From ae993c47c15195adb01bc316cbbe48ad9f707e23 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Tue, 11 Mar 2025 11:12:45 -0400 Subject: [PATCH] remove minion pillar files when a vm is destroyed --- salt/orch/dyanno_hypervisor.sls | 10 ---------- salt/orch/vm_pillar_clean.sls | 35 +++++++++++++++++++++++++++++++++ salt/reactor/deleteKey.sls | 9 ++++++++- 3 files changed, 43 insertions(+), 11 deletions(-) create mode 100644 salt/orch/vm_pillar_clean.sls diff --git a/salt/orch/dyanno_hypervisor.sls b/salt/orch/dyanno_hypervisor.sls index 8af529a5f..624bb12f3 100644 --- a/salt/orch/dyanno_hypervisor.sls +++ b/salt/orch/dyanno_hypervisor.sls @@ -103,16 +103,6 @@ write_vm_status: event_tag: {{ tag }} {% endif %} -{# Check if the base domain exists / is ready for VMs #} -{#% set file_exists = False %} -{% set ret = salt.saltutil.runner('salt.execute', [hypervisor ~ '_*','file.file_exists', ['/nsm/libvirt/images/sool9/sool9.qcow2'], 'glob']) %} -{% do salt.log.debug('dyanno_hypervisor_orch: File /nsm/libvirt/images/sool9/sool9.qcow2 exists: ' ~ ret) %} -{% for minion, file_exists in ret.items() %} -{% if minion.startswith(hypervisor ~ '_') %} -{% do salt.log.info('dyanno_hypervisor_orch: File /nsm/libvirt/images/sool9/sool9.qcow2 exists: ' ~ file_exists) %} -{% endif %} -{% endfor %#} - # Update hypervisor status update_hypervisor_annotation: salt.state: diff --git a/salt/orch/vm_pillar_clean.sls b/salt/orch/vm_pillar_clean.sls new file mode 100644 index 000000000..5c0011f6f --- /dev/null +++ b/salt/orch/vm_pillar_clean.sls @@ -0,0 +1,35 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. +# +# Note: Per the Elastic License 2.0, the second limitation states: +# +# "You may not move, change, disable, or circumvent the license key functionality +# in the software, and you may not remove or obscure any functionality in the +# software that is protected by the license key." + +{% if 'hvn' in salt['pillar.get']('features', []) %} + +{% do salt.log.debug('vm_pillar_clean_orch: Running') %} +{% set vm_name = pillar.get('vm_name') %} + +delete_adv_{{ vm_name }}_pillar: + module.run: + - file.remove: + - path: /opt/so/saltstack/local/pillar/minions/adv_{{ vm_name }}.sls + +delete_{{ vm_name }}_pillar: + module.run: + - file.remove: + - path: /opt/so/saltstack/local/pillar/minions/{{ vm_name }}.sls + +{% else %} + +{% do salt.log.error( + 'Hypervisor nodes are a feature supported only for customers with a valid license.' + 'Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com' + 'for more information about purchasing a license to enable this feature.' +) %} + +{% endif %} diff --git a/salt/reactor/deleteKey.sls b/salt/reactor/deleteKey.sls index 646e17948..4d522a4b5 100644 --- a/salt/reactor/deleteKey.sls +++ b/salt/reactor/deleteKey.sls @@ -1,5 +1,5 @@ # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. @@ -8,4 +8,11 @@ remove_key: - args: - match: {{ data['name'] }} +{{ data['name'] }}_pillar_clean: + runner.state.orchestrate: + - args: + - mods: orch.vm_pillar_clean + - pillar: + vm_name: {{ data['name'] }} + {% do salt.log.info('deleteKey reactor: deleted minion key: %s' % data['name']) %}