Merge pull request #12860 from Security-Onion-Solutions/issue/12856

allow for enabled/disable of so-elasticsearch-indices-delete cronjob
2025-12-06 17:22:49 +01:00 · 2024-04-25 09:07:44 -04:00
parent 983ef362e9 d50de804a8
commit 03f9160fcc
3 changed files with 16 additions and 4 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -1,4 +1,6 @@
 elasticsearch:
+  enabled: false
+  index_clean: true
  config:
    action:
      destructive_requires_name: true
@@ -54,7 +56,6 @@ elasticsearch:
            enabled: true
            key: /usr/share/elasticsearch/config/elasticsearch.key
            verification_mode: none
-  enabled: false
  pipelines:
    custom001:
      description: Custom Pipeline
--- a/salt/elasticsearch/enabled.sls
+++ b/salt/elasticsearch/enabled.sls
@@ -200,9 +200,15 @@ so-elasticsearch-roles-load:
    - require:
      - docker_container: so-elasticsearch
      - file: elasticsearch_sbin_jinja
-{% if grains.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager'] %}
+
+{%     if grains.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager'] %}
+{%       if ELASTICSEARCHMERGED.index_clean %}
+{%         set ap = "present" %}
+{%       else %}
+{%         set ap = "absent" %}
+{%       endif %}
 so-elasticsearch-indices-delete:
-  cron.present:
+  cron.{{ap}}:
    - name: /usr/sbin/so-elasticsearch-indices-delete > /opt/so/log/elasticsearch/cron-elasticsearch-indices-delete.log 2>&1
    - identifier: so-elasticsearch-indices-delete
    - user: root
@@ -211,7 +217,8 @@ so-elasticsearch-indices-delete:
    - daymonth: '*'
    - month: '*'
    - dayweek: '*'
-{% endif %}
+{%     endif %}
+
 {%   endif %}

 {% else %}
--- a/salt/elasticsearch/soc_elasticsearch.yaml
+++ b/salt/elasticsearch/soc_elasticsearch.yaml
@@ -5,6 +5,10 @@ elasticsearch:
  esheap:
    description: Specify the memory heap size in (m)egabytes for Elasticsearch.
    helpLink: elasticsearch.html
+  index_clean:
+    description: Determines if indices should be considered for deletion by available disk space in the cluster. Otherwise, indices will only be deleted by the age defined in the ILM settings.
+    forcedType: bool
+    helpLink: elasticsearch.html
  retention: 
    retention_pct:
      decription: Total percentage of space used by Elasticsearch for multi node clusters