CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-10 13:20:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use TELEGRAFMERGED for telegraf.output and de-jinja pg_hba.conf

Browse Source 
- firewall/map.jinja and postgres/telegraf_users.sls now pull the
  telegraf output selector through TELEGRAFMERGED so the defaults.yaml
  value (BOTH) is the source of truth and pillar overrides merge in
  cleanly. pillar.get with a hardcoded fallback was brittle and would
  disagree with defaults.yaml if the two ever diverged.
- Rename salt/postgres/files/pg_hba.conf.jinja to pg_hba.conf and drop
  template: jinja from config.sls — the file has no jinja besides the
  comment header.
This commit is contained in:
Mike Reeves
2026-04-20 16:06:01 -04:00
parent 3ecd19d085
commit b69e50542a
4 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/postgres/config.sls
+1 -2
View File
@@ -65,11 +65,10 @@ postgresconf:
postgreshba:
file.managed:
- name: /opt/so/conf/postgres/pg_hba.conf
- source: salt://postgres/files/pg_hba.conf.jinja
- source: salt://postgres/files/pg_hba.conf
- user: 939
- group: 939
- mode: 640
- template: jinja
postgres_super_secret:
file.managed:
salt/postgres/files/pg_hba.conf.jinja → salt/postgres/files/pg_hba.conf
+5 -4
View File
@@ -1,7 +1,8 @@
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
https://securityonion.net/license; you may not use this file except in compliance with the
Elastic License 2.0. #}
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
#
# Managed by Salt — do not edit by hand.
# Client authentication config: only local (Unix socket) connections and TLS-wrapped TCP
# connections are accepted. Plain-text `host ...` lines are intentionally omitted so a
salt/postgres/telegraf_users.sls
+2 -1
View File
@@ -6,8 +6,9 @@
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'telegraf/map.jinja' import TELEGRAFMERGED %}
{% set TG_OUT = salt['pillar.get']('telegraf:output', 'BOTH') | upper %}
{% set TG_OUT = TELEGRAFMERGED.output | upper %}
{% if TG_OUT in ['POSTGRES', 'BOTH'] %}
# docker_container.running returns as soon as the container starts, but on