CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9979 from Security-Onion-Solutions/esfun

Browse Source 
Elastic Fixes
This commit is contained in:
Mike Reeves
2023-03-22 08:51:24 -04:00
committed by GitHub
parent 07f303205a 007e2baf41
commit 00b1ecb7d9
6 changed files with 14 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/common/tools/sbin/so-minion
View File

@@ -129,10 +129,6 @@ function add_elastic_to_minion() {
printf '%s\n'\ printf '%s\n'\
"elasticsearch:"\ "elasticsearch:"\
" esheap: '$ES_HEAP_SIZE'"\ " esheap: '$ES_HEAP_SIZE'"\
" config:"\
" node:"\
" attr:"\
" box_type: hot"\
" " >> $PILLARFILE " " >> $PILLARFILE
} }

15
salt/elasticsearch/config.map.jinja
View File

@@ -4,26 +4,23 @@
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %} {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
{% if grains.id.split('_') | last in ['manager','managersearch'] %} {% if grains.id.split('_') | last in ['manager','managersearch','standalone'] %}
{% if LOGSTASH_NODES | length > 1 %} {% if LOGSTASH_NODES | length > 1 %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
{% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'transform']) %}
{% endif %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': []}}) %} {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': []}}) %}
{% for NODE in LOGSTASH_NODES %} {% for NODE in LOGSTASH_NODES %}
{% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(NODE.keys()|first) %} {% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(NODE.keys()|first) %}
{% endfor %} {% endfor %}
{% endif %}
{% if grains.id.split('_') | last == 'manager' %} {% if grains.id.split('_') | last == 'manager' %}
{% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': ''}) %} {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master','remote_cluster_client']}) %}
{% else %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
{% endif %} {% endif %}
{% elif grains.id.split('_') | last not in ['eval', 'standalone', 'import'] %} {% endif %}
{% elif grains.id.split('_') | last == 'searchnode' %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %} {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %}
{% if HIGHLANDER %} {% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master', 'transform']) %} {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master', 'transform']) %}
{% endif %} {% endif %}
{% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [GLOBALS.manager]}}) %} {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [GLOBALS.manager]}}) %}
{% endif %} {% endif %}
{% if HIGHLANDER %} {% if HIGHLANDER %}

4
salt/elasticsearch/defaults.yaml
View File

@@ -1,8 +1,6 @@
elasticsearch: elasticsearch:
config: config:
node: node: {}
attr:
box_type: hot
cluster: cluster:
routing: routing:
allocation: allocation:

7
salt/elasticsearch/templates/component/so/case-settings.json
View File

@@ -2,13 +2,6 @@
"template": { "template": {
"settings": { "settings": {
"index": { "index": {
"routing": {
"allocation": {
"require": {
"box_type": "hot"
}
}
},
"mapping": { "mapping": {
"total_fields": { "total_fields": {
"limit": "3000" "limit": "3000"

7
salt/elasticsearch/templates/component/so/common-settings.json
View File

@@ -2,13 +2,6 @@
"template": { "template": {
"settings": { "settings": {
"index": { "index": {
"routing": {
"allocation": {
"require": {
"box_type": "hot"
}
}
},
"mapping": { "mapping": {
"total_fields": { "total_fields": {
"limit": "3000" "limit": "3000"

43
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -295,6 +295,7 @@ role:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
- {{ portgroups.yum }} - {{ portgroups.yum }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavynodes: heavynodes:
portgroups: portgroups:
@@ -303,6 +304,7 @@ role:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
- {{ portgroups.yum }} - {{ portgroups.yum }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
self: self:
portgroups: portgroups:
@@ -355,47 +357,6 @@ role:
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.salt_manager }} - {{ portgroups.salt_manager }}
helixsensor:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
sensors:
portgroups:
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
searchnodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
searchnode: searchnode:
chain: chain:
DOCKER-USER: DOCKER-USER: