CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15251 from Security-Onion-Solutions/bravo

Browse Source 
use timestamp in volume path to prevent duplicates
This commit is contained in:
Josh Patterson
2025-11-21 14:54:30 -05:00
committed by GitHub
parent d5f2cfb354 23da0d4ba0
commit 9c06713f32
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
salt/hypervisor/tools/sbin_jinja/so-kvm-create-volume
View File

@@ -45,7 +45,7 @@ used during VM provisioning to add dedicated NSM storage volumes.
This command creates and attaches a volume with the following settings: This command creates and attaches a volume with the following settings:
- VM Name: `vm1_sensor` - VM Name: `vm1_sensor`
- Volume Size: `500` GB - Volume Size: `500` GB
- Volume Path: `/nsm/libvirt/volumes/vm1_sensor-nsm.img` - Volume Path: `/nsm/libvirt/volumes/vm1_sensor-nsm-<epoch_timestamp>.img`
- Device: `/dev/vdb` (virtio-blk) - Device: `/dev/vdb` (virtio-blk)
- VM remains stopped after attachment - VM remains stopped after attachment
@@ -75,7 +75,8 @@ used during VM provisioning to add dedicated NSM storage volumes.
- The script automatically stops the VM if it's running before creating and attaching the volume. - The script automatically stops the VM if it's running before creating and attaching the volume.
- Volumes are created with full pre-allocation for optimal performance. - Volumes are created with full pre-allocation for optimal performance.
- Volume files are stored in `/nsm/libvirt/volumes/` with naming pattern `<vm_name>-nsm.img`. - Volume files are stored in `/nsm/libvirt/volumes/` with naming pattern `<vm_name>-nsm-<epoch_timestamp>.img`.
- The epoch timestamp ensures unique volume names and prevents conflicts.
- Volumes are attached as `/dev/vdb` using virtio-blk for high performance. - Volumes are attached as `/dev/vdb` using virtio-blk for high performance.
- The script checks available disk space before creating the volume. - The script checks available disk space before creating the volume.
- Ownership is set to `qemu:qemu` with permissions `640`. - Ownership is set to `qemu:qemu` with permissions `640`.
@@ -142,6 +143,7 @@ import socket
import subprocess import subprocess
import pwd import pwd
import grp import grp
import time
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
from io import StringIO from io import StringIO
from so_vm_utils import start_vm, stop_vm from so_vm_utils import start_vm, stop_vm
@@ -242,10 +244,13 @@ def create_volume_file(vm_name, size_gb, logger):
Raises: Raises:
VolumeCreationError: If volume creation fails VolumeCreationError: If volume creation fails
""" """
# Define volume path (directory already created in main()) # Generate epoch timestamp for unique volume naming
volume_path = os.path.join(VOLUME_DIR, f"{vm_name}-nsm.img") epoch_timestamp = int(time.time())
# Check if volume already exists # Define volume path with epoch timestamp for uniqueness
volume_path = os.path.join(VOLUME_DIR, f"{vm_name}-nsm-{epoch_timestamp}.img")
# Check if volume already exists (shouldn't be possible with timestamp)
if os.path.exists(volume_path): if os.path.exists(volume_path):
logger.error(f"VOLUME: Volume already exists: {volume_path}") logger.error(f"VOLUME: Volume already exists: {volume_path}")
raise VolumeCreationError(f"Volume already exists: {volume_path}") raise VolumeCreationError(f"Volume already exists: {volume_path}")