diff --git a/pillar/logstash/fleet.sls b/pillar/logstash/fleet.sls new file mode 100644 index 000000000..15641f935 --- /dev/null +++ b/pillar/logstash/fleet.sls @@ -0,0 +1,6 @@ +logstash: + pipelines: + fleet: + config: + - so/0012_input_elastic_agent.conf + - so/9805_output_elastic_agent.conf.jinja \ No newline at end of file diff --git a/pillar/top.sls b/pillar/top.sls index 7c34bbe85..e0cac069f 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -185,6 +185,8 @@ base: - minions.adv_{{ grains.id }} '*_fleet': + - soc_global + - adv_global - backup.soc_backup - backup.adv_backup - minions.{{ grains.id }} diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index a91796a4a..c502c7b3e 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -201,6 +201,7 @@ 'ssl', 'telegraf', 'firewall', + 'logstash', 'healthcheck', 'schedule', 'elastic-fleet', diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index bde47991f..f0b0c4ffe 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -119,6 +119,25 @@ function add_elastic_to_minion() { " " >> $PILLARFILE } +# Add Elastic Fleet Server settings to the minion file +function add_fleet_to_minion() { + + # Create ES Token for Fleet server (Curl to Kibana API) + # TODO: Add error handling + ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value) + + # Create Logstash Certs + + + # Write out settings to minion file + printf '%s\n'\ + "logstash_settings:"\ + " lsheap: '500m'"\ + "fleet-server:"\ + " ES-Token: '$ESTOKEN'"\ + " " >> $PILLARFILE +} + # Analyst Workstation function add_analyst_to_minion() { printf '%s\n'\ @@ -170,6 +189,10 @@ function createEVAL() { add_sensor_to_minion } +function createFLEET() { + add_fleet_to_minion +} + function createIDHNODE() { echo "Nothing custom needed for IDH nodes" } diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index 4c300a496..9014f7a3b 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -255,6 +255,9 @@ role: - {{ portgroups.elastic_agent_data }} - {{ portgroups.endgame }} - {{ portgroups.strelka_frontend }} + fleet: + portgroups: + - {{ portgroups.elasticsearch_rest }} sensors: portgroups: - {{ portgroups.docker_registry }} diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 05b184239..fee8b5496 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -22,7 +22,7 @@ include: - ssl - {% if GLOBALS.role not in ['so-receiver'] %} + {% if GLOBALS.role not in ['so-receiver','so-fleet'] %} - elasticsearch {% endif %} diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 855a4a3ea..36f622b8d 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -152,7 +152,7 @@ rediskeyperms: - group: 939 {% endif %} -{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %} +{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %} etc_elasticfleet_key: x509.private_key_managed: - name: /etc/pki/elasticfleet.key diff --git a/salt/top.sls b/salt/top.sls index 54b1fefd9..09f1435ad 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -382,6 +382,7 @@ base: - sensoroni - telegraf - firewall + - logstash - elastic-fleet - schedule - docker_clean diff --git a/salt/vars/fleet.map.jinja b/salt/vars/fleet.map.jinja new file mode 100644 index 000000000..964f69663 --- /dev/null +++ b/salt/vars/fleet.map.jinja @@ -0,0 +1 @@ +{% set ROLE_GLOBALS = {} %}