CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6978 from Security-Onion-Solutions/es_binds

Browse Source 
allow for path.repo mounts for elasticsearch
This commit is contained in:
Josh Patterson
2022-01-25 16:13:49 -05:00
committed by GitHub
parent 9a45a9799b dd00e3babc
commit 26e03ccad2
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/elasticsearch/config.map.jinja
View File

@@ -33,4 +33,15 @@
{% endif %} {% endif %}
{% endif %} {% endif %}
{# merge with the elasticsearch pillar #}
{% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %} {% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %}
{# remove elasticsearch.config.path.repo values if a symlink /nsm/elasticsearch/repo{{ repo }} doesn't exist #}
{% if salt['pillar.get']('elasticsearch:config:path:repo', False) %}
{% for repo in pillar.elasticsearch.config.path.repo %}
{# retcode is 1 if symlink doesn't exist #}
{% if salt['cmd.retcode']('test -L /nsm/elasticsearch/repo'~repo) %}
{% do ESCONFIG.path.repo.remove(repo) %}
{% endif %}
{% endfor %}
{% endif %}

15
salt/elasticsearch/init.sls
View File

@@ -24,7 +24,6 @@ include:
{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} {% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
{% set MANAGERIP = salt['pillar.get']('global:managerip') %} {% set MANAGERIP = salt['pillar.get']('global:managerip') %}
{% set ESMOUNT = salt['pillar.get']('elasticsearch:extramount', False) %}
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
{% set esclustername = salt['pillar.get']('manager:esclustername') %} {% set esclustername = salt['pillar.get']('manager:esclustername') %}
@@ -235,6 +234,14 @@ eslogdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
es_repo_dir:
file.directory:
- name: /nsm/elasticsearch/repo/
- user: 930
- group: 930
- require:
- file: nsmesdir
auth_users: auth_users:
file.managed: file.managed:
- name: /opt/so/conf/elasticsearch/users.tmp - name: /opt/so/conf/elasticsearch/users.tmp
@@ -317,8 +324,10 @@ so-elasticsearch:
- /opt/so/conf/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles:ro - /opt/so/conf/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles:ro
- /opt/so/conf/elasticsearch/users:/usr/share/elasticsearch/config/users:ro - /opt/so/conf/elasticsearch/users:/usr/share/elasticsearch/config/users:ro
{% endif %} {% endif %}
{% if ESMOUNT %} {% if ESCONFIG.path.get('repo', False) %}
- {{ ESMOUNT }}:/snapshots:rw {% for repo in ESCONFIG.path.repo %}
- /nsm/elasticsearch/repo{{ repo }}:{{ repo }}:rw
{% endfor %}
{% endif %} {% endif %}
- watch: - watch:
- file: cacertz - file: cacertz