mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-27 20:58:10 +02:00
Josh Patterson
dfdb1fbaeb
The active-push tunables (enabled, highstate_interval_hours, debounce_seconds,
drain_interval, batch, batch_wait) described how Salt auto-applies changes, not
general grid config, so relocate them from the global namespace to a new
salt.auto_apply settings module.
- Add salt/salt/{defaults.yaml,auto_apply.map.jinja,soc_salt.yaml,adv_salt.yaml}.
auto_apply.map.jinja is a dedicated, side-effect-free merge map (the existing
salt/salt/map.jinja dereferences pillar.host.mainint at import time).
- Remove the push blocks from salt/global/{defaults,soc_global}.yaml.
- Register salt.soc_salt/salt.adv_salt in pillar/top.sls; seed the local pillar
stubs for fresh installs (make_some_dirs) and upgrades (ensure_salt_local_pillar
in soup, wired into up_to_3.2.0).
- Repoint all consumers: GLOBALMERGED.push.* -> AUTOAPPLY.* (schedule, salt
master, manager beacons, beacons_pushstate, orch.push_batch) and
pillar.get('global:push...') -> 'salt:auto_apply...' (push reactors,
so-push-drainer).
- Add a salt: fleetwide-highstate entry to pillar_push_map.yaml so edits keep
applying immediately, matching the prior global-namespace behavior.
27 lines
686 B
Plaintext
27 lines
686 B
Plaintext
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
|
{% from 'salt/auto_apply.map.jinja' import AUTOAPPLY %}
|
|
|
|
highstate_schedule:
|
|
schedule.present:
|
|
- function: state.highstate
|
|
- hours: {{ AUTOAPPLY.highstate_interval_hours }}
|
|
- maxrunning: 1
|
|
{% if not GLOBALS.is_manager %}
|
|
- splay: 1800
|
|
{% endif %}
|
|
|
|
{% if GLOBALS.is_manager and AUTOAPPLY.enabled %}
|
|
push_drain_schedule:
|
|
schedule.present:
|
|
- function: cmd.run
|
|
- job_args:
|
|
- /usr/sbin/so-push-drainer
|
|
- seconds: {{ AUTOAPPLY.drain_interval }}
|
|
- maxrunning: 1
|
|
- return_job: False
|
|
{% elif GLOBALS.is_manager %}
|
|
push_drain_schedule:
|
|
schedule.absent:
|
|
- name: push_drain_schedule
|
|
{% endif %}
|