Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8

Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8. Also clean up the output to only emit one notification regarding index deletion, and additional verbiage around function operation.
2025-12-06 09:12:45 +01:00 · 2022-08-18 09:11:38 -04:00
parent 3b8d8163b3
commit 5deda45b66
1 changed files with 46 additions and 39 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -387,12 +387,7 @@ clone_to_tmp() {
 }

 elastalert_indices_check() {
-
-  # Stop Elastalert to prevent Elastalert indices from being re-created
-  if grep -q "^so-elastalert$" /opt/so/conf/so-status/so-status.conf ; then
-    so-elastalert-stop || true
-  fi
-  
+  echo "Checking Elastalert indices for compatibility..."
  # Wait for ElasticSearch to initialize
  echo -n "Waiting for ElasticSearch..."
  COUNT=0
@@ -418,6 +413,14 @@ elastalert_indices_check() {
    exit 1
  fi

+  MAJOR_ES_VERSION=$(so-elasticsearch-query / | jq -r .version.number | cut -d '.' -f1)
+  if [[ "$MAJOR_ES_VERSION" -lt "8" ]]; then
+
+    # Stop Elastalert to prevent Elastalert indices from being re-created
+    if grep -q "^so-elastalert$" /opt/so/conf/so-status/so-status.conf ; then
+      so-elastalert-stop || true
+    fi
+
    # Check Elastalert indices
    echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
    CHECK_COUNT=0
@@ -431,10 +434,9 @@ elastalert_indices_check() {
      COUNT=0
      ELASTALERT_INDICES_DELETED="no"
      while [[ "$COUNT" -le 240 ]]; do
-      RESPONSE=$(so-elasticsearch-query elastalert*)
+        RESPONSE=$(so-elasticsearch-query "elastalert*")
        if [[ "$RESPONSE" == "{}" ]]; then
          ELASTALERT_INDICES_DELETED="yes"
-        echo "Elastalert indices successfully deleted."
          break
        else
          ((COUNT+=1))
@@ -446,12 +448,17 @@ elastalert_indices_check() {
    done

    # If we were unable to delete the Elastalert indices, exit the script
-  if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then
+    if [ "$ELASTALERT_INDICES_DELETED" == "yes" ]; then
+      echo "Elastalert indices successfully deleted."
+    else
      echo
      echo -e "Unable to connect to delete Elastalert indices. Exiting."
      echo
      exit 1
    fi
+  else
+    echo "Major Elasticsearch version is greater than 7...skipping Elastalert index maintenance."
+  fi
 }

 enable_highstate() {