CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b4d471d7eea032b42089890ba4cb1ddcadca253
securityonion/salt/libvirt/init.sls
Josh Patterson 8ea66bb0e9 create libvirt volumes directory
2025-10-30 11:02:36 -04:00

126 lines
3.5 KiB
Plaintext
Raw Blame History

# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
#
# Note: Per the Elastic License 2.0, the second limitation states:
#
# "You may not move, change, disable, or circumvent the license key functionality
# in the software, and you may not remove or obscure any functionality in the
# software that is protected by the license key."
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %}
{% if 'vrt' in salt['pillar.get']('features', []) %}
{% from 'libvirt/map.jinja' import LIBVIRTMERGED %}
{% from 'salt/map.jinja' import SYSTEMD_UNIT_FILE %}
include:
- libvirt.64962
- libvirt.packages
- libvirt.ssh.users
install_libvirt:
pkg.installed:
- name: libvirt
libvirt_conf_dir:
file.directory:
- name: /opt/so/conf/libvirt
- user: 939
- group: 939
- makedirs: True
libvirt_volumes:
file.directory:
- name: /nsm/libvirt/volumes
- user: qemu
- group: qemu
- dir_mode: 755
- file_mode: 640
- recurse:
- user
- group
- mode
- makedirs: True
libvirt_config:
file.managed:
- name: /opt/so/conf/libvirt/libvirtd.conf
- source: salt://libvirt/etc/libvirtd.conf
# - source: salt://libvirt/etc/libvirtd.conf.jinja
# - template: jinja
# - defaults:
# LIBVIRTMERGED: {{ LIBVIRTMERGED }}
# since the libvirtd service looks for the config at /etc/libvirt/libvirtd.conf, and we dont want to manage the service looking in a new location, create this symlink to the managed config
config_symlink:
file.symlink:
- name: /etc/libvirt/libvirtd.conf
- target: /opt/so/conf/libvirt/libvirtd.conf
- force: True
- user: qemu
- group: qemu
libvirt_service:
service.running:
- name: libvirtd
- enable: True
- watch:
- file: libvirt_config
# places cacert, clientcert, clientkey, servercert and serverkey
# /etc/pki/CA/cacert.pem
# /etc/pki/libvirt/clientcert.pem and /etc/pki/libvirt/servercert.pem
# /etc/pki/libvirt/private/clientkey.pem and /etc/pki/libvirt/private/serverkey.pem
libvirt_keys:
virt.keys:
- name: libvirt_keys
install_qemu:
pkg.installed:
- name: qemu-kvm
create_host_bridge:
virt.network_running:
- name: host-bridge
- bridge: br0
- forward: bridge
- autostart: True
# Disable the default storage pool to avoid conflicts
disable_default_pool:
cmd.run:
- name: virsh pool-destroy default && virsh pool-autostart default --disable
- onlyif: virsh pool-list | grep default
- require:
- pkg: install_libvirt-client
- service: libvirt_service
disable_default_bridge:
cmd.run:
- name: virsh net-destroy default && virsh net-autostart default --disable
- require:
- pkg: install_libvirt-client
- service: libvirt_service
- onlyif:
- virsh net-list | grep default
{% else %}
{{sls}}_no_license_detected:
test.fail_without_changes:
- name: {{sls}}_no_license_detected
- comment:
- "Hypervisor nodes are a feature supported only for customers with a valid license.
Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
for more information about purchasing a license to enable this feature."
{% endif %}
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}
Reference in New Issue View Git Blame Copy Permalink