487e433589
allow full highstate on manager while master locked
2026-06-02 13:58:38 -04:00
3328ff362d
add some logging
2026-06-02 10:44:17 -04:00
8c17ae0f66
move so-salt-minion-wait
2026-06-01 14:48:54 -04:00
f54939b444
Replace inotify pillar watch with postgres audit_settings beacon
...
The active-push feature detected pillar/settings changes via an inotify
beacon on the manager watching /opt/so/saltstack/local/pillar. Replace
that pillar watch with a custom salt beacon (pillar_db) that polls the
SOC so_soc.audit_settings table on a monotonic id watermark, so changes
made through SOC drive immediate pushes from the database instead of the
files. The suricata/strelka rule inotify watches (and pyinotify) are kept
unchanged, since rule-file edits are not recorded in audit_settings.
- salt/_beacons/pillar_db.py: new beacon. Polls audit_settings via
`docker exec so-postgres psql` (unix-socket trust auth), tracks the last
processed id in /opt/so/state/pillar_db_watch.id, seeds to MAX(id) on
first run (no history replay), and emits one event per new row.
- salt/reactor/push_pillar.sls: consume setting_id/node_id from the beacon
event instead of a file path. App = first dotted segment of setting_id,
looked up in pillar_push_map.yaml. Empty node_id -> grid-wide actions as
is; populated node_id -> the app's state(s) retargeted to that one node.
- salt/manager/files/beacons_pushstate.conf.jinja: drop the pillar inotify
block, add the pillar_db beacon (interval = push.drain_interval); keep
the suricata/strelka inotify watches.
- salt/salt/files/reactor_pushstate.conf: map salt/beacon/*/pillar_db/
audit_settings to push_pillar.sls; remove the pillar inotify reactor
lines; keep suricata/strelka.
The intent -> so-push-drainer -> orch.push_batch pipeline is unchanged.
Verified end-to-end on a standalone: a grid-wide telegraf.output change
re-applied telegraf fleetwide (container replaced), and a per-host
ntp.config.servers change applied ntp to only that node.
2026-05-29 14:55:13 -04:00
d48a22e37e
Merge pull request #15944 from Security-Onion-Solutions/jertel/wip
...
Jertel/wip
2026-05-28 14:01:42 -04:00
9a70a06b3b
Merge remote-tracking branch 'origin/3/dev' into jertel/wip
2026-05-28 13:55:12 -04:00
526d739b3b
Merge pull request #15940 from Security-Onion-Solutions/TOoSmOotH-patch-4
...
Remove outdated HOTFIX version number
2026-05-28 10:25:28 -04:00
68d783e760
Remove outdated HOTFIX version number
2026-05-28 10:24:47 -04:00
1e9b6b0975
Merge pull request #15939 from Security-Onion-Solutions/3/main
...
main to dev for hotfix
2026-05-28 10:24:21 -04:00
2131e7d450
Merge pull request #15937 from Security-Onion-Solutions/hotfix/3.1.0
...
Hotfix/3.1.0
2026-05-28 10:20:53 -04:00
2a2d853ac4
Merge pull request #15936 from Security-Onion-Solutions/hotfix310
...
3.1.0 hotfix
2026-05-28 09:53:00 -04:00
5abd6de4b5
3.1.0 hotfix
2026-05-28 09:34:17 -04:00
bb8ae91d91
fix so-soc postgres bootstrap
2026-05-27 16:39:52 -04:00
93ffce98d7
add onionconfig and postgres modules to soc config
2026-05-27 15:07:25 -04:00
5599cce22c
Merge pull request #15934 from Security-Onion-Solutions/reyesj2-patch-1
...
keep logstash lumberjack pipeline name update unified
2026-05-27 13:37:41 -05:00
b2a82fec29
fix_logstash_0013_lumberjack_pipeline_name
...
Before removing from apply_hotfix function first verify that older installs < 3.1.0 are still upgradable when referencing 'so/0013_input_lumberjack_fleet.conf' via pillar. Failure to do so will prevent logstash from starting
2026-05-27 13:24:23 -05:00
613eca52fc
update hotfix date
2026-05-27 13:24:10 -05:00
79987f3659
bootstrap so-soc db in postgres during soup
2026-05-27 13:55:30 -04:00
bf609a112e
LF
2026-05-27 12:21:44 -05:00
0b4a4de609
always run logstash pipeline rename
2026-05-27 12:21:22 -05:00
ad376d2a43
Merge pull request #15930 from Security-Onion-Solutions/reyesj2-patch-1
...
check for stale logstash pipeline name in local pillar
2026-05-27 10:16:39 -05:00
0834998cca
usuable for next soup
2026-05-27 09:52:29 -05:00
473f93f0ee
check for stale logstash pipeline name in pillars
2026-05-27 09:33:15 -05:00
16055c4d88
Merge remote-tracking branch 'origin/3/dev' into jertel/wip
2026-05-27 09:18:33 -04:00
6393d08e86
merge
2026-05-27 08:59:28 -04:00
7cc2e045fb
Merge pull request #15925 from Security-Onion-Solutions/reyesj2/soup-heavynode
...
use multiple or combined input
2026-05-26 08:34:33 -05:00
6955ee73bf
Merge pull request #15924 from Security-Onion-Solutions/TOoSmOotH-patch-3
...
Add version number to HOTFIX file
2026-05-26 09:28:41 -04:00
c0272ddb81
Add version number to HOTFIX file
2026-05-26 09:24:10 -04:00
d72219c586
use multiple or combined input
2026-05-22 20:04:21 -05:00
ffd34d4e0e
Merge pull request #15919 from Security-Onion-Solutions/TOoSmOotH-patch-2
...
Add 3.2.0 option to discussion template
2026-05-21 15:58:28 -04:00
aa78978740
Add 3.2.0 option to discussion template
2026-05-21 15:57:57 -04:00
75d4f5e496
Merge pull request #15918 from Security-Onion-Solutions/TOoSmOotH-patch-1
...
Bump version from 3.1.0 to 3.2.0
2026-05-21 15:49:08 -04:00
89a28d2cfe
Bump version from 3.1.0 to 3.2.0
2026-05-21 15:45:58 -04:00
c1d187599b
Merge pull request #15912 from Security-Onion-Solutions/3/dev
...
3.1.0
2026-05-21 15:41:50 -04:00
d87313db27
Merge pull request #15911 from Security-Onion-Solutions/3.1.0
...
3.1.0
2026-05-21 13:50:23 -04:00
141a61f5b5
3.1.0
2026-05-21 13:47:03 -04:00
901cbf03e4
Merge pull request #15907 from Security-Onion-Solutions/reyesj2/es-verify-compat
...
Verify compatibility for all ES nodes in the cluster
2026-05-20 14:16:41 -05:00
b485be4602
separate salt-key command from main es version compatiblity loop
2026-05-20 14:12:58 -05:00
7d13007aa9
block soup if all ES nodes are not online and reporting their ES version for compatibility check
2026-05-20 10:03:37 -05:00
d7a1b67095
use pipefail on heavynode versino command to pass through error
2026-05-20 09:16:57 -05:00
6c8997b28a
verify all heavynodes and all searchnodes are at compatible ES version before attempting an elasticsearch upgrade
2026-05-19 22:27:31 -05:00
58f1d08ebe
Merge pull request #15902 from Security-Onion-Solutions/reyesj2/ea-fleet-sync
...
sync elastic agent packages to fleet nodes
2026-05-19 11:08:48 -05:00
d0aa33a255
sync elastic agent packages to fleet nodes
2026-05-19 10:50:17 -05:00
730c828bec
Merge remote-tracking branch 'origin/jertel/wip' into saltthangs
2026-05-19 10:23:45 -04:00
74b50f6009
Merge pull request #15899 from Security-Onion-Solutions/revert-15895-reyesj2/agentinstall
...
Revert "use -verify flag during grid agent install to ensure agent health"
2026-05-16 10:01:58 -05:00
e89c820b65
Revert "use -verify flag during grid agent install to ensure agent health"
2026-05-16 09:59:14 -05:00
9ac05a6ad1
Merge pull request #15895 from Security-Onion-Solutions/reyesj2/agentinstall
...
use -verify flag during grid agent install to ensure agent health
2026-05-15 12:58:09 -05:00
24ee3318bc
Merge pull request #15898 from Security-Onion-Solutions/jertel/logcheck
...
exclude fps
2026-05-15 11:38:20 -04:00
ce566ba174
exclude fps
2026-05-15 11:36:46 -04:00
2635a60a8c
Merge pull request #15896 from Security-Onion-Solutions/quickfixes2
...
Make so-postgres-backup fail-safe against silent corruption
2026-05-15 09:32:15 -04:00
Josh Patterson
Mike Reeves
Mike Reeves
Jorge Reyes
Jason Ertel
Jason Ertel