Merge pull request #11345 from Security-Onion-Solutions/jertel/auto

ensure all binds are present to avoid volume sprawl

salt/influxdb/config.sls

@@ -25,6 +25,14 @@ influxlogdir:
     - group: 939
     - makedirs: True
 
+influxetcdir:
+  file.directory:
+    - name: /opt/so/conf/influxdb/etc
+    - dir_mode: 750
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 influxdbdir:
   file.directory:
     - name: /nsm/influxdb

salt/influxdb/enabled.sls

@@ -38,6 +38,7 @@ so-influxdb:
     - binds:
       - /opt/so/log/influxdb/:/log:rw
       - /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro
+      - /opt/so/conf/influxdb/etc:/etc/influxdb2:rw
       - /nsm/influxdb:/var/lib/influxdb2:rw
       - /etc/pki/influxdb.crt:/conf/influxdb.crt:ro
       - /etc/pki/influxdb.key:/conf/influxdb.key:ro

salt/manager/tools/sbin/soup

@@ -434,7 +434,8 @@ post_to_2.4.10() {
 }
 
 post_to_2.4.20() {
-  echo "Nothing to apply"
+  echo "Pruning unused volumes"
+  docker volume prune -f
   POSTVERSION=2.4.20
 }
 

salt/playbook/config.sls

@@ -91,6 +91,14 @@ playbooklogdir:
     - group: 939
     - makedirs: True
 
+playbookfilesdir:
+  file.directory:
+    - name: /opt/so/conf/playbook/redmine-files
+    - dir_mode: 775
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 {%   if 'idh' in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}").split() %}
 idh-plays:
   file.recurse:

salt/playbook/enabled.sls

@@ -33,6 +33,7 @@ so-playbook:
       - sobridge:
         - ipv4_address: {{ DOCKER.containers['so-playbook'].ip }}
     - binds:
+      - /opt/so/conf/playbook/redmine-files:/usr/src/redmine/files:rw
       - /opt/so/log/playbook:/playbook/log:rw
       {% if DOCKER.containers['so-playbook'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-playbook'].custom_bind_mounts %}

salt/redis/config.sls

@@ -25,6 +25,13 @@ redisworkdir:
     - group: 939
     - makedirs: True
 
+redisdatadir:
+  file.directory:
+    - name: /nsm/redis/data
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 redislogdir:
   file.directory:
     - name: /opt/so/log/redis

salt/redis/enabled.sls

@@ -28,6 +28,7 @@ so-redis:
       - /opt/so/log/redis:/var/log/redis:rw
       - /opt/so/conf/redis/etc/redis.conf:/usr/local/etc/redis/redis.conf:ro
       - /opt/so/conf/redis/working:/redis:rw
+      - /nsm/redis/data:/data:rw
       - /etc/pki/redis.crt:/certs/redis.crt:ro
       - /etc/pki/redis.key:/certs/redis.key:ro
       {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}

salt/strelka/config.sls

@@ -43,6 +43,20 @@ strelka_sbin:
     - group: 939
     - file_mode: 755
 
+strelkagkredisdatadir:
+  file.directory:
+    - name: /nsm/strelka/gk-redis-data
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+strelkacoordredisdatadir:
+  file.directory:
+    - name: /nsm/strelka/coord-redis-data
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/strelka/coordinator/enabled.sls

@@ -37,8 +37,9 @@ strelka_coordinator:
       - {{ XTRAENV }}
       {% endfor %}
     {% endif %}
-  {% if DOCKER.containers['so-strelka-coordinator'].custom_bind_mounts %}
     - binds:
+      - /nsm/strelka/coord-redis-data:/data:rw
+      {% if DOCKER.containers['so-strelka-coordinator'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-strelka-coordinator'].custom_bind_mounts %}
       - {{ BIND }}
         {% endfor %}

salt/strelka/gatekeeper/enabled.sls

@@ -31,8 +31,9 @@ strelka_gatekeeper:
       {% for BINDING in DOCKER.containers['so-strelka-gatekeeper'].port_bindings %}
       - {{ BINDING }}
       {% endfor %}
-    {% if DOCKER.containers['so-strelka-gatekeeper'].custom_bind_mounts %}
     - binds:
+      - /nsm/strelka/gk-redis-data:/data:rw
+      {% if DOCKER.containers['so-strelka-gatekeeper'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-strelka-gatekeeper'].custom_bind_mounts %}
       - {{ BIND }}
         {% endfor %}