{ip}}:
-  iptables.append:
-    - table: filter
-    - chain: INPUT
-    - jump: ACCEPT
-    - proto: tcp
-    - source: {{ ip }}
-    - dport: 3142
-    - save: True
-
 enable_salt_minions_4505_{{ip}}:
   iptables.append:
     - table: filter
@@ -114,8 +104,22 @@ enable_salt_minions_3142_{{ip}}:
     - position: 1
     - save: True
 
+enable_salt_minions_5044_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 5044
+    - position: 1
+    - save: True
+
 {% endfor %}
 
+# Rules for storage nodes connecting to master
+
+
 {% endif %}
 
 # Rules if you are a Storage Node
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 216219a9e..f68a43836 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -54,6 +54,5 @@ so-kibana:
       - /opt/so/log/kibana:/var/log/kibana:rw
       - /opt/so/conf/kibana/custdashboards/:/usr/share/kibana/custdashboards/:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    - network_mode: so-elastic-net
     - port_bindings:
       - 127.0.0.1:5601:5601
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index a75a1ad7f..5ad526586 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -136,4 +136,4 @@ so-logstash:
       - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
       - /etc/pki/filebeat.key:/usr/share/logstash/filebeat.key:ro
       - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
-    - network_mode: so-elastic-net
+
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index 85abccc71..1640ae6e6 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -59,4 +59,4 @@ so-redis:
       - /opt/so/conf/redis/etc/redis.conf:/usr/local/etc/redis/redis.conf:ro
       - /opt/so/conf/redis/working:/redis:rw
     - entrypoint: "redis-server /usr/local/etc/redis/redis.conf"
-    - network_mode: so-elastic-net
+