move some es script to src elasticsearch/tools/sbin and dst /usr/sbin. set requires

2025-12-07 09:42:46 +01:00 · 2022-01-12 10:20:05 -05:00
parent abf3a9401b
commit 494737549d
5 changed files with 36 additions and 16 deletions
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -53,7 +53,7 @@ vm.max_map_count:
 cascriptsync:
  file.managed:
    - name: /usr/sbin/so-catrust
-    - source: salt://elasticsearch/files/scripts/so-catrust
+    - source: salt://elasticsearch/tools/sbin/so-catrust
    - user: 939
    - group: 939
    - mode: 750
@@ -63,9 +63,37 @@ cascriptsync:
 cascriptfun:
  cmd.run:
    - name: /usr/sbin/so-catrust
-
+    - require:
+        - file: cascriptsync
 {% endif %}

+# Sync some es scripts
+es_sync_scripts:
+  file.recurse:
+    - name: /usr/sbin
+    - user: root
+    - group: root
+    - file_mode: 755
+    - template: jinja
+    - source: salt://elasticsearch/tools/sbin
+    - defaults:
+        ELASTICCURL: 'curl'
+    - context:
+        ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
+    - exclude_pat:
+        - so-elasticsearch-pipelines # exclude this because we need to watch it for changes, we sync it in another state
+
+so-elasticsearch-pipelines-script:
+  file.managed:
+    - name: /usr/sbin/so-elasticsearch-pipelines
+    - source: salt://elasticsearch/tools/sbin/so-elasticsearch-pipelines
+    - user: 930
+    - group: 939
+    - mode: 754
+    - template: jinja
+    - defaults:
+        ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
+
 # Move our new CA over so Elastic and Logstash can use SSL with the internal CA
 catrustdir:
  file.directory:
@@ -297,7 +325,7 @@ so-elasticsearch:
      - file: esyml
      - file: esingestconf
      - file: esingestdynamicconf
-      - file: so-elasticsearch-pipelines-file
+      - file: so-elasticsearch-pipelines-script
    - require:
      - file: esyml
      - file: eslog4jfile
@@ -322,27 +350,17 @@ append_so-elasticsearch_so-status.conf:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-elasticsearch

-so-elasticsearch-pipelines-file:
-  file.managed:
-    - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines
-    - source: salt://elasticsearch/files/so-elasticsearch-pipelines
-    - user: 930
-    - group: 939
-    - mode: 754
-    - template: jinja
-    - defaults:
-        ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
-
 so-elasticsearch-pipelines:
  cmd.run:
-    - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ grains.host }}
+    - name: /usr/sbin/so-elasticsearch-pipelines {{ grains.host }}
    - onchanges:
      - file: esingestconf
      - file: esingestdynamicconf
      - file: esyml
-      - file: so-elasticsearch-pipelines-file
+      - file: so-elasticsearch-pipelines-script
    - require:
      - docker_container: so-elasticsearch
+      - file: so-elasticsearch-pipelines-script

 {% if TEMPLATES %}
 so-elasticsearch-templates:
@@ -352,6 +370,7 @@ so-elasticsearch-templates:
    - template: jinja
    - require:
      - docker_container: so-elasticsearch
+      - file: es_sync_scripts
 {% endif %}

 so-elasticsearch-roles-load:
@@ -361,6 +380,7 @@ so-elasticsearch-roles-load:
    - template: jinja
    - require:
      - docker_container: so-elasticsearch
+      - file: es_sync_scripts

 {% endif %} {# if grains['role'] != 'so-helix' #}

--- a/salt/elasticsearch/files/scripts/so-catrust
+++ b/salt/elasticsearch/files/scripts/so-catrust
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load
@@ -0,0 +1,57 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+{%- set mainint = salt['pillar.get']('host:mainint') %}
+{%- set MYIP = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
+
+default_conf_dir=/opt/so/conf
+ELASTICSEARCH_HOST="{{ MYIP }}"
+ELASTICSEARCH_PORT=9200
+
+# Define a default directory to load roles from
+ELASTICSEARCH_ROLES="$default_conf_dir/elasticsearch/roles/"
+
+# Wait for ElasticSearch to initialize
+echo -n "Waiting for ElasticSearch..."
+COUNT=0
+ELASTICSEARCH_CONNECTED="no"
+while [[ "$COUNT" -le 240 ]]; do
+    {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+	if [ $? -eq 0 ]; then
+		ELASTICSEARCH_CONNECTED="yes"
+		echo "connected!"
+		break
+	else
+		((COUNT+=1))
+		sleep 1
+		echo -n "."
+	fi
+done
+if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
+	echo
+	echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
+	echo
+fi
+
+cd ${ELASTICSEARCH_ROLES}
+
+echo "Loading templates..."
+for role in *; do
+	name=$(echo "$role" | cut -d. -f1)
+	so-elasticsearch-query _security/role/$name -XPUT -d @"$role"
+done
+
+cd - >/dev/null
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
@@ -0,0 +1,57 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+{%- set mainint = salt['pillar.get']('host:mainint') %}
+{%- set MYIP = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
+
+default_conf_dir=/opt/so/conf
+ELASTICSEARCH_HOST="{{ MYIP }}"
+ELASTICSEARCH_PORT=9200
+#ELASTICSEARCH_AUTH=""
+
+# Define a default directory to load pipelines from
+ELASTICSEARCH_TEMPLATES="$default_conf_dir/elasticsearch/templates/"
+
+# Wait for ElasticSearch to initialize
+echo -n "Waiting for ElasticSearch..."
+COUNT=0
+ELASTICSEARCH_CONNECTED="no"
+while [[ "$COUNT" -le 240 ]]; do
+    {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+	if [ $? -eq 0 ]; then
+		ELASTICSEARCH_CONNECTED="yes"
+		echo "connected!"
+		break
+	else
+		((COUNT+=1))
+		sleep 1
+		echo -n "."
+	fi
+done
+if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
+	echo
+	echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
+	echo
+fi
+
+cd ${ELASTICSEARCH_TEMPLATES}
+
+
+echo "Loading templates..."
+for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+echo
+
+cd - >/dev/null