CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-09 21:02:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Target manager by role grain in telegraf_postgres_sync orch

Browse Source 
The previous MANAGER resolution used pillar.get('setup:manager') with a
fallback to grains.get('master'). Neither works from the reactor:
setup:manager is only populated by the setup workflow (not by reactor
runs), and grains.master returns the minion's master-hostname setting,
not a targetable minion id.

Match the pattern used by orch/delete_hypervisor.sls: compound-target
whichever minion is the manager via role grain.
This commit is contained in:
Mike Reeves
2026-04-21 09:37:35 -04:00
parent f72c30abd0
commit a902f667ba
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/orch/telegraf_postgres_sync.sls
+6 -3
View File
@@ -3,16 +3,19 @@
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% set MANAGER = salt['pillar.get']('setup:manager') or salt['grains.get']('master') %}
# Fired by salt/reactor/telegraf_user_sync.sls when salt-key accepts a new
# minion. Only provisions the per-minion pillar entry and DB role on the
# manager; the minion itself will pick up its telegraf config on its first
# highstate during onboarding, so there's no need to push the telegraf state
# from here.
#
# Target the manager via role grains — same pattern as orch/delete_hypervisor.sls.
# The reactor doesn't know the manager's minion id, and grains.master on the
# runner is a hostname, not a targetable id.
manager_sync_telegraf_pg_users:
salt.state:
- tgt: {{ MANAGER }}
- tgt: 'G@role:so-manager or G@role:so-managerhype or G@role:so-managersearch or G@role:so-standalone or G@role:so-eval'
- tgt_type: compound
- sls:
- postgres.auth
- postgres.telegraf_users