diff --git a/salt/_runners/setup_hypervisor.py b/salt/_runners/setup_hypervisor.py index dc0d9eca8..47afc25d4 100644 --- a/salt/_runners/setup_hypervisor.py +++ b/salt/_runners/setup_hypervisor.py @@ -467,6 +467,51 @@ def _apply_dyanno_hypervisor_state(): log.error(f"DYANNO: Error applying soc.dyanno.hypervisor state: {str(e)}") return False +def _apply_cloud_config_state(): + """ + Apply the salt.cloud.config state on the salt master. + + Returns: + bool: True if state was applied successfully, False otherwise + """ + try: + log.info("CLOUDCONFIG: Applying salt.cloud.config state on salt master") + + # Initialize the LocalClient + local = salt.client.LocalClient() + + # Target the salt master to apply the soc.dyanno.hypervisor state + target = MANAGER_HOSTNAME + '_*' + state_result = local.cmd(target, 'state.apply', ['salt.cloud.config', 'concurrent=True'], tgt_type='glob') + log.debug(f"CLOUDCONFIG: state_result: {state_result}") + # Check if state was applied successfully + if state_result: + success = True + for minion, states in state_result.items(): + if not isinstance(states, dict): + log.error(f"CLOUDCONFIG: Unexpected result format from {minion}: {states}") + success = False + continue + + for state_id, state_data in states.items(): + if not state_data.get('result', False): + log.error(f"CLOUDCONFIG: State {state_id} failed on {minion}: {state_data.get('comment', 'No comment')}") + success = False + + if success: + log.info("CLOUDCONFIG: Successfully applied salt.cloud.config state") + return True + else: + log.error("CLOUDCONFIG: Failed to apply salt.cloud.config state") + return False + else: + log.error("CLOUDCONFIG: No response from salt master when applying salt.cloud.config state") + return False + + except Exception as e: + log.error(f"CLOUDCONFIG: Error applying salt.cloud.config state: {str(e)}") + return False + def setup_environment(vm_name: str = 'sool9', disk_size: str = '220G', minion_id: str = None): """ Main entry point to set up the hypervisor environment. @@ -548,6 +593,11 @@ def setup_environment(vm_name: str = 'sool9', disk_size: str = '220G', minion_id if not mine_update_success: log.error(f"DYANNO: mine.update failed after {max_retries} attempts") + # Apply the soc.dyanno.hypervisor state on the salt master + if not _apply_cloud_config_state(): + log.warning("MAIN: Failed to apply salt.cloud.config state, continuing with setup") + # We don't return an error here as we want to continue with the setup process + # Apply the soc.dyanno.hypervisor state on the salt master if not _apply_dyanno_hypervisor_state(): log.warning("MAIN: Failed to apply soc.dyanno.hypervisor state, continuing with setup") diff --git a/salt/salt/cloud/config.sls b/salt/salt/cloud/config.sls new file mode 100644 index 000000000..0456c34dc --- /dev/null +++ b/salt/salt/cloud/config.sls @@ -0,0 +1,55 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. +# +# Note: Per the Elastic License 2.0, the second limitation states: +# +# "You may not move, change, disable, or circumvent the license key functionality +# in the software, and you may not remove or obscure any functionality in the +# software that is protected by the license key." + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} +{% if 'vrt' in salt['pillar.get']('features', []) %} +{% set HYPERVISORS = salt['pillar.get']('hypervisor:nodes', {} ) %} + +{% if HYPERVISORS %} +cloud_providers: + file.managed: + - name: /etc/salt/cloud.providers.d/libvirt.conf + - source: salt://salt/cloud/cloud.providers.d/libvirt.conf.jinja + - defaults: + HYPERVISORS: {{HYPERVISORS}} + - template: jinja + - makedirs: True + +cloud_profiles: + file.managed: + - name: /etc/salt/cloud.profiles.d/socloud.conf + - source: salt://salt/cloud/cloud.profiles.d/socloud.conf.jinja + - defaults: + HYPERVISORS: {{HYPERVISORS}} + MANAGERHOSTNAME: {{ grains.host }} + MANAGERIP: {{ pillar.host.mainip }} + - template: jinja + - makedirs: True +{% endif %} + +{% else %} +{{sls}}_no_license_detected: + test.fail_without_changes: + - name: {{sls}}_no_license_detected + - comment: + - "Hypervisor nodes are a feature supported only for customers with a valid license. + Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com + for more information about purchasing a license to enable this feature." +{% endif %} + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/salt/cloud/init.sls b/salt/salt/cloud/init.sls index b9764344e..5705a3b54 100644 --- a/salt/salt/cloud/init.sls +++ b/salt/salt/cloud/init.sls @@ -13,7 +13,6 @@ {% if sls in allowed_states %} {% if 'vrt' in salt['pillar.get']('features', []) %} {% from 'salt/map.jinja' import SALTVERSION %} -{% set HYPERVISORS = salt['pillar.get']('hypervisor:nodes', {} ) %} include: - libvirt.packages @@ -25,26 +24,6 @@ install_salt_cloud: - name: salt-cloud - version: {{SALTVERSION}} -{% if HYPERVISORS %} -cloud_providers: - file.managed: - - name: /etc/salt/cloud.providers.d/libvirt.conf - - source: salt://salt/cloud/cloud.providers.d/libvirt.conf.jinja - - defaults: - HYPERVISORS: {{HYPERVISORS}} - - template: jinja - -cloud_profiles: - file.managed: - - name: /etc/salt/cloud.profiles.d/socloud.conf - - source: salt://salt/cloud/cloud.profiles.d/socloud.conf.jinja - - defaults: - HYPERVISORS: {{HYPERVISORS}} - MANAGERHOSTNAME: {{ grains.host }} - MANAGERIP: {{ pillar.host.mainip }} - - template: jinja -{% endif %} - {% else %} {{sls}}_no_license_detected: test.fail_without_changes: