use global vars in states

2025-12-21 16:33:08 +01:00 · 2022-10-11 11:57:15 -04:00
parent 46bdd1acad
commit b526532ab6
219 changed files with 412 additions and 472 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,12 +1,12 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}

-{% set role = grains.id.split('_') | last %}
+{% from 'vars/globals.map.jinja' import GLOBALS %}

 include:
  - common.soup_scripts
  - common.packages
-{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+{% if GLOBALS.role in GLOBALS.manager_roles %}
  - manager.elasticsearch # needed for elastic_curl_config state
 {% endif %}

@@ -104,7 +104,7 @@ elastic_curl_config:
    - mode: 600
    - show_changes: False
    - makedirs: True
-  {% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+  {% if GLOBALS.role in GLOBALS.manager_roles %}
    - require:
      - file: elastic_curl_config_distributed
  {% endif %}
@@ -131,7 +131,7 @@ so-status_script:
    - source: salt://common/tools/sbin/so-status
    - mode: 755

-{% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %}
+{% if GLOBALS.role in GLOBALS.sensor_roles %}
 # Add sensor cleanup
 /usr/sbin/so-sensor-clean:
  cron.present:
@@ -208,8 +208,9 @@ common_pip_dependencies:
    - target: /usr/lib64/python3.6/site-packages

 # Install sostatus check cron
-'/usr/sbin/so-status -j > /opt/so/log/sostatus/status.log 2>&1':
+sostatus_check_cron:
  cron.present:
+    - name: '/usr/sbin/so-status -j > /opt/so/log/sostatus/status.log 2>&1'
    - user: root
    - minute: '*/1'
    - hour: '*'
@@ -217,36 +218,8 @@ common_pip_dependencies:
    - month: '*'
    - dayweek: '*'

-{% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
-# Install cron job to determine size of influxdb for telegraf
-'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1':
-  cron.present:
-    - user: root
-    - minute: '*/1'
-    - hour: '*'
-    - daymonth: '*'
-    - month: '*'
-    - dayweek: '*'
-    
-# Lock permissions on the backup directory
-backupdir:
-  file.directory:
-    - name: /nsm/backup
-    - user: 0
-    - group: 0
-    - makedirs: True
-    - mode: 700
-  
-# Add config backup
-/usr/sbin/so-config-backup > /dev/null 2>&1:
-  cron.present:
-    - user: root
-    - minute: '1'
-    - hour: '0'
-    - daymonth: '*'
-    - month: '*'
-    - dayweek: '*'
-{% else %}
+{% if GLOBALS.role not in ['eval', 'manager', 'managersearch', 'standalone'] %}
+
 soversionfile:
  file.managed:
    - name: /etc/soversion
@@ -256,8 +229,8 @@ soversionfile:
    
 {% endif %}

-{% if salt['grains.get']('sosmodel', '') %}
-  {% if grains['os'] == 'CentOS' %}     
+{% if GLOBALS.so_model %}
+  {% if GLOBALS.os == 'CentOS' %}     
 # Install Raid tools
 raidpkgs:
  pkg.installed:
@@ -268,8 +241,9 @@ raidpkgs:
  {% endif %}

 # Install raid check cron
-/usr/sbin/so-raid-status > /dev/null 2>&1:
+so_raid_status:
  cron.present:
+    - name: '/usr/sbin/so-raid-status > /dev/null 2>&1'
    - user: root
    - minute: '*/15'
    - hour: '*'
--- a/salt/common/packages.sls
+++ b/salt/common/packages.sls
@@ -1,4 +1,6 @@
-{% if grains['os'] != 'CentOS' %}     
+{% from 'vars/globals.map.jinja' import GLOBALS %}
+
+{% if GLOBALS.os != 'CentOS' %}     
 commonpkgs:
  pkg.installed:
    - skip_suggestions: True
@@ -23,8 +25,6 @@ commonpkgs:
      - git
      - vim-enhanced
      - python3-docker
-
-
 {% else %}
 commonpkgs:
  pkg.installed:
@@ -57,5 +57,4 @@ commonpkgs:
      - git
      - vim-enhanced
      - yum-plugin-versionlock
-
-{% endif %}
+{% endif %}
--- a/salt/common/tools/sbin/so-config-backup
+++ b/salt/common/tools/sbin/so-config-backup
@@ -1,40 +0,0 @@
-#!/bin/bash
-#
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-. /usr/sbin/so-common
-{% set BACKUPLOCATIONS = salt['pillar.get']('backup:locations', {}) %}
-
-TODAY=$(date '+%Y_%m_%d')
-BACKUPFILE="/nsm/backup/so-config-backup-$TODAY.tar"
-MAXBACKUPS=7
-
-# Create backup dir if it does not exist
-mkdir -p /nsm/backup
-
-# If we haven't already written a backup file for today, let's do so
-if [ ! -f $BACKUPFILE ]; then
-
-  # Create empty backup file
-  tar -cf $BACKUPFILE -T /dev/null
-
-  # Loop through all paths defined in global.sls, and append them to backup file
-  {%- for LOCATION in BACKUPLOCATIONS %}
-  tar -rf $BACKUPFILE {{ LOCATION }}
-  {%- endfor %}
-  tar -rf $BACKUPFILE /etc/pki
-  tar -rf $BACKUPFILE /etc/salt
-  tar -rf $BACKUPFILE /opt/so/conf/kratos
-
-fi
-
-# Find oldest backup files and remove them
-NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
-while [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; do
-  OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" -type f -printf '%T+ %p\n' | sort | head -n 1 | awk -F" " '{print $2}')
-  rm -f $OLDESTBACKUP
-  NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
-done