securityonion

CSEC_PUBLIC/securityonion

Fork 0

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-28 13:18:13 +02:00

Commit Graph

Author	SHA1	Message	Date
Josh Patterson	dfdb1fbaeb	Move global.push config to salt.auto_apply The active-push tunables (enabled, highstate_interval_hours, debounce_seconds, drain_interval, batch, batch_wait) described how Salt auto-applies changes, not general grid config, so relocate them from the global namespace to a new salt.auto_apply settings module. - Add salt/salt/{defaults.yaml,auto_apply.map.jinja,soc_salt.yaml,adv_salt.yaml}. auto_apply.map.jinja is a dedicated, side-effect-free merge map (the existing salt/salt/map.jinja dereferences pillar.host.mainint at import time). - Remove the push blocks from salt/global/{defaults,soc_global}.yaml. - Register salt.soc_salt/salt.adv_salt in pillar/top.sls; seed the local pillar stubs for fresh installs (make_some_dirs) and upgrades (ensure_salt_local_pillar in soup, wired into up_to_3.2.0). - Repoint all consumers: GLOBALMERGED.push.* -> AUTOAPPLY.* (schedule, salt master, manager beacons, beacons_pushstate, orch.push_batch) and pillar.get('global:push...') -> 'salt:auto_apply...' (push reactors, so-push-drainer). - Add a salt: fleetwide-highstate entry to pillar_push_map.yaml so edits keep applying immediately, matching the prior global-namespace behavior.	2026-06-24 15:17:48 -04:00
Mike Reeves	a0cf0489d6	reduce highstate frequency with active push for rules and pillars - schedule highstate every 2 hours (was 15 minutes); interval lives in global:push:highstate_interval_hours so the SOC admin UI can tune it and so-salt-minion-check derives its threshold as (interval + 1) * 3600 - add inotify beacon on the manager + master reactor + orch.push_batch that writes per-app intent files, with a so-push-drainer schedule on the manager that debounces, dedupes, and dispatches a single orchestration - pillar_push_map.yaml allowlists the apps whose pillar changes trigger an immediate targeted state.apply (targets verified against salt/top.sls); edits under pillar/minions/ trigger a state.highstate on that one minion - host-batch every push orchestration (batch: 25%, batch_wait: 15) so rule changes don't thundering-herd large fleets - new global:push:enabled kill-switch tears down the beacon, reactor config, and drainer schedule on the next highstate for operators who want to keep highstate-only behavior - set restart_policy: unless-stopped on 23 container states so docker recovers crashes without waiting for the next highstate; leave registry (always), strelka/backend (on-failure), kratos, and hydra alone with inline comments explaining why	2026-04-10 15:43:16 -04:00

Author

SHA1

Message

Date

Josh Patterson

dfdb1fbaeb

Move global.push config to salt.auto_apply

The active-push tunables (enabled, highstate_interval_hours, debounce_seconds,
drain_interval, batch, batch_wait) described how Salt auto-applies changes, not
general grid config, so relocate them from the global namespace to a new
salt.auto_apply settings module.

- Add salt/salt/{defaults.yaml,auto_apply.map.jinja,soc_salt.yaml,adv_salt.yaml}.
  auto_apply.map.jinja is a dedicated, side-effect-free merge map (the existing
  salt/salt/map.jinja dereferences pillar.host.mainint at import time).
- Remove the push blocks from salt/global/{defaults,soc_global}.yaml.
- Register salt.soc_salt/salt.adv_salt in pillar/top.sls; seed the local pillar
  stubs for fresh installs (make_some_dirs) and upgrades (ensure_salt_local_pillar
  in soup, wired into up_to_3.2.0).
- Repoint all consumers: GLOBALMERGED.push.* -> AUTOAPPLY.* (schedule, salt
  master, manager beacons, beacons_pushstate, orch.push_batch) and
  pillar.get('global:push...') -> 'salt:auto_apply...' (push reactors,
  so-push-drainer).
- Add a salt: fleetwide-highstate entry to pillar_push_map.yaml so edits keep
  applying immediately, matching the prior global-namespace behavior.

2026-06-24 15:17:48 -04:00

Mike Reeves

a0cf0489d6

reduce highstate frequency with active push for rules and pillars

- schedule highstate every 2 hours (was 15 minutes); interval lives in
  global:push:highstate_interval_hours so the SOC admin UI can tune it and
  so-salt-minion-check derives its threshold as (interval + 1) * 3600
- add inotify beacon on the manager + master reactor + orch.push_batch that
  writes per-app intent files, with a so-push-drainer schedule on the manager
  that debounces, dedupes, and dispatches a single orchestration
- pillar_push_map.yaml allowlists the apps whose pillar changes trigger an
  immediate targeted state.apply (targets verified against salt/top.sls);
  edits under pillar/minions/ trigger a state.highstate on that one minion
- host-batch every push orchestration (batch: 25%, batch_wait: 15) so rule
  changes don't thundering-herd large fleets
- new global:push:enabled kill-switch tears down the beacon, reactor config,
  and drainer schedule on the next highstate for operators who want to keep
  highstate-only behavior
- set restart_policy: unless-stopped on 23 container states so docker
  recovers crashes without waiting for the next highstate; leave registry
  (always), strelka/backend (on-failure), kratos, and hydra alone with
  inline comments explaining why

2026-04-10 15:43:16 -04:00

2 Commits