CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

ES Jinja the config

Browse Source
This commit is contained in:
Mike Reeves
2020-07-09 16:42:39 -04:00
parent 7c6677916a
commit 3c6465bb7f
2 changed files with 32 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
salt/elasticsearch/files/elasticsearch.yml
View File

@@ -1,6 +1,11 @@
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %}
{%- set esclustername = salt['pillar.get']('master:esclustername', '') %} {%- if salt['pillar.get']('elasticsearch:hot_warm_enabled') or if salt['pillar.get']('elasticsearch:true_cluster')}
cluster.name: "{{ esclustername }}" {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name', '') %}
{%- else %}
{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %}
{%- endif %}
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
cluster.name: "{{ ESCLUSTERNAME }}"
network.host: 0.0.0.0 network.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP # minimum_master_nodes need to be explicitly set when bound on a public IP
@@ -10,19 +15,12 @@ discovery.zen.minimum_master_nodes: 1
# This is a test -- if this is here, then the volume is mounted correctly. # This is a test -- if this is here, then the volume is mounted correctly.
path.logs: /var/log/elasticsearch path.logs: /var/log/elasticsearch
action.destructive_requires_name: true action.destructive_requires_name: true
{%- else %}
{%- set esclustername = salt['grains.get']('host', '') %}
{%- set nodeip = salt['pillar.get']('elasticsearch:mainip', '') -%}
cluster.name: "{{ esclustername }}"
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
path.logs: /var/log/elasticsearch
action.destructive_requires_name: true
transport.bind_host: 0.0.0.0 transport.bind_host: 0.0.0.0
transport.publish_host: {{ nodeip }} transport.publish_host: {{ NODEIP }}
transport.publish_port: 9300 transport.publish_port: 9300
{%- endif %}
cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.threshold_enabled: true
cluster.routing.allocation.disk.watermark.low: 95% cluster.routing.allocation.disk.watermark.low: 95%
cluster.routing.allocation.disk.watermark.high: 98% cluster.routing.allocation.disk.watermark.high: 98%
cluster.routing.allocation.disk.watermark.flood_stage: 98% cluster.routing.allocation.disk.watermark.flood_stage: 98%
node.attr.box_type: {{ NODE_ROUTE_TYPE }}
node.name: {{ esclustername }}

36
setup/so-functions
View File

@@ -1018,55 +1018,60 @@ master_static() {
"elastic:"\ "elastic:"\
" features: False"\ " features: False"\
"elasticsearch:"\ "elasticsearch:"\
" route_type: hot"\
" replicas: 0"\ " replicas: 0"\
" true_cluster: False" " true_cluster: False"\
" true_cluster_name: so" " true_cluster_name: so"\
" discovery_nodes: 1"\
" hot_warm_enabled: False"\
" cluster_routing_allocation_disk.threshold_enabled: true"\
" cluster_routing_allocation_disk_watermark_low: 95%"\
" cluster_routing_allocation_disk_watermark_high: 98%"\
" cluster_routing_allocation_disk_watermark_flood_stage: 98%"\
" index_settings:"\ " index_settings:"\
" so-beats:"\ " so-beats:"\
" shards: 1"\ " shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"
" so-firewall:"\ " so-firewall:"\
" shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"\
" shards: 1"\
" so-ids:"\ " so-ids:"\
" shards: 1"\ " shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"\
" so-import:"\ " so-import:"\
" shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 7300"\ " close: 73000"\
" delete: 7301" " delete: 73001"
" shards: 1"\
" so-osquery:"\ " so-osquery:"\
" shards: 1"\ " shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"
" so-ossec:"\ " so-ossec:"\
" shards: 1"\ " shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"\
" so-strelka:"\ " so-strelka:"\
" shards: 1"\ " shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"\
" so-syslog:"\ " so-syslog:"\
" shards: 1"\ " shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 45" " delete: 365"\
" so-zeek:"\ " so-zeek:"\
" shards: 5"\ " shards: 5"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 365"\
" delete: 45" > "$static_pillar" " delete: 45" > "$static_pillar"
printf '%s\n' '----' >> "$setup_log" 2>&1 printf '%s\n' '----' >> "$setup_log" 2>&1
@@ -1119,6 +1124,7 @@ elasticsearch_pillar() {
" node_type: $NODETYPE"\ " node_type: $NODETYPE"\
" es_port: $node_es_port"\ " es_port: $node_es_port"\
" log_size_limit: $log_size_limit"\ " log_size_limit: $log_size_limit"\
" node_route_type: hot"\
"" >> "$pillar_file" "" >> "$pillar_file"
if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MASTERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then