Merge pull request #9979 from Security-Onion-Solutions/esfun

Elastic Fixes
2025-12-06 09:12:45 +01:00 · 2023-03-22 08:51:24 -04:00
parent 07f303205a 007e2baf41
commit 00b1ecb7d9
6 changed files with 14 additions and 76 deletions
--- a/salt/common/tools/sbin/so-minion
+++ b/salt/common/tools/sbin/so-minion
@@ -129,10 +129,6 @@ function add_elastic_to_minion() {
    printf '%s\n'\
 		"elasticsearch:"\
 		"  esheap: '$ES_HEAP_SIZE'"\
-		"  config:"\
-		"    node:"\
-		"      attr:"\
-		"        box_type: hot"\
 		"  " >> $PILLARFILE
 }

--- a/salt/elasticsearch/config.map.jinja
+++ b/salt/elasticsearch/config.map.jinja
@@ -4,26 +4,23 @@

 {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}

-{% if grains.id.split('_') | last in ['manager','managersearch'] %}
+{% if grains.id.split('_') | last in ['manager','managersearch','standalone'] %}
    {% if LOGSTASH_NODES | length > 1 %}
-    {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
-    {% if HIGHLANDER %}
-        {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'transform']) %}
+      {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': []}}) %}
+      {% for NODE in LOGSTASH_NODES %}
+        {% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(NODE.keys()|first) %}
+      {% endfor %}
+      {% if grains.id.split('_') | last == 'manager' %}
+        {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master','remote_cluster_client']}) %}
+      {% else %}
+        {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
+      {% endif %}
    {% endif %}
-    {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': []}}) %}
-    {% for NODE in LOGSTASH_NODES %}
-      {% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(NODE.keys()|first) %}
-    {% endfor %}
-  {% endif %}
-  {% if grains.id.split('_') | last == 'manager' %}
-    {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': ''}) %}
-  {% endif %}
-{% elif grains.id.split('_') | last not in ['eval', 'standalone', 'import'] %}
+{% elif grains.id.split('_') | last == 'searchnode' %}
  {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %}
  {% if HIGHLANDER %}
        {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master', 'transform']) %}
  {% endif %}
-  {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %}
  {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [GLOBALS.manager]}}) %}
 {% endif %}
 {% if HIGHLANDER %}
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -1,8 +1,6 @@
 elasticsearch:
  config:
-    node:
-      attr:
-        box_type: hot
+    node: {}
    cluster:
      routing:
        allocation:
--- a/salt/elasticsearch/templates/component/so/case-settings.json
+++ b/salt/elasticsearch/templates/component/so/case-settings.json
@@ -2,13 +2,6 @@
  "template": {
    "settings": {
      "index": {
-        "routing": {
-          "allocation": {
-            "require": {
-              "box_type": "hot"
-            }
-          }
-        },
        "mapping": {
          "total_fields": {
            "limit": "3000"
--- a/salt/elasticsearch/templates/component/so/common-settings.json
+++ b/salt/elasticsearch/templates/component/so/common-settings.json
@@ -2,13 +2,6 @@
  "template": {
    "settings": {
      "index": {
-        "routing": {
-          "allocation": {
-            "require": {
-              "box_type": "hot"
-            }
-          }
-        },
        "mapping": {
          "total_fields": {
            "limit": "3000"
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -295,6 +295,7 @@ role:
              - {{ portgroups.sensoroni }}
              - {{ portgroups.yum }}
              - {{ portgroups.redis }}
+              - {{ portgroups.elasticsearch_rest }}
              - {{ portgroups.elasticsearch_node }}
          heavynodes:
            portgroups:
@@ -303,6 +304,7 @@ role:
              - {{ portgroups.sensoroni }}
              - {{ portgroups.yum }}
              - {{ portgroups.redis }}
+              - {{ portgroups.elasticsearch_rest }}
              - {{ portgroups.elasticsearch_node }}
          self:
            portgroups:
@@ -355,47 +357,6 @@ role:
          heavynodes:
            portgroups:
              - {{ portgroups.salt_manager }}
-  helixsensor:
-    chain:
-      DOCKER-USER:
-        hostgroups:
-          manager:
-            portgroups:
-              - {{ portgroups.playbook }}
-              - {{ portgroups.mysql }}
-              - {{ portgroups.kibana }}
-              - {{ portgroups.redis }}
-              - {{ portgroups.influxdb }}
-              - {{ portgroups.elasticsearch_rest }}
-              - {{ portgroups.elasticsearch_node }}
-          sensors:
-            portgroups:
-              - {{ portgroups.beats_5044 }}
-              - {{ portgroups.beats_5644 }}
-          searchnodes:
-            portgroups:
-              - {{ portgroups.redis }}
-              - {{ portgroups.elasticsearch_node }}
-          self:
-            portgroups:
-              - {{ portgroups.syslog}}
-          beats_endpoint:
-            portgroups:
-              - {{ portgroups.beats_5044 }}
-          analyst:
-            portgroups:
-              - {{ portgroups.nginx }}
-      INPUT:
-        hostgroups:
-          anywhere:
-            portgroups:
-              - {{ portgroups.ssh }}
-          dockernet:
-            portgroups:
-              - {{ portgroups.all }}
-          localhost:
-            portgroups:
-              - {{ portgroups.all }}
  searchnode:
    chain:
      DOCKER-USER: