CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 22:47:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10823 from Security-Onion-Solutions/2.4/dockerips

Browse Source 
2.4/dockerips
This commit is contained in:
Josh Patterson
2023-07-25 08:39:49 -04:00
committed by GitHub
parent 71a83c1fe9 b20fad2839
commit c1190064ad
14 changed files with 34 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/common/files/daemon.json
+2 -4
View File
@@ -1,13 +1,11 @@
{%- set DOCKERRANGE = salt['pillar.get']('docker:range', '172.17.0.0/24') %}
{%- set DOCKERBIND = salt['pillar.get']('docker:bip', '172.17.0.1/24') %}
{
"registry-mirrors": [
"https://:5000"
],
"bip": "{{ DOCKERBIND }}",
"bip": "172.17.0.1/24",
"default-address-pools": [
{
"base": "{{ DOCKERRANGE }}",
"base": "172.17.0.0/24",
"size": 24
}
]
salt/docker/defaults.yaml
+3 -5
View File
@@ -1,8 +1,6 @@
docker:
bip: '172.17.0.1'
range: '172.17.0.0/24'
sorange: '172.17.1.0/24'
sobip: '172.17.1.1'
range: '172.17.1.0/24'
gateway: '172.17.1.1'
containers:
'so-dockerregistry':
final_octet: 20
@@ -202,4 +200,4 @@ docker:
final_octet: 99
custom_bind_mounts: []
extra_hosts: []
extra_env: []
extra_env: []
salt/docker/docker.map.jinja
+1 -1
View File
@@ -1,6 +1,6 @@
{% import_yaml 'docker/defaults.yaml' as DOCKERDEFAULTS %}
{% set DOCKER = salt['pillar.get']('docker', DOCKERDEFAULTS.docker, merge=True) %}
{% set RANGESPLIT = DOCKER.sorange.split('.') %}
{% set RANGESPLIT = DOCKER.range.split('.') %}
{% set FIRSTTHREE = RANGESPLIT[0] ~ '.' ~ RANGESPLIT[1] ~ '.' ~ RANGESPLIT[2] ~ '.' %}
{% for container, vals in DOCKER.containers.items() %}
salt/docker/init.sls
+2 -2
View File
@@ -102,8 +102,8 @@ dockerreserveports:
sos_docker_net:
docker_network.present:
- name: sobridge
- subnet: {{ DOCKER.sorange }}
- gateway: {{ DOCKER.sobip }}
- subnet: {{ DOCKER.range }}
- gateway: {{ DOCKER.gateway }}
- options:
com.docker.network.bridge.name: 'sobridge'
com.docker.network.driver.mtu: '1500'
salt/docker/soc_docker.yaml
+3 -11
View File
@@ -1,20 +1,12 @@
docker:
bip:
description: Bind IP for the default docker interface.
gateway:
description: Gateway for the default docker interface.
helpLink: docker.html
advanced: True
range:
description: Default docker IP range for containers.
helpLink: docker.html
advanced: True
sobip:
description: Bind IP for the SO docker interface.
helpLink: docker.html
advanced: True
sorange:
description: IP range for the SO docker containers.
helpLink: docker.html
advanced: True
containers:
so-curator: &dockerOptions
final_octet:
@@ -68,4 +60,4 @@ docker:
so-strelka-filestream: *dockerOptions
so-strelka-frontend: *dockerOptions
so-strelka-gatekeeper: *dockerOptions
so-strelka-manager: *dockerOptions
so-strelka-manager: *dockerOptions
salt/firewall/iptables.jinja
+1 -1
View File
@@ -52,7 +52,7 @@
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s {{DOCKER.sorange}} ! -o sobridge -j MASQUERADE
-A POSTROUTING -s {{DOCKER.range}} ! -o sobridge -j MASQUERADE
{%- for rule in PR %}
{{ rule }}
{%- endfor %}
salt/firewall/map.jinja
+1 -1
View File
@@ -5,7 +5,7 @@
{# add our ip to self #}
{% do FIREWALL_DEFAULT.firewall.hostgroups.self.append(GLOBALS.node_ip) %}
{# add dockernet range #}
{% do FIREWALL_DEFAULT.firewall.hostgroups.dockernet.append(DOCKER.sorange) %}
{% do FIREWALL_DEFAULT.firewall.hostgroups.dockernet.append(DOCKER.range) %}
{% if GLOBALS.role == 'so-idh' %}
{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %}
salt/mysql/enabled.sls
+1 -1
View File
@@ -43,7 +43,7 @@ so-mysql:
- {{ BINDING }}
{% endfor %}
- environment:
- MYSQL_ROOT_HOST={{ GLOBALS.so_docker_bip }}
- MYSQL_ROOT_HOST={{ GLOBALS.so_docker_gateway }}
- MYSQL_ROOT_PASSWORD=/etc/mypass
{% if DOCKER.containers['so-mysql'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-mysql'].extra_env %}
salt/playbook/config.sls
+2 -2
View File
@@ -18,7 +18,7 @@ create_playbookdbuser:
mysql_user.present:
- name: playbookdbuser
- password: {{ PLAYBOOKPASS }}
- host: "{{ DOCKER.sorange.split('/')[0] }}/255.255.255.0"
- host: "{{ DOCKER.range.split('/')[0] }}/255.255.255.0"
- connection_host: {{ GLOBALS.manager }}
- connection_port: 3306
- connection_user: root
@@ -27,7 +27,7 @@ create_playbookdbuser:
query_playbookdbuser_grants:
mysql_query.run:
- database: playbook
- query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'{{ DOCKER.sorange.split('/')[0] }}/255.255.255.0';"
- query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'{{ DOCKER.range.split('/')[0] }}/255.255.255.0';"
- connection_host: {{ GLOBALS.manager }}
- connection_port: 3306
- connection_user: root
salt/podman/init.sls
+2 -2
View File
@@ -44,8 +44,8 @@ podman_docker_symlink:
sos_docker_net:
docker_network.present:
- name: sobridge
- subnet: {{ DOCKER.sorange }}
- gateway: {{ DOCKER.sobip }}
- subnet: {{ DOCKER.range }}
- gateway: {{ DOCKER.bip }}
- options:
com.docker.network.bridge.name: 'sobridge'
com.docker.network.driver.mtu: '1500'
salt/soc/defaults.map.jinja
+1 -1
View File
@@ -30,7 +30,7 @@
{% endif %}
{% endfor %}
{% do SOCDEFAULTS.soc.config.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sorange, 'apiKey': pillar.sensoroni.config.sensoronikey}) %}
{% do SOCDEFAULTS.soc.config.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.range, 'apiKey': pillar.sensoroni.config.sensoronikey}) %}
{% do SOCDEFAULTS.soc.config.server.client.case.update({'analyzerNodeId': GLOBALS.hostname}) %}
salt/vars/globals.map.jinja
+2 -2
View File
@@ -22,8 +22,8 @@
'md_engine': INIT.PILLAR.global.mdengine,
'pipeline': INIT.PILLAR.global.pipeline,
'so_version': INIT.PILLAR.global.soversion,
'so_docker_bip': DOCKER.sobip,
'so_docker_range': DOCKER.sorange,
'so_docker_gateway': DOCKER.gateway,
'so_docker_range': DOCKER.range,
'url_base': INIT.PILLAR.global.url_base,
'so_model': INIT.GRAINS.get('sosmodel',''),
'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,