CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

cloud profiles and providers. libvirt net setup

Browse Source
This commit is contained in:
m0duspwnens
2024-08-13 10:17:45 -04:00
parent f9eeb76518
commit aa5de9f7bd
6 changed files with 42 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/libvirt/init.sls
View File

@@ -53,13 +53,18 @@ install_qemu:
pkg.installed: pkg.installed:
- name: qemu-kvm - name: qemu-kvm
install_libguestfs: create_host_bridge:
pkg.installed: virt.network_running:
- name: libguestfs - name: host-bridge
- bridge: br0
- forward: bridge
- autostart: True
install-guestfs-tools: disable_default_bridge:
pkg.installed: cmd.run:
- name: guestfs-tools - name: virsh net-destroy default && virsh net-autostart default --disable
- require:
- pkg: install_libvirt-client
# this should only run during the first highstate after setup. it will transfer connection from mgmt to br0 # this should only run during the first highstate after setup. it will transfer connection from mgmt to br0
down_original_mgmt_interface: down_original_mgmt_interface:

19
salt/libvirt/packages.sls
View File

@@ -11,6 +11,25 @@ install_libvirt-client:
pkg.installed: pkg.installed:
- name: libvirt-client - name: libvirt-client
# allows for creating vm images
# any node manipulating images needs this
install_qemu-img:
pkg.installed:
- name: qemu-img
install_guestfs-tools:
pkg.installed:
- name: guestfs-tools
install_xorriso:
pkg.installed:
- name: xorriso
install_virt-install:
pkg.installed:
- name: virt-install
###
libvirt_python_wheel: libvirt_python_wheel:
file.recurse: file.recurse:
- name: /opt/so/conf/libvirt/source-packages/libvirt-python - name: /opt/so/conf/libvirt/source-packages/libvirt-python

2
salt/libvirt/ssh/users.sls
View File

@@ -51,6 +51,6 @@ qemu_ssh_client_config:
soqemussh_pub_key: soqemussh_pub_key:
ssh_auth.present: ssh_auth.present:
- user: soqemussh - user: soqemussh
- source: salt://libvirt/ssh_keys/id_ed25519.pub - source: salt://libvirt/ssh/keys/id_ed25519.pub
{% endif %} {% endif %}

8
salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja
View File

@@ -49,10 +49,11 @@ sensor:
sls_list: sls_list:
- setHostname - setHostname
{%- for hv in HYPERVISORS %} {%- for node_type, hosts in HYPERVISORS.items() %}
{%- for host in hosts %}
core-{{hv}}: core-{{host}}:
provider: kvm-ssh-{{hv}} provider: kvm-ssh-{{host}}
base_domain: jppol9vm base_domain: jppol9vm
ip_source: qemu-agent ip_source: qemu-agent
ssh_username: onionuser ssh_username: onionuser
@@ -67,4 +68,5 @@ core-{{hv}}:
sls_list: sls_list:
- setHostname - setHostname
{%- endfor %}
{%- endfor %} {%- endfor %}

8
salt/salt/cloud/cloud.providers.d/libvirt.conf.jinja
View File

@@ -3,12 +3,14 @@
# driver: libvirt # driver: libvirt
# url: qemu+ssh://soqemussh@jpphype1/system?socket=/var/run/libvirt/libvirt-sock # url: qemu+ssh://soqemussh@jpphype1/system?socket=/var/run/libvirt/libvirt-sock
{%- for hv in HYPERVISORS %} {%- for node_type, hosts in HYPERVISORS.items() %}
{%- for host in hosts %}
kvm-ssh-{{hv}}: kvm-ssh-{{host}}:
driver: libvirt driver: libvirt
url: qemu+ssh://soqemussh@{{hv}}/system?socket=/var/run/libvirt/libvirt-sock url: qemu+ssh://soqemussh@{{host}}/system?socket=/var/run/libvirt/libvirt-sock
{%- endfor %}
{%- endfor %} {%- endfor %}
# Or connect to a local libvirt instance # Or connect to a local libvirt instance

2
salt/salt/cloud/init.sls
View File

@@ -28,7 +28,7 @@ cloud_profiles:
- name: /etc/salt/cloud.profiles.d/socloud.conf - name: /etc/salt/cloud.profiles.d/socloud.conf
- source: salt://salt/cloud/cloud.profiles.d/socloud.conf.jinja - source: salt://salt/cloud/cloud.profiles.d/socloud.conf.jinja
- defaults: - defaults:
HYPERVISORS: {{pillar.hypervisor.nodes}} HYPERVISORS: {{pillar.hypervisor.nodes.hypervisor}}
- template: jinja - template: jinja
{% else %} {% else %}