mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-28 13:18:13 +02:00
Josh Patterson
dfdb1fbaeb
The active-push tunables (enabled, highstate_interval_hours, debounce_seconds,
drain_interval, batch, batch_wait) described how Salt auto-applies changes, not
general grid config, so relocate them from the global namespace to a new
salt.auto_apply settings module.
- Add salt/salt/{defaults.yaml,auto_apply.map.jinja,soc_salt.yaml,adv_salt.yaml}.
auto_apply.map.jinja is a dedicated, side-effect-free merge map (the existing
salt/salt/map.jinja dereferences pillar.host.mainint at import time).
- Remove the push blocks from salt/global/{defaults,soc_global}.yaml.
- Register salt.soc_salt/salt.adv_salt in pillar/top.sls; seed the local pillar
stubs for fresh installs (make_some_dirs) and upgrades (ensure_salt_local_pillar
in soup, wired into up_to_3.2.0).
- Repoint all consumers: GLOBALMERGED.push.* -> AUTOAPPLY.* (schedule, salt
master, manager beacons, beacons_pushstate, orch.push_batch) and
pillar.get('global:push...') -> 'salt:auto_apply...' (push reactors,
so-push-drainer).
- Add a salt: fleetwide-highstate entry to pillar_push_map.yaml so edits keep
applying immediately, matching the prior global-namespace behavior.
38 lines
1.1 KiB
Plaintext
38 lines
1.1 KiB
Plaintext
{% from 'salt/auto_apply.map.jinja' import AUTOAPPLY %}
|
|
{% set actions = salt['pillar.get']('actions', []) %}
|
|
{% set BATCH = AUTOAPPLY.batch %}
|
|
{% set BATCH_WAIT = AUTOAPPLY.batch_wait %}
|
|
|
|
{% for action in actions %}
|
|
{% if action.get('highstate') %}
|
|
apply_highstate_{{ loop.index }}:
|
|
salt.state:
|
|
- tgt: '{{ action.tgt }}'
|
|
- tgt_type: {{ action.get('tgt_type', 'compound') }}
|
|
- highstate: True
|
|
- batch: {{ action.get('batch', BATCH) }}
|
|
- batch_wait: {{ action.get('batch_wait', BATCH_WAIT) }}
|
|
- kwarg:
|
|
queue: 2
|
|
{% else %}
|
|
refresh_pillar_{{ loop.index }}:
|
|
salt.function:
|
|
- name: saltutil.refresh_pillar
|
|
- tgt: '{{ action.tgt }}'
|
|
- tgt_type: {{ action.get('tgt_type', 'compound') }}
|
|
|
|
apply_{{ action.state | replace('.', '_') }}_{{ loop.index }}:
|
|
salt.state:
|
|
- tgt: '{{ action.tgt }}'
|
|
- tgt_type: {{ action.get('tgt_type', 'compound') }}
|
|
- sls:
|
|
- {{ action.state }}
|
|
- batch: {{ action.get('batch', BATCH) }}
|
|
- batch_wait: {{ action.get('batch_wait', BATCH_WAIT) }}
|
|
- kwarg:
|
|
queue: 2
|
|
- require:
|
|
- salt: refresh_pillar_{{ loop.index }}
|
|
{% endif %}
|
|
{% endfor %}
|