mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-09 06:11:56 +02:00
868cd11874
Phase 1 of the PostgreSQL central data platform: - Salt states: init, enabled, disabled, config, ssl, auth, sostatus - TLS via SO CA-signed certs with postgresql.conf template - Two-tier auth: postgres superuser + so_postgres application user - Firewall restricts port 5432 to manager-only (HA-ready) - Wired into top.sls, pillar/top.sls, allowed_states, firewall containers map, docker defaults, CA signing policies, and setup scripts for all manager-type roles
28 lines
751 B
Plaintext
28 lines
751 B
Plaintext
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
{% from 'allowed_states.map.jinja' import allowed_states %}
|
|
{% if sls.split('.')[0] in allowed_states %}
|
|
|
|
include:
|
|
- postgres.sostatus
|
|
|
|
so-postgres:
|
|
docker_container.absent:
|
|
- force: True
|
|
|
|
so-postgres_so-status.disabled:
|
|
file.comment:
|
|
- name: /opt/so/conf/so-status/so-status.conf
|
|
- regex: ^so-postgres$
|
|
|
|
{% else %}
|
|
|
|
{{sls}}_state_not_allowed:
|
|
test.fail_without_changes:
|
|
- name: {{sls}}_state_not_allowed
|
|
|
|
{% endif %}
|