From 4c67695cd05b270d39cfdc03d05be1995052d298 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:06:29 +0000 Subject: [PATCH 1/9] Setup - Set cur_close_days and log_size_limit --- so-setup-network.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/so-setup-network.sh b/so-setup-network.sh index 21179a18d..5e46412c7 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -22,6 +22,7 @@ NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \" CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l) LISTCORES=$(cat /proc/cpuinfo | grep processor | awk '{print $3 " \"" "core" "\""}') RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) +NODE_ES_PORT="9200" # End Global Variable Section @@ -393,6 +394,16 @@ get_filesystem_nsm(){ FSNSM=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') } +get_log_size_limit() { + + DISK_SIZE_K=`df /nsm |grep -v "^Filesystem" | awk '{print $2}'` + PERCENTAGE=85 + DISK_SIZE=DISK_SIZE_K*1000 + PERCENTAGE_DISK_SPACE=`echo $(($DISK_SIZE*$PERCENTAGE/100))` + LOG_SIZE_LIMIT=$(($PERCENTAGE_DISK_SPACE/1000000000)) + +} + get_filesystem_root(){ FSROOT=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') } @@ -536,6 +547,9 @@ node_pillar() { echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $TMP/$HOSTNAME.sls echo " es_shard_count: $SHARDCOUNT" >> $TMP/$HOSTNAME.sls echo " node_type: $NODETYPE" >> $TMP/$HOSTNAME.sls + echo " es_port: $NODE_ES_PORT" >> $TMP/$HOSTNAME.sls + echo " log_size_limit: $LOG_SIZE_LIMIT" >> $TMP/$HOSTNAME.sls + echo " cur_close_days: $CURCLOSEDAYS" >> $TMP/$HOSTNAME.sls } @@ -928,6 +942,16 @@ whiptail_check_exitstatus() { } +whiptail_cur_close_days() { + + CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \ + "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 60 $CURCLOSEDAYS 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_homenet_master() { # Ask for the HOME_NET on the master @@ -975,6 +999,18 @@ whiptail_install_type() { } +whiptail_log_size_limit() { + + LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \ + "Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \ + By default, this is set to 85% of the disk space allotted for /nsm." 10 60 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + + whiptail_management_nic() { MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) @@ -1504,11 +1540,13 @@ if (whiptail_you_sure); then NSMSETUP=BASIC NIDS=Suricata BROVERSION=ZEEK + CURCLOSEDAYS=30 whiptail_make_changes clear_master mkdir -p /nsm get_filesystem_root get_filesystem_nsm + get_log_size_limit get_main_ip # Add the user so we can sit back and relax echo "" @@ -1549,6 +1587,10 @@ if (whiptail_you_sure); then whiptail_management_server whiptail_master_updates set_updates + get_log_size_limit + whiptail_log_size_limit + CURCLOSEDAYS=30 + whiptail_cur_close_days es_heapsize ls_heapsize whiptail_node_advanced From ce70e590a1a24c9fa9202b8e6bece68af411caff Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:09:07 +0000 Subject: [PATCH 2/9] Curator - break out from ES and add config --- salt/curator/files/action/close.yml | 34 +++++ salt/curator/files/action/delete.yml | 26 ++++ salt/curator/files/bin/so-curator-close | 2 + .../files/bin/so-curator-closed-delete | 41 ++++++ .../files/bin/so-curator-closed-delete-delete | 50 +++++++ salt/curator/files/bin/so-curator-delete | 2 + salt/curator/files/curator.yml | 26 ++++ salt/curator/init.sls | 136 ++++++++++++++++++ 8 files changed, 317 insertions(+) create mode 100644 salt/curator/files/action/close.yml create mode 100644 salt/curator/files/action/delete.yml create mode 100644 salt/curator/files/bin/so-curator-close create mode 100755 salt/curator/files/bin/so-curator-closed-delete create mode 100755 salt/curator/files/bin/so-curator-closed-delete-delete create mode 100644 salt/curator/files/bin/so-curator-delete create mode 100644 salt/curator/files/curator.yml create mode 100644 salt/curator/init.sls diff --git a/salt/curator/files/action/close.yml b/salt/curator/files/action/close.yml new file mode 100644 index 000000000..70d7fa119 --- /dev/null +++ b/salt/curator/files/action/close.yml @@ -0,0 +1,34 @@ +{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{%- set cur_close_days = salt['pillar.get']('node:cur_close_days', '') -%} +{%- endif %} + +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: close + description: >- + Close indices older than {{cur_close_days}} days (based on index name), for logstash- + prefixed indices. + options: + delete_aliases: False + timeout_override: + continue_if_exception: False + disable_action: False + filters: + - filtertype: pattern + kind: prefix + value: logstash- + exclude: + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: {{cur_close_days}} + exclude: diff --git a/salt/curator/files/action/delete.yml b/salt/curator/files/action/delete.yml new file mode 100644 index 000000000..07c19a2ca --- /dev/null +++ b/salt/curator/files/action/delete.yml @@ -0,0 +1,26 @@ +{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{%- set log_size_limit = salt['pillar.get']('node:log_size_limit', '') -%} +{%- endif %} +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +# +# Also remember that all examples have 'disable_action' set to True. If you +# want to use this action as a template, be sure to set this to False after +# copying it. +actions: + 1: + action: delete_indices + description: >- + Delete indices when {{log_size_limit}}(GB) is exceeded. + options: + ignore_empty_list: True + disable_action: False + filters: + - filtertype: pattern + kind: prefix + value: logstash- + - filtertype: space + source: creation_date + use_age: True + disk_space: {{log_size_limit}} diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close new file mode 100644 index 000000000..dff6bbb39 --- /dev/null +++ b/salt/curator/files/bin/so-curator-close @@ -0,0 +1,2 @@ +#!/bin/bash +/usr/sbin/so-curator-closed-delete > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/close.yml > /dev/null 2>&1 diff --git a/salt/curator/files/bin/so-curator-closed-delete b/salt/curator/files/bin/so-curator-closed-delete new file mode 100755 index 000000000..000d1cbd0 --- /dev/null +++ b/salt/curator/files/bin/so-curator-closed-delete @@ -0,0 +1,41 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +#. /usr/sbin/so-elastic-common +#. /etc/nsm/securityonion.conf + +# If logrotate script doesn't already exist, create it +#FILE="/etc/logrotate.d/so-curator-closed-delete" +#if ! [ -f ${FILE} ]; then +# cat << EOF > ${FILE} +#/var/log/nsm/so-curator-closed-delete.log { +# daily +# rotate 7 +# copytruncate +# compress +# missingok +# notifempty +#} +#EOF +#fi + +# Avoid starting multiple instances +if pgrep -f "so-curator-closed-delete-delete" >/dev/null; then + echo "Script is already running." +else + /usr/local/bin/so-curator-closed-delete-delete +fi diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete new file mode 100755 index 000000000..4b4c5344c --- /dev/null +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -0,0 +1,50 @@ + +{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{%- set ELASTICSEARCH_HOST = salt['pillar.get']('node:mainip', '') -%} +{%- set ELASTICSEARCH_PORT = salt['pillar.get']('node:es_port', '') -%} +{%- set LOG_SIZE_LIMIT = salt['pillar.get']('node:log_size_limit', '') -%} +{%- endif %} + +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +#. /usr/sbin/so-elastic-common +#. /etc/nsm/securityonion.conf + +LOG="/opt/so/log/curator/so-curator-closed-delete.log" + +# Check for 2 conditions: +# 1. Are Elasticsearch indices using more disk space than LOG_SIZE_LIMIT? +# 2. Are there any closed logstash- indices that we can delete? +# If both conditions are true, keep on looping until one of the conditions is false. +while [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]] && +curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep "^ close logstash-" > /dev/null; do + + # We need to determine OLDEST_INDEX. + # First, get the list of closed indices that are prefixed with "logstash-". + # For example: logstash-ids-YYYY.MM.DD + # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. + # Finally, select the first entry in that sorted list. + OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep "^ close logstash-" | awk '{print $2}' | sort -t- -k3 | head -1) + + # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. + curl -XDELETE {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} + + # Finally, write a log entry that says we deleted it. + echo "$(date) - Used disk space exceeds LOG_SIZE_LIMIT ({{LOG_SIZE_LIMIT}} GB) - Index ${OLDEST_INDEX} deleted ..." >> ${LOG} + +done diff --git a/salt/curator/files/bin/so-curator-delete b/salt/curator/files/bin/so-curator-delete new file mode 100644 index 000000000..166497855 --- /dev/null +++ b/salt/curator/files/bin/so-curator-delete @@ -0,0 +1,2 @@ +#!/bin/bash +docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/delete.yml > /dev/null 2>&1 diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml new file mode 100644 index 000000000..e115bcd54 --- /dev/null +++ b/salt/curator/files/curator.yml @@ -0,0 +1,26 @@ +{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{%- set elasticsearch = salt['pillar.get']('node:mainip', '') -%} +{%- endif %} + +--- +# Remember, leave a key empty if there is no value. None will be a string, +# not a Python "NoneType" +client: + hosts: + - {{elasticsearch}} + port: 9200 + url_prefix: + use_ssl: False + certificate: + client_cert: + client_key: + ssl_no_validate: False + http_auth: + timeout: 30 + master_only: False + +logging: + loglevel: INFO + logfile: '/var/log/curator/curator.log' + logformat: default + blacklist: ['elasticsearch', 'urllib3'] diff --git a/salt/curator/init.sls b/salt/curator/init.sls new file mode 100644 index 000000000..d8e3f2817 --- /dev/null +++ b/salt/curator/init.sls @@ -0,0 +1,136 @@ +{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +# Curator +# Create the group +curatorgroup: + group.present: + - name: curator + - gid: 934 + +# Add user +curator: + user.present: + - uid: 934 + - gid: 934 + - home: /opt/so/conf/curator + - createhome: False + +# Create the log directory +curactiondir: + file.directory: + - name: /opt/so/conf/curator/action + - user: 934 + - group: 939 + - makedirs: True + +curlogdir: + file.directory: + - name: /opt/so/log/curator + - user: 934 + - group: 939 + +curcloseconf: + file.managed: + - name: /opt/so/conf/curator/action/close.yml + - source: salt://curator/files/action/close.yml + - user: 934 + - group: 939 + - template: jinja + +curdelconf: + file.managed: + - name: /opt/so/conf/curator/action/delete.yml + - source: salt://curator/files/action/delete.yml + - user: 934 + - group: 939 + - template: jinja + +curconf: + file.managed: + - name: /opt/so/conf/curator/curator.yml + - source: salt://curator/files/curator.yml + - user: 934 + - group: 939 + - template: jinja + +curcloseddel: + file.managed: + - name: /usr/local/bin/so-curator-closed-delete + - source: salt://curator/files/bin/so-curator-closed-delete + - user: 934 + - group: 939 + - mode: 755 + +curcloseddeldel: + file.managed: + - name: /usr/local/bin/so-curator-closed-delete-delete + - source: salt://curator/files/bin/so-curator-closed-delete-delete + - user: 934 + - group: 939 + - mode: 755 + - template: jinja + +curclose: + file.managed: + - name: /usr/local/bin/so-curator-close + - source: salt://curator/files/bin/so-curator-close + - user: 934 + - group: 939 + - mode: 755 + +curdel: + file.managed: + - name: /usr/local/bin/so-curator-delete + - source: salt://curator/files/bin/so-curator-delete + - user: 934 + - group: 939 + - mode: 755 + +/usr/local/bin/so-curator-closed-delete: + cron.present: + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +/usr/local/bin/so-curator-close: + cron.present: + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +/usr/local/bin/so-curator-delete: + cron.present: + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + + +so-curator: + docker_container.running: + - image: soshybridhunter/so-curator:HH1.0.3 + - hostname: curator + - name: so-curator + - user: curator + - interactive: True + - tty: True + - binds: + - /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro + - /opt/so/conf/curator/action/:/etc/curator/action:ro + - /opt/so/log/curator:/var/log/curator:rw +# Begin Curator Cron Jobs + +# Close +# Delete +# Hot Warm +# Segment Merge + +# End Curator Cron Jobs +{% endif %} From 1ccece70efebb4c6829aa74d887fd4a417930f1b Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:10:29 +0000 Subject: [PATCH 3/9] Curator - Remove config from ES --- salt/elasticsearch/init.sls | 81 ++----------------------------------- 1 file changed, 3 insertions(+), 78 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 75cc7e5f7..122e2f7eb 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -150,6 +150,7 @@ so-freq: docker_container.running: - image: soshybridhunter/so-freqserver:HH1.0.3 - hostname: freqserver + - name: so-freqserver - user: freqserver - binds: - /opt/so/log/freq_server:/var/log/freq_server:rw @@ -185,7 +186,7 @@ so-domainstats: docker_container.running: - image: soshybridhunter/so-domainstats:HH1.0.3 - hostname: domainstats - - name: domainstats + - name: so-domainstats - user: domainstats - binds: - /opt/so/log/domainstats:/var/log/domain_stats @@ -193,82 +194,6 @@ so-domainstats: {% endif %} -# Curator -# Create the group -curatorgroup: - group.present: - - name: curator - - gid: 934 - -# Add user -curator: - user.present: - - uid: 934 - - gid: 934 - - home: /opt/so/conf/curator - - createhome: False - -# Create the log directory -curactiondir: - file.directory: - - name: /opt/so/conf/curator/action - - user: 934 - - group: 939 - - makedirs: True - -curlogdir: - file.directory: - - name: /opt/so/log/curator - - user: 934 - - group: 939 - -curclose: - file.managed: - - name: /opt/so/conf/curator/action/close.yml - - source: salt://elasticsearch/files/curator/action/close.yml - - user: 934 - - group: 939 - - template: jinja - -curdel: - file.managed: - - name: /opt/so/conf/curator/action/delete.yml - - source: salt://elasticsearch/files/curator/action/delete.yml - - user: 934 - - group: 939 - - template: jinja - -curconf: - file.managed: - - name: /opt/so/conf/curator/curator.yml - - source: salt://elasticsearch/files/curator/curator.yml - - user: 934 - - group: 939 - - template: jinja - -so-curator: - docker_container.running: - - image: soshybridhunter/so-curator:HH1.0.3 - - hostname: curator - - name: curator - - user: curator - - interactive: True - - tty: True - - binds: - - /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro - - /opt/so/conf/curator/action/:/etc/curator/action:ro - - /opt/so/log/curator:/var/log/curator:rw - - -# Begin Curator Cron Jobs - -# Close -# Delete -# Hot Warm -# Segment Merge - -# End Curator Cron Jobs - # Elastalert {% if esalert == 1 %} @@ -311,7 +236,7 @@ so-elastalert: docker_container.running: - image: soshybridhunter/so-elastalert:HH1.0.3 - hostname: elastalert - - name: elastalert + - name: so-elastalert - user: elastalert - detach: True - binds: From 2e73a6fb0219fd0d62bae9eb02489da4deabc080 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:13:15 +0000 Subject: [PATCH 4/9] Curator - Update top.sls for Curator --- salt/top.sls | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/top.sls b/salt/top.sls index 1ab76733e..0b2c50ca4 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -27,8 +27,9 @@ base: - pcap - suricata - bro + - curator - utility - - schedule + - schedule 'G@role:so-master': @@ -60,6 +61,7 @@ base: - firewall - logstash - elasticsearch + - curator - schedule 'G@role:so-node and I@node:node_type:warm': @@ -77,6 +79,7 @@ base: - firewall - logstash - elasticsearch + - curator - schedule 'G@role:mastersensor': From 90e3b6912ce1c70be63d5c948ff1372f4dfa3940 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:14:19 +0000 Subject: [PATCH 5/9] Curator - Remove Curator files from ES module --- .../files/curator/action/close.yml | 30 ------------------- .../files/curator/action/delete.yml | 23 -------------- salt/elasticsearch/files/curator/curator.yml | 22 -------------- 3 files changed, 75 deletions(-) delete mode 100644 salt/elasticsearch/files/curator/action/close.yml delete mode 100644 salt/elasticsearch/files/curator/action/delete.yml delete mode 100644 salt/elasticsearch/files/curator/curator.yml diff --git a/salt/elasticsearch/files/curator/action/close.yml b/salt/elasticsearch/files/curator/action/close.yml deleted file mode 100644 index a9ca54335..000000000 --- a/salt/elasticsearch/files/curator/action/close.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -# -# Also remember that all examples have 'disable_action' set to True. If you -# want to use this action as a template, be sure to set this to False after -# copying it. -actions: - 1: - action: close - description: >- - Close indices older than 2 days (based on index name), for logstash- - prefixed indices. - options: - delete_aliases: False - timeout_override: - continue_if_exception: False - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: logstash- - exclude: - - filtertype: age - source: name - direction: older - timestring: '%Y.%m.%d' - unit: days - unit_count: 2 - exclude: diff --git a/salt/elasticsearch/files/curator/action/delete.yml b/salt/elasticsearch/files/curator/action/delete.yml deleted file mode 100644 index cb55ec0c3..000000000 --- a/salt/elasticsearch/files/curator/action/delete.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -# -# Also remember that all examples have 'disable_action' set to True. If you -# want to use this action as a template, be sure to set this to False after -# copying it. -actions: - 1: - action: delete_indices - description: >- - Delete indices when $disk_space value (in GB) is exceeded. - options: - ignore_empty_list: True - disable_action: False - filters: - - filtertype: pattern - kind: prefix - value: logstash- - - filtertype: space - source: creation_date - use_age: True - disk_space: 43 diff --git a/salt/elasticsearch/files/curator/curator.yml b/salt/elasticsearch/files/curator/curator.yml deleted file mode 100644 index dc8b69309..000000000 --- a/salt/elasticsearch/files/curator/curator.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Remember, leave a key empty if there is no value. None will be a string, -# not a Python "NoneType" -client: - hosts: - - elasticsearch - port: 9200 - url_prefix: - use_ssl: False - certificate: - client_cert: - client_key: - ssl_no_validate: False - http_auth: - timeout: 30 - master_only: False - -logging: - loglevel: INFO - logfile: '/var/log/curator/curator.log' - logformat: default - blacklist: ['elasticsearch', 'urllib3'] From 7a260a4876cff7b36a537567a136e78d14c7c4f1 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 13:24:16 +0000 Subject: [PATCH 6/9] Curator - Move files to /usr/sbin --- salt/curator/files/bin/so-curator-closed-delete | 2 +- salt/curator/init.sls | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete b/salt/curator/files/bin/so-curator-closed-delete index 000d1cbd0..4382a721d 100755 --- a/salt/curator/files/bin/so-curator-closed-delete +++ b/salt/curator/files/bin/so-curator-closed-delete @@ -37,5 +37,5 @@ if pgrep -f "so-curator-closed-delete-delete" >/dev/null; then echo "Script is already running." else - /usr/local/bin/so-curator-closed-delete-delete + /usr/sbin/so-curator-closed-delete-delete fi diff --git a/salt/curator/init.sls b/salt/curator/init.sls index d8e3f2817..adbf4f6b0 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -54,7 +54,7 @@ curconf: curcloseddel: file.managed: - - name: /usr/local/bin/so-curator-closed-delete + - name: /usr/sbin/so-curator-closed-delete - source: salt://curator/files/bin/so-curator-closed-delete - user: 934 - group: 939 @@ -62,7 +62,7 @@ curcloseddel: curcloseddeldel: file.managed: - - name: /usr/local/bin/so-curator-closed-delete-delete + - name: /usr/sbin/so-curator-closed-delete-delete - source: salt://curator/files/bin/so-curator-closed-delete-delete - user: 934 - group: 939 @@ -71,7 +71,7 @@ curcloseddeldel: curclose: file.managed: - - name: /usr/local/bin/so-curator-close + - name: /usr/sbin/so-curator-close - source: salt://curator/files/bin/so-curator-close - user: 934 - group: 939 @@ -79,13 +79,13 @@ curclose: curdel: file.managed: - - name: /usr/local/bin/so-curator-delete + - name: /usr/sbin/so-curator-delete - source: salt://curator/files/bin/so-curator-delete - user: 934 - group: 939 - mode: 755 -/usr/local/bin/so-curator-closed-delete: +/usr/sbin/so-curator-closed-delete: cron.present: - user: root - minute: '*' @@ -94,7 +94,7 @@ curdel: - month: '*' - dayweek: '*' -/usr/local/bin/so-curator-close: +/usr/sbin/so-curator-close: cron.present: - user: root - minute: '*' @@ -103,7 +103,7 @@ curdel: - month: '*' - dayweek: '*' -/usr/local/bin/so-curator-delete: +/usr/sbin/so-curator-delete: cron.present: - user: root - minute: '*' From 3461c7e22608090ecb301adb4ca94eef248c855b Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 15:14:36 +0000 Subject: [PATCH 7/9] Curator - Update config for Eval Mode --- salt/curator/files/action/close.yml | 8 +++++++- salt/curator/files/action/delete.yml | 8 +++++++- salt/curator/files/bin/so-curator-closed-delete-delete | 10 +++++++++- salt/curator/files/curator.yml | 8 +++++++- 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/salt/curator/files/action/close.yml b/salt/curator/files/action/close.yml index 70d7fa119..ab4d07050 100644 --- a/salt/curator/files/action/close.yml +++ b/salt/curator/files/action/close.yml @@ -1,5 +1,11 @@ -{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{% if grains['role'] == 'so-node' %} + {%- set cur_close_days = salt['pillar.get']('node:cur_close_days', '') -%} + +{% elif grains['role'] == 'so-eval' %} + +{%- set cur_close_days = salt['pillar.get']('master:cur_close_days', '') -%} + {%- endif %} --- diff --git a/salt/curator/files/action/delete.yml b/salt/curator/files/action/delete.yml index 07c19a2ca..1b3440f8b 100644 --- a/salt/curator/files/action/delete.yml +++ b/salt/curator/files/action/delete.yml @@ -1,5 +1,11 @@ -{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{% if grains['role'] == 'so-node' %} + {%- set log_size_limit = salt['pillar.get']('node:log_size_limit', '') -%} + +{% elif grains['role'] == 'so-eval' %} + +{%- set log_size_limit = salt['pillar.get']('master:log_size_limit', '') -%} + {%- endif %} --- # Remember, leave a key empty if there is no value. None will be a string, diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 4b4c5344c..8841c843f 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -1,8 +1,16 @@ -{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{% if grains['role'] == 'so-node' %} + {%- set ELASTICSEARCH_HOST = salt['pillar.get']('node:mainip', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('node:es_port', '') -%} {%- set LOG_SIZE_LIMIT = salt['pillar.get']('node:log_size_limit', '') -%} + +{% elif grains['role'] == 'so-eval' %} + +{%- set ELASTICSEARCH_HOST = salt['pillar.get']('master:mainip', '') -%} +{%- set ELASTICSEARCH_PORT = salt['pillar.get']('master:es_port', '') -%} +{%- set LOG_SIZE_LIMIT = salt['pillar.get']('master:log_size_limit', '') -%} + {%- endif %} #!/bin/bash diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml index e115bcd54..aa55836b1 100644 --- a/salt/curator/files/curator.yml +++ b/salt/curator/files/curator.yml @@ -1,5 +1,11 @@ -{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %} +{% if grains['role'] == 'so-node' %} + {%- set elasticsearch = salt['pillar.get']('node:mainip', '') -%} + +{% elif grains['role'] == 'so-eval' %} + +{%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%} + {%- endif %} --- From aa32a55b4edaa2b67fa9e7d2cf8cc4eccaf58e49 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 15:16:14 +0000 Subject: [PATCH 8/9] Curator - Update Master pillar in setup --- so-setup-network.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/so-setup-network.sh b/so-setup-network.sh index 5e46412c7..e26bbb163 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -500,6 +500,9 @@ master_pillar() { echo " oinkcode: $OINKCODE" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls #echo " access_key: $ACCESS_KEY" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls #echo " access_secret: $ACCESS_SECRET" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " es_port: $NODE_ES_PORT" >> $TMP/$HOSTNAME.sls + echo " log_size_limit: $LOG_SIZE_LIMIT" >> $TMP/$HOSTNAME.sls + echo " cur_close_days: $CURCLOSEDAYS" >> $TMP/$HOSTNAME.sls } From 88c144a250b7d2b6cc07b2ef75cba11cf2bc0dc0 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 5 Dec 2018 15:51:10 +0000 Subject: [PATCH 9/9] Curator - Fix path for master pillar additions --- so-setup-network.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index e26bbb163..b4a19943b 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -500,9 +500,9 @@ master_pillar() { echo " oinkcode: $OINKCODE" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls #echo " access_key: $ACCESS_KEY" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls #echo " access_secret: $ACCESS_SECRET" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - echo " es_port: $NODE_ES_PORT" >> $TMP/$HOSTNAME.sls - echo " log_size_limit: $LOG_SIZE_LIMIT" >> $TMP/$HOSTNAME.sls - echo " cur_close_days: $CURCLOSEDAYS" >> $TMP/$HOSTNAME.sls + echo " es_port: $NODE_ES_PORT" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " log_size_limit: $LOG_SIZE_LIMIT" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls }