From 3c6465bb7f5347ce72f6ebe79fdd55954b8b9ea1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Jul 2020 16:42:39 -0400 Subject: [PATCH] ES Jinja the config --- salt/elasticsearch/files/elasticsearch.yml | 24 +++++++-------- setup/so-functions | 36 +++++++++++++--------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 02dd42aa5..8833f801e 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,6 +1,11 @@ -{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} -{%- set esclustername = salt['pillar.get']('master:esclustername', '') %} -cluster.name: "{{ esclustername }}" +{%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} +{%- if salt['pillar.get']('elasticsearch:hot_warm_enabled') or if salt['pillar.get']('elasticsearch:true_cluster')} +{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name', '') %} +{%- else %} +{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} +{%- endif %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 # minimum_master_nodes need to be explicitly set when bound on a public IP @@ -10,19 +15,12 @@ discovery.zen.minimum_master_nodes: 1 # This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true -{%- else %} -{%- set esclustername = salt['grains.get']('host', '') %} -{%- set nodeip = salt['pillar.get']('elasticsearch:mainip', '') -%} -cluster.name: "{{ esclustername }}" -network.host: 0.0.0.0 -discovery.zen.minimum_master_nodes: 1 -path.logs: /var/log/elasticsearch -action.destructive_requires_name: true transport.bind_host: 0.0.0.0 -transport.publish_host: {{ nodeip }} +transport.publish_host: {{ NODEIP }} transport.publish_port: 9300 -{%- endif %} cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.watermark.low: 95% cluster.routing.allocation.disk.watermark.high: 98% cluster.routing.allocation.disk.watermark.flood_stage: 98% +node.attr.box_type: {{ NODE_ROUTE_TYPE }} +node.name: {{ esclustername }} diff --git a/setup/so-functions b/setup/so-functions index 6d71fbe44..8ee44ab1d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1018,55 +1018,60 @@ master_static() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " route_type: hot"\ " replicas: 0"\ - " true_cluster: False" - " true_cluster_name: so" + " true_cluster: False"\ + " true_cluster_name: so"\ + " discovery_nodes: 1"\ + " hot_warm_enabled: False"\ + " cluster_routing_allocation_disk.threshold_enabled: true"\ + " cluster_routing_allocation_disk_watermark_low: 95%"\ + " cluster_routing_allocation_disk_watermark_high: 98%"\ + " cluster_routing_allocation_disk_watermark_flood_stage: 98%"\ " index_settings:"\ " so-beats:"\ " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" + " delete: 365" " so-firewall:"\ + " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" - " shards: 1"\ + " delete: 365"\ " so-ids:"\ " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" + " delete: 365"\ " so-import:"\ + " shards: 1"\ " warm: 7"\ - " close: 7300"\ - " delete: 7301" - " shards: 1"\ + " close: 73000"\ + " delete: 73001" " so-osquery:"\ " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" + " delete: 365" " so-ossec:"\ " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" + " delete: 365"\ " so-strelka:"\ " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" + " delete: 365"\ " so-syslog:"\ " shards: 1"\ " warm: 7"\ " close: 30"\ - " delete: 45" + " delete: 365"\ " so-zeek:"\ " shards: 5"\ " warm: 7"\ - " close: 30"\ + " close: 365"\ " delete: 45" > "$static_pillar" printf '%s\n' '----' >> "$setup_log" 2>&1 @@ -1119,6 +1124,7 @@ elasticsearch_pillar() { " node_type: $NODETYPE"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ + " node_route_type: hot"\ "" >> "$pillar_file" if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then