From b4015ac73e7ed18f557bf06e94332f51c7b35697 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 27 Feb 2023 10:05:08 -0500 Subject: [PATCH 1/3] add sensor to node_containers --- salt/firewall/containers.map.jinja | 25 +++++++++++++------------ salt/firewall/init.sls | 10 ++++++++++ 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/salt/firewall/containers.map.jinja b/salt/firewall/containers.map.jinja index bd4cf72f1..a2114258f 100644 --- a/salt/firewall/containers.map.jinja +++ b/salt/firewall/containers.map.jinja @@ -22,9 +22,8 @@ 'so-strelka-manager', 'so-strelka-filestream' ] %} -{% endif %} -{% if GLOBALS.role == 'so-manager' or GLOBALS.role == 'so-standalone' or GLOBALS.role == 'so-managersearch' %} +{% elif GLOBALS.role == 'so-manager' or GLOBALS.role == 'so-standalone' or GLOBALS.role == 'so-managersearch' %} {% set NODE_CONTAINERS = [ 'so-curator', 'so-dockerregistry', @@ -47,17 +46,15 @@ 'so-strelka-manager', 'so-strelka-filestream' ] %} -{% endif %} -{% if GLOBALS.role == 'so-searchnode' %} +{% elif GLOBALS.role == 'so-searchnode' %} {% set NODE_CONTAINERS = [ 'so-elasticsearch', 'so-logstash', 'so-nginx' ] %} -{% endif %} -{% if GLOBALS.role == 'so-heavynode' %} +{% elif GLOBALS.role == 'so-heavynode' %} {% set NODE_CONTAINERS = [ 'so-curator', 'so-elasticsearch', @@ -71,9 +68,8 @@ 'so-strelka-manager', 'so-strelka-filestream' ] %} -{% endif %} -{% if GLOBALS.role == 'so-import' %} +{% elif GLOBALS.role == 'so-import' %} {% set NODE_CONTAINERS = [ 'so-dockerregistry', 'so-elasticsearch', @@ -85,17 +81,22 @@ 'so-nginx', 'so-soc' ] %} -{% endif %} -{% if GLOBALS.role == 'so-receiver' %} +{% elif GLOBALS.role == 'so-receiver' %} {% set NODE_CONTAINERS = [ 'so-logstash', 'so-redis', ] %} -{% endif %} -{% if GLOBALS.role == 'so-idh' %} +{% elif GLOBALS.role == 'so-idh' %} {% set NODE_CONTAINERS = [ 'so-idh', ] %} + +{% elif GLOBALS.role == 'so-sensor' %} +{% set NODE_CONTAINERS = [] %} + +{% else %} +{% set NODE_CONTAINERS = [] %} + {% endif %} diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 12aaed39e..63e8d326b 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -5,6 +5,8 @@ disable_firewalld: service.dead: - name: firewalld - enable: False + - prereq: + - file: iptables_config create_sysconfig_iptables: file.touch: @@ -22,6 +24,14 @@ iptables_restore: cmd.run: - name: iptables-restore < /etc/sysconfig/iptables +enable_firewalld: + service.enabled: + - name: firewalld + - enable: True + - onfail: + - file: iptables_config + - cmd: iptables_restore + {% else %} {{sls}}_state_not_allowed: From 068d383442c165617bd497ae5a9e91aab15f3c12 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 27 Feb 2023 12:44:46 -0500 Subject: [PATCH 2/3] change to service.running --- salt/firewall/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 63e8d326b..7feb8dd3b 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -25,7 +25,7 @@ iptables_restore: - name: iptables-restore < /etc/sysconfig/iptables enable_firewalld: - service.enabled: + service.running: - name: firewalld - enable: True - onfail: From 44ed48033cd77c67c811c8a8d7a3e649f95970d2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 27 Feb 2023 13:04:23 -0500 Subject: [PATCH 3/3] move requirement --- salt/firewall/init.sls | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 7feb8dd3b..f59a39aca 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -1,13 +1,6 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} -disable_firewalld: - service.dead: - - name: firewalld - - enable: False - - prereq: - - file: iptables_config - create_sysconfig_iptables: file.touch: - name: /etc/sysconfig/iptables @@ -20,6 +13,13 @@ iptables_config: - source: salt://firewall/iptables.jinja - template: jinja +disable_firewalld: + service.dead: + - name: firewalld + - enable: False + - require: + - file: iptables_config + iptables_restore: cmd.run: - name: iptables-restore < /etc/sysconfig/iptables