Add disabled state for Curator

2025-12-07 17:52:46 +01:00 · 2023-12-18 20:50:49 +00:00
parent 866c9988a0
commit aba5893965
3 changed files with 45 additions and 0 deletions
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -219,6 +219,10 @@
    {% do allowed_states.append('kibana.secrets') %}
  {% endif %}

+  {% if grains.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager'] %}
+    {% do allowed_states.append('curator.disabled') %}
+  {% endif %}
+
  {% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('elastalert') %}
  {% endif %}
--- a/salt/curator/disabled.sls
+++ b/salt/curator/disabled.sls
@@ -0,0 +1,36 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - curator.sostatus
+  
+so-curator:
+  docker_container.absent:
+    - force: True
+
+so-curator_so-status.disabled:
+  file.line:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-curator$
+    - mode: delete
+
+so-curator-cluster-close:
+  cron.absent:
+    - identifier: so-curator-cluster-close
+
+so-curator-cluster-delete:
+  cron.absent:
+    - identifier: so-curator-cluster-delete
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -74,6 +74,7 @@ base:
    - suricata
    - zeek
    - strelka
+    - curator.disabled
    - elastalert
    - utility
    - soctopus
@@ -103,6 +104,7 @@ base:
    - redis
    - elastic-fleet-package-registry
    - kibana
+    - curator.disabled
    - elastalert
    - utility
    - soctopus
@@ -138,6 +140,7 @@ base:
    - suricata
    - zeek
    - strelka
+    - curator.disabled
    - elastalert
    - utility
    - soctopus
@@ -176,6 +179,7 @@ base:
    - elasticsearch
    - logstash
    - redis
+    - curator.disabled
    - elastic-fleet-package-registry
    - kibana
    - elastalert
@@ -195,6 +199,7 @@ base:
    - elasticsearch
    - logstash
    - redis
+    - curator.disabled
    - strelka
    - pcap
    - suricata