mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-09 04:42:40 +02:00
Mike Reeves
72105f1f2f
New minions run highstate as part of onboarding, which already applies the telegraf state with the fresh pillar entry we just wrote. Pushing telegraf a second time from the reactor is redundant. - Remove the MINION-scoped salt.state block from the orch; keep only the manager-side postgres.auth + postgres.telegraf_users provisioning. - Stop passing minion_id as pillar in the reactor; the orch doesn't reference it anymore.
20 lines
865 B
Plaintext
20 lines
865 B
Plaintext
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
{% set MANAGER = salt['pillar.get']('setup:manager') or salt['grains.get']('master') %}
|
|
|
|
# Fired by salt/reactor/telegraf_user_sync.sls when salt-key accepts a new
|
|
# minion. Only provisions the per-minion pillar entry and DB role on the
|
|
# manager; the minion itself will pick up its telegraf config on its first
|
|
# highstate during onboarding, so there's no need to push the telegraf state
|
|
# from here.
|
|
manager_sync_telegraf_pg_users:
|
|
salt.state:
|
|
- tgt: {{ MANAGER }}
|
|
- sls:
|
|
- postgres.auth
|
|
- postgres.telegraf_users
|
|
- queue: True
|