Add logstash

pillar/logstash/fleet.sls

@@ -0,0 +1,6 @@
+logstash:
+  pipelines:
+    fleet:
+      config:
+        - so/0012_input_elastic_agent.conf     
+        - so/9805_output_elastic_agent.conf.jinja

pillar/top.sls

@@ -185,6 +185,8 @@ base:
     - minions.adv_{{ grains.id }}
 
   '*_fleet':
+    - soc_global
+    - adv_global
     - backup.soc_backup
     - backup.adv_backup
     - minions.{{ grains.id }}

salt/allowed_states.map.jinja

@@ -201,6 +201,7 @@
           'ssl',
           'telegraf',
           'firewall',
+          'logstash',
           'healthcheck',
           'schedule',
           'elastic-fleet',

salt/common/tools/sbin/so-minion

@@ -119,6 +119,25 @@ function add_elastic_to_minion() {
 		"  " >> $PILLARFILE
 }
 
+# Add Elastic Fleet Server settings to the minion file
+function add_fleet_to_minion() {
+
+    # Create ES Token for Fleet server (Curl to Kibana API)
+	# TODO: Add error handling
+    ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' |  jq -r .value)
+
+	# Create Logstash Certs
+
+
+    # Write out settings to minion file
+    printf '%s\n'\
+		"logstash_settings:"\
+		"  lsheap: '500m'"\
+		"fleet-server:"\
+		"  ES-Token: '$ESTOKEN'"\
+		"  " >> $PILLARFILE
+}
+
 # Analyst Workstation
 function add_analyst_to_minion() {
     printf '%s\n'\
@@ -170,6 +189,10 @@ function createEVAL() {
 	add_sensor_to_minion
 }
 
+function createFLEET() {
+	add_fleet_to_minion
+}
+
 function createIDHNODE() {
 	echo "Nothing custom needed for IDH nodes"
 }

salt/firewall/assigned_hostgroups.map.yaml

@@ -255,6 +255,9 @@ role:
               - {{ portgroups.elastic_agent_data }}
               - {{ portgroups.endgame }}
               - {{ portgroups.strelka_frontend }}
+          fleet:
+            portgroups:
+              - {{ portgroups.elasticsearch_rest }}
           sensors:
             portgroups:
               - {{ portgroups.docker_registry }}

salt/logstash/init.sls

@@ -22,7 +22,7 @@
 
 include:
   - ssl
-  {% if GLOBALS.role not in ['so-receiver'] %}
+  {% if GLOBALS.role not in ['so-receiver','so-fleet'] %}
   - elasticsearch
   {% endif %}
 

salt/ssl/init.sls

@@ -152,7 +152,7 @@ rediskeyperms:
     - group: 939
 {% endif %}
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %}
 etc_elasticfleet_key:
   x509.private_key_managed:
     - name: /etc/pki/elasticfleet.key

salt/top.sls

@@ -382,6 +382,7 @@ base:
     - sensoroni
     - telegraf
     - firewall
+    - logstash
     - elastic-fleet
     - schedule
     - docker_clean

salt/vars/fleet.map.jinja

@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}