mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
add defaults and map for patch state
This commit is contained in:
m0duspwnens
82
salt/patch/defaults.yaml
Normal file
82
salt/patch/defaults.yaml
Normal file
@@ -0,0 +1,82 @@
|
|||||||
|
patch:
|
||||||
|
os:
|
||||||
|
enabled: true
|
||||||
|
schedule_to_run: auto
|
||||||
|
schedules:
|
||||||
|
auto:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
hours: 8
|
||||||
|
monday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Monday:
|
||||||
|
- '08:00'
|
||||||
|
tuesday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Tuesday:
|
||||||
|
- '08:00'
|
||||||
|
wednesday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Wednesday:
|
||||||
|
- '08:00'
|
||||||
|
thursday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Thursday:
|
||||||
|
- '08:00'
|
||||||
|
friday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Friday:
|
||||||
|
- '08:00'
|
||||||
|
saturday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Saturday:
|
||||||
|
- '08:00'
|
||||||
|
sunday:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Sunday:
|
||||||
|
- '08:00'
|
||||||
|
daily:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Monday:
|
||||||
|
- '08:00'
|
||||||
|
Tuesday:
|
||||||
|
- '08:00'
|
||||||
|
Wednesday:
|
||||||
|
- '08:00'
|
||||||
|
Thursday:
|
||||||
|
- '08:00'
|
||||||
|
Friday:
|
||||||
|
- '08:00'
|
||||||
|
Saturday:
|
||||||
|
- '08:00'
|
||||||
|
Sunday:
|
||||||
|
- '08:00'
|
||||||
|
weekdays:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Monday:
|
||||||
|
- '08:00'
|
||||||
|
Tuesday:
|
||||||
|
- '08:00'
|
||||||
|
Wednesday:
|
||||||
|
- '08:00'
|
||||||
|
Thursday:
|
||||||
|
- '08:00'
|
||||||
|
Friday:
|
||||||
|
- '08:00'
|
||||||
|
weekends:
|
||||||
|
splay: 900
|
||||||
|
schedule:
|
||||||
|
Saturday:
|
||||||
|
- '08:00'
|
||||||
|
Sunday:
|
||||||
|
- '08:00'
|
||||||
|
|
||||||
@@ -1,76 +1,36 @@
|
|||||||
{% if salt['pillar.get']('patch:os:schedule_name') %}
|
{% from 'patch/os/schedules/map.jinja' import PATCHMERGED %}
|
||||||
{% set patch_os_pillar = salt['pillar.get']('patch:os') %}
|
|
||||||
{% set schedule_name = patch_os_pillar.schedule_name %}
|
|
||||||
{% set splay = patch_os_pillar.get('splay', 300) %}
|
|
||||||
|
|
||||||
{% if schedule_name != 'manual' and schedule_name != 'auto' %}
|
{% if PATCHMERGED.os.enabled %}
|
||||||
{% import_yaml "patch/os/schedules/"~schedule_name~".yml" as os_schedule %}
|
{% set SCHEDULE_TO_RUN = PATCHMERGED.os.schedule_to_run %}
|
||||||
|
|
||||||
{% if patch_os_pillar.enabled %}
|
|
||||||
|
|
||||||
patch_os_schedule:
|
patch_os_schedule:
|
||||||
schedule.present:
|
schedule.present:
|
||||||
- function: state.sls
|
- function: state.sls
|
||||||
- job_args:
|
- job_args:
|
||||||
- patch.os
|
- patch.os
|
||||||
|
- splay: {{PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].splay}}
|
||||||
|
- return_job: True
|
||||||
|
{# check if *day is in the schedule #}
|
||||||
|
{% if PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.keys() | select("match", ".*day") | list | length > 0 %}
|
||||||
|
|
||||||
- when:
|
- when:
|
||||||
{% for days in os_schedule.patch.os.schedule %}
|
{% for day, times in PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.items() %}
|
||||||
{% for day, times in days.items() %}
|
{% for time in times %}
|
||||||
{% for time in times %}
|
|
||||||
- {{day}} {{time}}
|
- {{day}} {{time}}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
- splay: {{splay}}
|
{# check if days, hours, minutes is in the schedule #}
|
||||||
- return_job: True
|
{% elif PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.keys() | select("match", "days|hours|minutes") | list | length > 0 %}
|
||||||
|
{% set DHM = PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.keys() | first %}
|
||||||
|
|
||||||
{% else %}
|
- {{DHM}}: {{ PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule[DHM] }}
|
||||||
|
|
||||||
disable_patch_os_schedule:
|
{% endif %}
|
||||||
schedule.disabled:
|
|
||||||
- name: patch_os_schedule
|
|
||||||
|
|
||||||
{% endif %}
|
{% else %}
|
||||||
|
|
||||||
|
|
||||||
{% elif schedule_name == 'auto' %}
|
|
||||||
|
|
||||||
{% if patch_os_pillar.enabled %}
|
|
||||||
|
|
||||||
patch_os_schedule:
|
|
||||||
schedule.present:
|
|
||||||
- function: state.sls
|
|
||||||
- job_args:
|
|
||||||
- patch.os
|
|
||||||
- hours: {{ patch_os_pillar.get('hours', 8) }}
|
|
||||||
- splay: {{splay}}
|
|
||||||
- return_job: True
|
|
||||||
|
|
||||||
{% else %}
|
|
||||||
|
|
||||||
disable_patch_os_schedule:
|
|
||||||
schedule.disabled:
|
|
||||||
- name: patch_os_schedule
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% elif schedule_name == 'manual' %}
|
|
||||||
|
|
||||||
remove_patch_os_schedule:
|
remove_patch_os_schedule:
|
||||||
schedule.absent:
|
schedule.absent:
|
||||||
- name: patch_os_schedule
|
- name: patch_os_schedule
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% else %}
|
|
||||||
|
|
||||||
no_patch_os_schedule_name_set:
|
|
||||||
test.fail_without_changes:
|
|
||||||
- name: "Set a pillar value for patch:os:schedule_name in this minion's .sls file. If an OS patch schedule is not listed as enabled in show_schedule output below, then OS patches will need to be applied manually until this is corrected."
|
|
||||||
|
|
||||||
show_patch_os_schedule:
|
|
||||||
module.run:
|
|
||||||
- schedule.is_enabled:
|
|
||||||
- name: patch_os_schedule
|
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
2
salt/patch/os/schedules/map.jinja
Normal file
2
salt/patch/os/schedules/map.jinja
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
{% import_yaml 'patch/defaults.yaml' as PATCHDEFAULTS %}
|
||||||
|
{% set PATCHMERGED = salt['pillar.get']('patch', PATCHDEFAULTS.patch, merge=true) %}
|
||||||
Reference in New Issue
Block a user