mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-07 20:08:03 +02:00
Mike Reeves
7b9ab2d9d1
Drops a local pillar override (postgres.so_pillar.enabled = True) right after secrets_pillar so the install-time highstate brings up schema_pillar, ext_pillar_postgres, and the pg_notify_pillar engine without operator intervention. Without this the whole PG-canonical stack stays gated off on the default-False flag and the install lands in legacy disk-pillar mode — which defeats the point of being on the postsalt branch at all. The new enable_so_pillar_postgres() function in so-functions is idempotent (overwrites adv_postgres.sls with a fixed body) and the generated file is mode 0644 socore:socore so it merges into pillar under the existing local-pillar directory ownership convention. Rollback path: edit /opt/so/saltstack/local/pillar/postgres/adv_postgres.sls to set enabled: False, or delete the file. The schema and engine config states will tear themselves down on the next highstate via their existing else-branch absent states.