From 141d7a35c9f161a20dcd0bd79d93ac6e51a3a9a4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 1 Dec 2020 15:38:09 -0500 Subject: [PATCH] if true cluster enabled allow search nodes to talk to each other https://github.com/Security-Onion-Solutions/securityonion/issues/2079 --- salt/firewall/assigned_hostgroups.map.yaml | 27 ++++++++++++++++++++++ setup/so-functions | 2 +- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index cb2de370c..30a6117aa 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -1,6 +1,7 @@ {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% import_yaml 'firewall/portgroups.yaml' as portgroups %} {% set portgroups = portgroups.firewall.aliases.ports %} +{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} role: eval: @@ -42,6 +43,11 @@ role: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} @@ -135,6 +141,12 @@ role: - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.beats_5644 }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} + - {{ portgroups.beats_5644 }} self: portgroups: - {{ portgroups.syslog}} @@ -219,6 +231,11 @@ role: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} @@ -303,6 +320,11 @@ role: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} @@ -425,6 +447,11 @@ role: elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} + {% if TRUE_CLUSTER %} + search_node: + portgroups: + - {{ portgroups.elasticsearch_node }} + {% endif %} self: portgroups: - {{ portgroups.syslog}} diff --git a/setup/so-functions b/setup/so-functions index 4ba639fa5..3cf268869 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1883,7 +1883,7 @@ set_initial_firewall_policy() { ;; 'HEAVYNODE') ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP" - ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP" + ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost heavy_node "$MAINIP" ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE" ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" ;;