CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12928 from Security-Onion-Solutions/orchit

Browse Source 
Orchit
This commit is contained in:
Josh Patterson
2024-05-03 15:17:34 -04:00
committed by GitHub
parent 91c9f26a0c bdf1b45a07
commit b50789a77c
3 changed files with 38 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
salt/manager/tools/sbin/so-minion
View File

@@ -426,10 +426,6 @@ function checkMine() {
} }
function updateMine() {
retry 20 1 "salt '$MINION_ID' mine.update" True
}
function createEVAL() { function createEVAL() {
is_pcaplimit=true is_pcaplimit=true
pcapspace pcapspace
@@ -604,20 +600,12 @@ function addMinion() {
} }
function updateMineAndApplyStates() { function updateMineAndApplyStates() {
# tell the minion to populate the mine with data from mine_functions which is populated during setup
# this only needs to happen on non managers since they handle this during setup #checkMine "network.ip_addrs"
# and they need to wait for ca creation to update the mine
updateMine
checkMine "network.ip_addrs"
# apply the elasticsearch state to the manager if a new searchnode was added
if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then
# calls so-common and set_minionid sets MINIONID to local minion id # calls so-common and set_minionid sets MINIONID to local minion id
set_minionid set_minionid
salt $MINIONID state.apply elasticsearch queue=True --async # $MINIONID is the minion id of the manager and $MINION_ID is the target node or the node being configured
salt $MINIONID state.apply soc queue=True --async salt-run state.orch orch.deploy_newnode pillar="{'setup': {'manager': $MINIONID, 'newnode': $MINION_ID }}" > /dev/null 2>&1 &
fi
# run this async so the cli doesn't wait for a return
salt "$MINION_ID" state.highstate --async queue=True
} }
function setupMinionFiles() { function setupMinionFiles() {

32
salt/orch/deploy_newnode.sls Normal file
View File

@@ -0,0 +1,32 @@
{% set MANAGER = salt['pillar.get']('setup:manager') %}
{% set NEWNODE = salt['pillar.get']('setup:newnode') %}
# tell the minion to populate the mine with data from mine_functions which is populated during setup
# this only needs to happen on non managers since they handle this during setup
# and they need to wait for ca creation to update the mine
{{NEWNODE}}_update_mine:
salt.function:
- name: mine.update
- tgt: {{ NEWNODE }}
- retry:
attempts: 36
interval: 5
# we need to prepare the manager for a new searchnode or heavynode
{% if NEWNODE.split('_')|last in ['searchnode', 'heavynode'] %}
manager_run_es_soc:
salt.state:
- tgt: {{ MANAGER }}
- sls:
- elasticsearch
- soc
- queue: True
- require:
- salt: {{NEWNODE}}_update_mine
{% endif %}
{{NEWNODE}}_run_highstate:
salt.state:
- tgt: {{ NEWNODE }}
- highstate: True
- queue: True

1
setup/so-setup
View File

@@ -808,7 +808,6 @@ if ! [[ -f $install_opt_file ]]; then
configure_minion "$minion_type" configure_minion "$minion_type"
check_sos_appliance check_sos_appliance
drop_install_options drop_install_options
logCmd "salt-call state.apply setup.highstate_cron --local --file-root=../salt/"
verify_setup verify_setup
fi fi