CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update kafka to use manager docker registry

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-04-02 16:34:06 -04:00
parent 1b49c8540e
commit b032eed22a
2 changed files with 48 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/common/tools/sbin/so-image-common
+2 -1
View File
@@ -67,7 +67,8 @@ container_list() {
"so-strelka-manager" "so-strelka-manager"
"so-suricata" "so-suricata"
"so-telegraf" "so-telegraf"
"so-zeek" "so-zeek"
"so-kafka"
) )
else else
TRUSTED_CONTAINERS=( TRUSTED_CONTAINERS=(
salt/kafka/enabled.sls
+46 -45
View File
@@ -1,46 +1,47 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the # https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0. # Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER %} {% from 'docker/docker.map.jinja' import DOCKER %}
{% set KAFKANODES = salt['pillar.get']('kafka:nodes', {}) %}
include:
- kafka.sostatus include:
- kafka.config - kafka.sostatus
- kafka.storage - kafka.config
- kafka.storage
so-kafka:
docker_container.running: so-kafka:
- image: so-kafka docker_container.running:
- hostname: so-kafka - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }}
- name: so-kafka - hostname: so-kafka
- networks: - name: so-kafka
- sobridge: - networks:
- ipv4_address: {{ DOCKER.containers['so-kafka'].ip }} - sobridge:
- user: kafka - ipv4_address: {{ DOCKER.containers['so-kafka'].ip }}
- port_bindings: - user: kafka
{% for BINDING in DOCKER.containers['so-kafka'].port_bindings %} - port_bindings:
- {{ BINDING }} {% for BINDING in DOCKER.containers['so-kafka'].port_bindings %}
{% endfor %} - {{ BINDING }}
- binds: {% endfor %}
- /etc/pki/kafka.jks:/etc/pki/kafka.jks - binds:
- /opt/so/conf/ca/cacerts:/etc/pki/java/sos/cacerts - /etc/pki/kafka.jks:/etc/pki/kafka.jks
- /nsm/kafka/data/:/nsm/kafka/data/:rw - /opt/so/conf/ca/cacerts:/etc/pki/java/sos/cacerts
- /opt/so/conf/kafka/server.properties:/kafka/config/kraft/server.properties - /nsm/kafka/data/:/nsm/kafka/data/:rw
- /opt/so/conf/kafka/server.properties:/kafka/config/kraft/server.properties
delete_so-kafka_so-status.disabled:
file.uncomment: delete_so-kafka_so-status.disabled:
- name: /opt/so/conf/so-status/so-status.conf file.uncomment:
- regex: ^so-kafka$ - name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-kafka$
{% else %}
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes: {{sls}}_state_not_allowed:
- name: {{sls}}_state_not_allowed test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %} {% endif %}