CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

sync script

Browse Source
This commit is contained in:
Mike Reeves
2020-08-07 22:12:47 -04:00
parent d15d53bcdc
commit 1b0f90b7e4
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/elasticsearch/files/scripts/catrust.sh → salt/elasticsearch/files/scripts/so-catrust
View File

@@ -17,6 +17,7 @@
{%- set VERSION = salt['pillar.get']('global:soversion', '') %} {%- set VERSION = salt['pillar.get']('global:soversion', '') %}
{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{%- set MANAGER = salt['grains.get']('master') %} {%- set MANAGER = salt['grains.get']('master') %}
. /usr/sbin/so-common
# Check to see if we have extracted the ca cert. # Check to see if we have extracted the ca cert.
if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt

12
salt/elasticsearch/init.sls
View File

@@ -26,6 +26,7 @@
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
{% set esclustername = salt['pillar.get']('manager:esclustername', '') %} {% set esclustername = salt['pillar.get']('manager:esclustername', '') %}
{% set esheap = salt['pillar.get']('manager:esheap', '') %} {% set esheap = salt['pillar.get']('manager:esheap', '') %}
{% set ismanager = True %}
{% elif grains['role'] in ['so-node','so-heavynode'] %} {% elif grains['role'] in ['so-node','so-heavynode'] %}
{% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %} {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %}
{% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %} {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %}
@@ -37,6 +38,17 @@ vm.max_map_count:
sysctl.present: sysctl.present:
- value: 262144 - value: 262144
{% if ismanager %}
cascriptsync:
file.managed:
- name: /usr/sbin/so-catrust
- source: salt://elasticsearch/files/scripts/so-catrust
- user: 939
- group: 939
- mode: 750
{% endif %}
# Add ES Group # Add ES Group
elasticsearchgroup: elasticsearchgroup:
group.present: group.present: