Merge pull request #9746 from Security-Onion-Solutions/feature/elasticsearch_ilm_utility_scripts

Add Elasticsearch ILM utility scripts

salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status

@@ -0,0 +1,15 @@
+#/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+if [ "$1" == "" ]; then
+        curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_all/_ilm/explain | jq .
+else
+        curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/$1/_ilm/explain | jq .[]
+fi

salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete

@@ -0,0 +1,11 @@
+#/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X DELETE https://{{ NODEIP }}:9200/_ilm/policy/$1

salt/common/tools/sbin/so-elasticsearch-ilm-policy-load

@@ -0,0 +1,19 @@
+#/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+# Set up ILM policies
+echo
+echo "Setting up default Security Onion index lifecycle management policies..."
+
+# Zeek logs
+echo
+echo "Setting up Zeek ILM policy..."
+curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-zeek-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "1gb", "max_age": "30d" } } } } } }'
+echo

salt/common/tools/sbin/so-elasticsearch-ilm-policy-view

@@ -0,0 +1,15 @@
+#/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+if [ "$1" == "" ]; then
+        curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/policy | jq .
+else
+        curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/policy/$1 | jq .[]
+fi

salt/common/tools/sbin/so-elasticsearch-ilm-restart

@@ -0,0 +1,10 @@
+#/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+so-elasticsearch-ilm-stop
+so-elasticsearch-ilm-start

salt/common/tools/sbin/so-elasticsearch-ilm-start

@@ -0,0 +1,12 @@
+/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+echo "Starting ILM..."
+curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://{{ NODEIP }}:9200/_ilm/start

salt/common/tools/sbin/so-elasticsearch-ilm-status

@@ -0,0 +1,11 @@
+/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/status | jq .

salt/common/tools/sbin/so-elasticsearch-ilm-stop

@@ -0,0 +1,12 @@
+#/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+
+echo "Stopping ILM..."
+curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://{{ NODEIP }}:9200/_ilm/stop