CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

propogate users and users_roles

Browse Source
This commit is contained in:
m0duspwnens
2021-05-26 14:52:10 -04:00
parent c3b2e1e8b2
commit 4d991d3773
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
salt/elasticsearch/init.sls
View File

@@ -37,6 +37,8 @@
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
{% set ES_INCLUDED_NODES = ['so-standalone'] %}
vm.max_map_count: vm.max_map_count:
sysctl.present: sysctl.present:
- value: 262144 - value: 262144
@@ -170,6 +172,35 @@ eslogdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
{% if grains.role in ES_INCLUDED_NODES %}
# Must run before elasticsearch docker container is started!
syncesusers:
cmd.run:
- name: so-user sync
- creates:
- /opt/so/saltstack/local/salt/elasticsearch/files/users
- /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
{% endif %}
auth_users:
file.managed:
- name: /opt/so/conf/elasticsearch/users
- source: salt://elasticsearch/files/users
- require:
{% if grains.role in ES_INCLUDED_NODES %}
- cmd: syncesusers
{% endif %}
auth_users_roles:
file.managed:
- name: /opt/so/conf/elasticsearch/users_roles
- source: salt://elasticsearch/files/users_roles
{% if grains.role in ES_INCLUDED_NODES %}
- require:
- cmd: syncesusers
{% endif %}
so-elasticsearch: so-elasticsearch:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}