From b8e3a45a7efcb727676bb2706fa64cc52fc6901a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 23 Jul 2021 08:53:45 -0400 Subject: [PATCH] [wip] Add logscan state Do not add state to top file or setup yet, script will be written to enable the feature shortly --- salt/allowed_states.map.jinja | 20 ++++++++---- salt/logscan/files/logscan.conf | 6 ++++ salt/logscan/init.sls | 57 +++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 7 deletions(-) create mode 100644 salt/logscan/files/logscan.conf create mode 100644 salt/logscan/init.sls diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 665fdbe3d..12d8f99ec 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -45,7 +45,8 @@ 'schedule', 'soctopus', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-heavynode': [ 'ca', @@ -75,7 +76,8 @@ 'logstash', 'schedule', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-fleet': [ 'ca', @@ -108,7 +110,8 @@ 'zeek', 'schedule', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-manager': [ 'salt.master', @@ -127,7 +130,8 @@ 'utility', 'schedule', 'soctopus', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-managersearch': [ 'salt.master', @@ -146,7 +150,8 @@ 'utility', 'schedule', 'soctopus', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-node': [ 'ca', @@ -178,7 +183,8 @@ 'schedule', 'soctopus', 'tcpreplay', - 'docker_clean' + 'docker_clean', + 'logscsan' ], 'so-sensor': [ 'ca', @@ -296,4 +302,4 @@ {% endif %} {# all nodes can always run salt.minion state #} -{% do allowed_states.append('salt.minion') %} \ No newline at end of file +{% do allowed_states.append('salt.minion') %} diff --git a/salt/logscan/files/logscan.conf b/salt/logscan/files/logscan.conf new file mode 100644 index 000000000..9b3df8027 --- /dev/null +++ b/salt/logscan/files/logscan.conf @@ -0,0 +1,6 @@ +[global] +ts_format = iso8601 +scan_interval = 30s + +[kratos] +log_path = kratos/kratos.log diff --git a/salt/logscan/init.sls b/salt/logscan/init.sls new file mode 100644 index 000000000..51badbcdd --- /dev/null +++ b/salt/logscan/init.sls @@ -0,0 +1,57 @@ +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} + +{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +{% set MANAGER = salt['grains.get']('master') %} +{% set logscan_cpu_period = salt['pillar.get']('logscan:cpu_period', 10000) %} + +logscan_data_dir: + file.directory: + - name: /nsm/logscan/data + - user: 939 + - group: 939 + - makedirs: True + +logscan_conf_dir: + file.directory: + - name: /opt/so/conf/logscan + - user: 939 + - group: 939 + - makedirs: True + +logscan_conf: + file.managed: + - name: /opt/so/conf/logscan/logscan.conf + - source: salt://logscan/files/logscan.conf + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + +logscan_log_dir: + file.directory: + - name: /opt/so/log/logscan + - user: 939 + - group: 939 + +so-logscan: + docker_container.running: + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logscan:{{ VERSION }} + - hostname: logscan + - name: so-logscan + - binds: + - /nsm/logscan/data:/logscan/data:rw + - /opt/so/conf/logscan.conf:/logscan/logscan.conf:ro + - /opt/so/log/logscan:/logscan/output:rw + - /opt/so/log:/logscan/logs:ro + - cpu_period: {{ logscan_cpu_period }} + + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %}