hype changes

pillar/top.sls

@@ -307,6 +307,10 @@ base:
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
 
+  '*_hypervisor':
+    - minions.{{ grains.id }}
+    - minions.adv_{{ grains.id }}
+
   '*_desktop':
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}

salt/allowed_states.map.jinja

@@ -199,6 +199,14 @@
           'kafka',
           'stig'
           ],
+      'so-hypervisor': [
+          'ssl',
+          'telegraf',
+          'firewall',
+          'schedule',
+          'docker_clean',
+          'stig'
+          ],
       'so-desktop': [
           'ssl',
           'docker_clean',

salt/firewall/defaults.yaml

@@ -1452,3 +1452,64 @@ firewall:
               portgroups: []
             customhostgroup9:
               portgroups: []
+    hypervisor:
+      chain:
+        DOCKER-USER:
+          hostgroups:
+            customhostgroup0:
+              portgroups: []
+            customhostgroup1:
+              portgroups: []
+            customhostgroup2:
+              portgroups: []
+            customhostgroup3:
+              portgroups: []
+            customhostgroup4:
+              portgroups: []
+            customhostgroup5:
+              portgroups: []
+            customhostgroup6:
+              portgroups: []
+            customhostgroup7:
+              portgroups: []
+            customhostgroup8:
+              portgroups: []
+            customhostgroup9:
+              portgroups: []
+        INPUT:
+          hostgroups:
+            anywhere:
+              portgroups:
+                - ssh
+            dockernet:
+              portgroups:
+                - all
+            localhost:
+              portgroups:
+                - all
+            manager:
+              portgroups: []
+            managersearch:
+              portgroups: []
+            standalone:
+              portgroups: []
+            customhostgroup0:
+              portgroups: []
+            customhostgroup1:
+              portgroups: []
+            customhostgroup2:
+              portgroups: []
+            customhostgroup3:
+              portgroups: []
+            customhostgroup4:
+              portgroups: []
+            customhostgroup5:
+              portgroups: []
+            customhostgroup6:
+              portgroups: []
+            customhostgroup7:
+              portgroups: []
+            customhostgroup8:
+              portgroups: []
+            customhostgroup9:
+              portgroups: []

salt/libvirt/init.sls

@@ -9,18 +9,6 @@ install_libvirt:
   pkg.installed:
     - name: libvirt
 
-libvirt_config:
-  file.managed:
-    - name: /etc/libvirt/libvirtd.conf
-    - source: salt://libvirt/etc/libvirtd.conf.jinja
-    - template: jinja
-    - defaults:
-        LIBVIRTMERGED: {{ LIBVIRTMERGED }}
-
-libvirt_service:
-  service.running:
-    - name: libvirtd
-
 libvirt_conf_dir:
   file.directory:
     - name: /opt/so/conf/libvirt
@@ -28,6 +16,28 @@ libvirt_conf_dir:
     - group: 939
     - makedirs: True
 
+libvirt_config:
+  file.managed:
+    - name: /opt/so/conf/libvirt/libvirtd.conf
+    - source: salt://libvirt/etc/libvirtd.conf.jinja
+    - template: jinja
+    - defaults:
+        LIBVIRTMERGED: {{ LIBVIRTMERGED }}
+
+# since the libvirtd service looks for the config at /etc/libvirt/libvirtd.conf, and we dont want to manage the service looking in a new location, create this symlink to the managed config 
+config_symlink:
+  file.symlink:
+    - name: /etc/libvirt/libvirtd.conf
+    - target: /opt/so/conf/libvirt/libvirtd.conf
+    - force: True
+
+libvirt_service:
+  service.running:
+    - name: libvirtd
+    - enable: True
+    - watch:
+      - file: libvirt_config
+
 libvirt_source-packages_dir:
   file.directory:
     - name: /opt/so/conf/libvirt/source-packages
@@ -60,24 +70,9 @@ install_libguestfs:
   pkg.installed:
     - name: libguestfs
 
-# required for the network states below
-install_NetworkManager-updown:
+install-guestfs-tools:
   pkg.installed:
-    - name: NetworkManager-initscripts-updown
-
-ens18:
-  network.managed:
-    - enabled: True
-    - type: eth
-    - bridge: virbr0
-
-virbr0:
-  network.managed:
-    - enabled: True
-    - type: bridge
-    - proto: dhcp
-    - require:
-      - network: ens18
+    - name: guestfs-tools
 
 # virtlogd service may not restart following reboot without this
 #semanage permissive -a virtlogd_t

salt/manager/tools/sbin/so-minion

@@ -560,6 +560,10 @@ function createRECEIVER() {
 	add_telegraf_to_minion
 }
 
+function createHYPERVISOR() {
+	add_telegraf_to_minion
+}
+
 function createDESKTOP() {
 	add_desktop_to_minion
 	add_telegraf_to_minion

salt/telegraf/defaults.yaml

@@ -110,6 +110,10 @@ telegraf:
       - lasthighstate.sh
       - os.sh
       - sostatus.sh
+    hypervisor:
+      - lasthighstate.sh
+      - os.sh
+      - sostatus.sh
     desktop:
       - lasthighstate.sh
       - os.sh

salt/top.sls

@@ -266,6 +266,16 @@ base:
     - elasticfleet.install_agent_grid
     - schedule
 
+  '*_hypervisor and G@saltversion:{{saltversion}}':
+    - match: compound
+    - ssl
+    - sensoroni
+    - telegraf
+    - firewall
+    - elasticfleet.install_agent_grid
+    - libvirt
+    - stig
+
   '*_desktop and G@saltversion:{{saltversion}}':
     - ssl
     - sensoroni

salt/vars/hypervisor.map.jinja

@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}

setup/so-functions

@@ -1166,11 +1166,7 @@ get_redirect() {
 
 get_minion_type() {
 	local minion_type
-	case "$install_type" in
-		'EVAL' | 'MANAGERSEARCH' | 'MANAGER' | 'SENSOR' | 'HEAVYNODE' | 'SEARCHNODE' | 'FLEET' | 'IDH' | 'STANDALONE' | 'IMPORT' | 'RECEIVER' | 'DESKTOP')
-			minion_type=$(echo "$install_type" | tr '[:upper:]' '[:lower:]')
-			;;
-	esac
+	minion_type=$(echo "$install_type" | tr '[:upper:]' '[:lower:]')
 	echo "$minion_type"
 }