mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-10 14:51:56 +02:00
868cd11874
Phase 1 of the PostgreSQL central data platform: - Salt states: init, enabled, disabled, config, ssl, auth, sostatus - TLS via SO CA-signed certs with postgresql.conf template - Two-tier auth: postgres superuser + so_postgres application user - Firewall restricts port 5432 to manager-only (HA-ready) - Wired into top.sls, pillar/top.sls, allowed_states, firewall containers map, docker defaults, CA signing policies, and setup scripts for all manager-type roles
112 lines
2.4 KiB
Django/Jinja
112 lines
2.4 KiB
Django/Jinja
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
|
|
|
{% if GLOBALS.role == 'so-eval' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-dockerregistry',
|
|
'so-elasticsearch',
|
|
'so-elastic-fleet',
|
|
'so-elastic-fleet-package-registry',
|
|
'so-influxdb',
|
|
'so-kibana',
|
|
'so-kratos',
|
|
'so-hydra',
|
|
'so-nginx',
|
|
'so-postgres',
|
|
'so-redis',
|
|
'so-soc',
|
|
'so-strelka-coordinator',
|
|
'so-strelka-gatekeeper',
|
|
'so-strelka-frontend',
|
|
'so-strelka-backend',
|
|
'so-strelka-manager',
|
|
'so-strelka-filestream'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role in ['so-manager', 'so-standalone','so-managersearch', 'so-managerhype'] %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-dockerregistry',
|
|
'so-elasticsearch',
|
|
'so-elastic-fleet',
|
|
'so-elastic-fleet-package-registry',
|
|
'so-influxdb',
|
|
'so-kafka',
|
|
'so-kibana',
|
|
'so-kratos',
|
|
'so-hydra',
|
|
'so-logstash',
|
|
'so-nginx',
|
|
'so-postgres',
|
|
'so-redis',
|
|
'so-soc',
|
|
'so-strelka-coordinator',
|
|
'so-strelka-gatekeeper',
|
|
'so-strelka-frontend',
|
|
'so-strelka-backend',
|
|
'so-strelka-manager',
|
|
'so-strelka-filestream'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-searchnode' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-elasticsearch',
|
|
'so-logstash',
|
|
'so-nginx'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-heavynode' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-elasticsearch',
|
|
'so-elastic-agent',
|
|
'so-logstash',
|
|
'so-nginx',
|
|
'so-redis',
|
|
'so-strelka-coordinator',
|
|
'so-strelka-gatekeeper',
|
|
'so-strelka-frontend',
|
|
'so-strelka-backend',
|
|
'so-strelka-manager',
|
|
'so-strelka-filestream'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-import' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-dockerregistry',
|
|
'so-elasticsearch',
|
|
'so-elastic-fleet',
|
|
'so-elastic-fleet-package-registry',
|
|
'so-influxdb',
|
|
'so-kibana',
|
|
'so-kratos',
|
|
'so-hydra',
|
|
'so-nginx',
|
|
'so-postgres',
|
|
'so-soc'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-receiver' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-logstash',
|
|
'so-redis',
|
|
'so-kafka'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-idh' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-idh',
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-fleet' %}
|
|
{% set NODE_CONTAINERS = [
|
|
'so-elastic-fleet',
|
|
'so-logstash',
|
|
'so-nginx-fleet-node'
|
|
] %}
|
|
|
|
{% elif GLOBALS.role == 'so-sensor' %}
|
|
{% set NODE_CONTAINERS = [] %}
|
|
|
|
{% else %}
|
|
{% set NODE_CONTAINERS = [] %}
|
|
|
|
{% endif %}
|