From 148b0b1c4c2358559628e1962953b526fe043133 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 23 Feb 2023 11:11:29 -0500
Subject: [PATCH] use hostnames please

---
 salt/elastalert/init.sls    |  2 +-
 salt/elastic-fleet/init.sls |  6 +++++-
 salt/nginx/etc/nginx.conf   | 16 ++++++++--------
 salt/soc/init.sls           |  1 -
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 607193e1c..b04fe1147 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -97,7 +97,7 @@ so-elastalert:
       - /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro
       - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/elastalert/config.yaml:ro
     - extra_hosts:
-      - {{ GLOBALS.manager }}:{{ DOCKER.containers['so-elasticsearch'].ip }}
+      - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
     - require:
       - cmd: wait_for_elasticsearch
       - file: elastarules
diff --git a/salt/elastic-fleet/init.sls b/salt/elastic-fleet/init.sls
index be9bac96e..4218eca67 100644
--- a/salt/elastic-fleet/init.sls
+++ b/salt/elastic-fleet/init.sls
@@ -52,7 +52,11 @@ so-elastic-fleet:
       - sobridge:
         - ipv4_address: {{ DOCKER.containers['so-elastic-fleet'].ip }}
     - extra_hosts:
+    {% if GLOBALS.is_manager %}
+        - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
+    {% else %}
         - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
+    {% endif %}
     - port_bindings:
       {% for BINDING in DOCKER.containers['so-elastic-fleet'].port_bindings %}
       - {{ BINDING }}
@@ -63,7 +67,7 @@ so-elastic-fleet:
     - environment:
       - FLEET_SERVER_ENABLE=true
       - FLEET_URL=https://{{ FLEETURL }}:8220
-      - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager_ip }}:9200
+      - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200
       - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }}
       - FLEET_SERVER_POLICY_ID={{ FLEETSERVERPOLICY }}
       - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/intca.crt
diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 54d0a466c..e6a7f3c87 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -98,7 +98,7 @@ http {
 		ssl_protocols TLSv1.2;
 
 		location ~* (^/login/.*|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ DOCKER.containers['so-soc'].ip }}:9822;
+			proxy_pass            http://{{ GLOBALS.manager }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      x-user-id "";
@@ -115,7 +115,7 @@ http {
 			auth_request          /auth/sessions/whoami;
 			auth_request_set      $userid $upstream_http_x_kratos_authenticated_identity_id;
 			proxy_set_header      x-user-id $userid;
-			proxy_pass            http://{{ DOCKER.containers['so-soc'].ip }}:9822/;
+			proxy_pass            http://{{ GLOBALS.manager }}:9822/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 300;
 			proxy_set_header      Host $host;
@@ -129,7 +129,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ DOCKER.containers['so-kratos'].ip }}:4433;
+			proxy_pass            http://{{ GLOBALS.manager }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -186,7 +186,7 @@ http {
 		location /influxdb/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /influxdb/api/(.*) /api/$1 break;
-			proxy_pass            https://{{ DOCKER.containers['so-influxdb'].ip }}:8086/;
+			proxy_pass            https://{{ GLOBALS.manager }}:8086/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -200,7 +200,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ DOCKER.containers['so-kibana'].ip }}:5601/;
+			proxy_pass            http://{{ GLOBALS.manager }}:5601/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 300;
 			proxy_set_header      Host $host;
@@ -212,7 +212,7 @@ http {
 	
 		location /playbook/ {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ DOCKER.containers['so-playbook'].ip }}:3000/playbook/;
+			proxy_pass            http://{{ GLOBALS.manager }}:3000/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -225,7 +225,7 @@ http {
 	
 		location /soctopus/ {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ DOCKER.containers['so-soctopus'].ip }}:7000/;
+			proxy_pass            http://{{ GLOBALS.manager }}:7000/;
 			proxy_read_timeout    300;
 			proxy_connect_timeout 300;
 			proxy_set_header      Host $host;
@@ -247,7 +247,7 @@ http {
 			if ($http_authorization = "") {
 				return 403;
 			}
-			proxy_pass            http://{{ DOCKER.containers['so-soc'].ip }}:9822/;
+			proxy_pass            http://{{ GLOBALS.manager }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      x-user-id "";
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 502b47136..9905a104a 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -111,7 +111,6 @@ so-soc:
       - /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw
       - /opt/so/saltstack:/opt/so/saltstack:rw
     - extra_hosts:
-      - {{GLOBALS.influxdb_host}}:{{pillar.node_data[GLOBALS.influxdb_host].ip}}
     {%- if salt['pillar.get']('nodestab', {}) %}
       {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
       - {{ SN.split('_')|first }}:{{ SNDATA.ip }}