From 2fd344822dca91d82cfdc88dd436bcd97b59d524 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 Oct 2021 10:40:40 -0400
Subject: [PATCH 1/5] Add additional roles for highlander

---
 salt/elasticsearch/config.map.jinja | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/salt/elasticsearch/config.map.jinja b/salt/elasticsearch/config.map.jinja
index 1ca729143..5e9a1be44 100644
--- a/salt/elasticsearch/config.map.jinja
+++ b/salt/elasticsearch/config.map.jinja
@@ -1,4 +1,5 @@
 {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
+{% HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 
 {% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
   {% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %}
@@ -8,6 +9,9 @@
     {% if grains.id.split('_') | last in ['manager','managersearch'] %}
     {% if salt['pillar.get']('nodestab', {}) %}
       {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
+      {% if HIGHLANDER %}
+          {% do ESCONFIG.elasticsearch.config.node.roles.append('ml') %}
+      {% endif %}
       {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
       {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
         {% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(SN.split('_')|first) %}
@@ -18,6 +22,9 @@
     {% endif %}
   {% else %}
     {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %}
+    {% if HIGHLANDER %}
+          {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master']) %}
+    {% endif %}
     {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %}
     {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
   {% endif %}

From 869af548af17f6fd3efb2399db0a4acd0451bc73 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 Oct 2021 11:06:13 -0400
Subject: [PATCH 2/5] Fix spaces for highlander

---
 salt/common/tools/sbin/so-kibana-space-defaults | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-kibana-space-defaults b/salt/common/tools/sbin/so-kibana-space-defaults
index d90cf0c11..5ac6f00ca 100755
--- a/salt/common/tools/sbin/so-kibana-space-defaults
+++ b/salt/common/tools/sbin/so-kibana-space-defaults
@@ -1,5 +1,5 @@
 . /usr/sbin/so-common
-
+{% HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
 ## This hackery will be removed if using Elastic Auth ##
 
@@ -9,5 +9,9 @@ SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid
 # Disable certain Features from showing up in the Kibana UI
 echo
 echo "Setting up default Space:"
+{% if HIGHLANDER %}
+{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log
+{% else %}
 {{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet"]} ' >> /opt/so/log/kibana/misc.log
+{% endif %}
 echo

From 27614569e3fb9a53423bd626390cf378fba29ca0 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 Oct 2021 14:32:02 -0400
Subject: [PATCH 3/5] Fix set

---
 salt/common/tools/sbin/so-kibana-space-defaults | 2 +-
 salt/elasticsearch/config.map.jinja             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/so-kibana-space-defaults b/salt/common/tools/sbin/so-kibana-space-defaults
index 5ac6f00ca..26eba3262 100755
--- a/salt/common/tools/sbin/so-kibana-space-defaults
+++ b/salt/common/tools/sbin/so-kibana-space-defaults
@@ -1,5 +1,5 @@
 . /usr/sbin/so-common
-{% HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
+{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
 ## This hackery will be removed if using Elastic Auth ##
 
diff --git a/salt/elasticsearch/config.map.jinja b/salt/elasticsearch/config.map.jinja
index 5e9a1be44..ed6a0d927 100644
--- a/salt/elasticsearch/config.map.jinja
+++ b/salt/elasticsearch/config.map.jinja
@@ -1,5 +1,5 @@
 {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
-{% HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
+{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 
 {% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
   {% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %}

From 64758a534cfc12a5cdf0a9b330bd8777a9b00619 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 8 Oct 2021 08:42:26 -0400
Subject: [PATCH 4/5] Set ml to true

---
 salt/elasticsearch/config.map.jinja | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/elasticsearch/config.map.jinja b/salt/elasticsearch/config.map.jinja
index ed6a0d927..ccd977129 100644
--- a/salt/elasticsearch/config.map.jinja
+++ b/salt/elasticsearch/config.map.jinja
@@ -28,6 +28,9 @@
     {% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %}
     {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
   {% endif %}
+    {% if HIGHLANDER %}
+          {% do ESCONFIG.elasticsearch.config.xpack.ml.enabled.update('True') %}
+    {% endif %}
 {% endif %}
 
 {% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %}

From 2a823730511f758122e8f6fe01351c795568748d Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 8 Oct 2021 09:32:13 -0400
Subject: [PATCH 5/5] highlander fixes

---
 salt/elasticsearch/config.map.jinja | 2 +-
 setup/so-functions                  | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/elasticsearch/config.map.jinja b/salt/elasticsearch/config.map.jinja
index ccd977129..914bda434 100644
--- a/salt/elasticsearch/config.map.jinja
+++ b/salt/elasticsearch/config.map.jinja
@@ -29,7 +29,7 @@
     {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
   {% endif %}
     {% if HIGHLANDER %}
-          {% do ESCONFIG.elasticsearch.config.xpack.ml.enabled.update('True') %}
+        {% do ESCONFIG.elasticsearch.config.xpack.ml.update({'enabled': true}) %}
     {% endif %}
 {% endif %}
 
diff --git a/setup/so-functions b/setup/so-functions
index f2cdbc237..f7d489f42 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1668,6 +1668,10 @@ manager_global() {
 		"  url_base: '$REDIRECTIT'"\
 		"  managerip: '$MAINIP'" > "$global_pillar"
 	
+	if [[ $HIGHLANDER == 'True' ]]; then
+	    printf '%s\n'\
+		"  highlander: True"\ >> "$global_pillar"
+	fi
 	if [[ $is_airgap ]]; then
 		printf '%s\n'\
 			"  airgap: True"\ >> "$global_pillar"