Add logstash

2025-12-06 09:12:45 +01:00 · 2023-01-27 07:49:21 -05:00
parent 81ee333b07
commit 29aa6dceed
9 changed files with 39 additions and 2 deletions
--- a/pillar/logstash/fleet.sls
+++ b/pillar/logstash/fleet.sls
@@ -0,0 +1,6 @@
+logstash:
+  pipelines:
+    fleet:
+      config:
+        - so/0012_input_elastic_agent.conf     
+        - so/9805_output_elastic_agent.conf.jinja
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -185,6 +185,8 @@ base:
    - minions.adv_{{ grains.id }}

  '*_fleet':
+    - soc_global
+    - adv_global
    - backup.soc_backup
    - backup.adv_backup
    - minions.{{ grains.id }}
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -201,6 +201,7 @@
          'ssl',
          'telegraf',
          'firewall',
+          'logstash',
          'healthcheck',
          'schedule',
          'elastic-fleet',
--- a/salt/common/tools/sbin/so-minion
+++ b/salt/common/tools/sbin/so-minion
@@ -119,6 +119,25 @@ function add_elastic_to_minion() {
 		"  " >> $PILLARFILE
 }

+# Add Elastic Fleet Server settings to the minion file
+function add_fleet_to_minion() {
+
+    # Create ES Token for Fleet server (Curl to Kibana API)
+	# TODO: Add error handling
+    ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' |  jq -r .value)
+
+	# Create Logstash Certs
+
+
+    # Write out settings to minion file
+    printf '%s\n'\
+		"logstash_settings:"\
+		"  lsheap: '500m'"\
+		"fleet-server:"\
+		"  ES-Token: '$ESTOKEN'"\
+		"  " >> $PILLARFILE
+}
+
 # Analyst Workstation
 function add_analyst_to_minion() {
    printf '%s\n'\
@@ -170,6 +189,10 @@ function createEVAL() {
 	add_sensor_to_minion
 }

+function createFLEET() {
+	add_fleet_to_minion
+}
+
 function createIDHNODE() {
 	echo "Nothing custom needed for IDH nodes"
 }
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -255,6 +255,9 @@ role:
              - {{ portgroups.elastic_agent_data }}
              - {{ portgroups.endgame }}
              - {{ portgroups.strelka_frontend }}
+          fleet:
+            portgroups:
+              - {{ portgroups.elasticsearch_rest }}
          sensors:
            portgroups:
              - {{ portgroups.docker_registry }}
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -22,7 +22,7 @@

 include:
  - ssl
-  {% if GLOBALS.role not in ['so-receiver'] %}
+  {% if GLOBALS.role not in ['so-receiver','so-fleet'] %}
  - elasticsearch
  {% endif %}

--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -152,7 +152,7 @@ rediskeyperms:
    - group: 939
 {% endif %}

-{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %}
 etc_elasticfleet_key:
  x509.private_key_managed:
    - name: /etc/pki/elasticfleet.key
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -382,6 +382,7 @@ base:
    - sensoroni
    - telegraf
    - firewall
+    - logstash
    - elastic-fleet
    - schedule
    - docker_clean
--- a/salt/vars/fleet.map.jinja
+++ b/salt/vars/fleet.map.jinja
@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}