CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Automatically Update ES URLs

Browse Source
This commit is contained in:
Josh Brower
2023-07-14 12:07:32 -04:00
parent 78db64a419
commit 2cc0c4c0ac
3 changed files with 60 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/elasticfleet/enabled.sls
View File

@@ -30,6 +30,13 @@ so-elastic-fleet-auto-configure-server-urls:
- name: /usr/sbin/so-elastic-fleet-urls-update - name: /usr/sbin/so-elastic-fleet-urls-update
{% endif %} {% endif %}
# Automatically update Fleet Server Elasticsearch URLs
{% if grains.role not in ['so-fleet'] %}
so-elastic-fleet-auto-configure-elasticsearch-urls:
cmd.run:
- name: /usr/sbin/so-elastic-fleet-es-url-update
{% endif %}
{% if SERVICETOKEN != '' %} {% if SERVICETOKEN != '' %}
so-elastic-fleet: so-elastic-fleet:
docker_container.running: docker_container.running:

53
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-es-url-update Normal file
View File

@@ -0,0 +1,53 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
# this file except in compliance with the Elastic License 2.0.
{% from 'vars/globals.map.jinja' import GLOBALS %}
. /usr/sbin/so-common
# Only run on Managers
if ! is_manager_node; then
printf "Not a Manager Node... Exiting"
exit 0
fi
function update_es_urls() {
# Generate updated JSON payload
JSON_STRING=$(jq -n --arg UPDATEDLIST $NEW_LIST_JSON '{"name":"so-manager_elasticsearch","type":"elasticsearch","hosts": $UPDATEDLIST,"is_default":false,"is_default_monitoring":false,"config_yaml":""}')
# Update Fleet Elasticsearch URLs
curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/outputs/so-manager_elasticsearch" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
}
# Get current list of Fleet Elasticsearch URLs
RAW_JSON=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/outputs/so-manager_elasticsearch')
# Check to make sure that the server responded with good data - else, bail from script
CHECKSUM=$(jq -r '.item.id' <<< "$RAW_JSON")
if [ "$CHECKSUM" != "so-manager_elasticsearch" ]; then
printf "Failed to query for current Fleet Server Elasticsearch URLs..."
exit 1
fi
# Get the current list of Fleet Server Elasticsearch & hash them
CURRENT_LIST=$(jq -c -r '.item.hosts' <<< "$RAW_JSON")
CURRENT_HASH=$(sha1sum <<< "$CURRENT_LIST" | awk '{print $1}')
# Create array & add initial elements
NEW_LIST=("https://{{ GLOBALS.hostname }}:9200")
# Sort & hash the new list of Fleet Elasticsearch URLs
NEW_LIST_JSON=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${NEW_LIST[@]}")
NEW_HASH=$(sha1sum <<< "$NEW_LIST_JSON" | awk '{print $1}')
# Compare the current & new list of URLs - if different, update the Fleet Elasticsearch URLs
if [ "$NEW_HASH" = "$CURRENT_HASH" ]; then
printf "\nHashes match - no update needed.\n"
printf "Current List: $CURRENT_LIST\nNew List: $NEW_LIST_JSON\n"
exit 0
else
printf "\nHashes don't match - update needed.\n"
printf "Current List: $CURRENT_LIST\nNew List: $NEW_LIST_JSON\n"
update_es_urls
fi

1
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
View File

@@ -34,7 +34,6 @@ fi
CURRENT_LIST=$(jq -c -r '.item.host_urls' <<< "$RAW_JSON") CURRENT_LIST=$(jq -c -r '.item.host_urls' <<< "$RAW_JSON")
CURRENT_HASH=$(sha1sum <<< "$CURRENT_LIST" | awk '{print $1}') CURRENT_HASH=$(sha1sum <<< "$CURRENT_LIST" | awk '{print $1}')
# IP or Hostname??
# Create array & add initial elements # Create array & add initial elements
if [ "{{ GLOBALS.hostname }}" = "{{ GLOBALS.url_base }}" ]; then if [ "{{ GLOBALS.hostname }}" = "{{ GLOBALS.url_base }}" ]; then
NEW_LIST=("https://{{ GLOBALS.url_base }}:8220") NEW_LIST=("https://{{ GLOBALS.url_base }}:8220")