ES salt module - Sync config files

2025-12-06 17:22:49 +01:00 · 2018-02-08 13:36:24 -05:00
parent ee44c54060
commit 6b155ca464
4 changed files with 84 additions and 55 deletions
--- a/salt/elastic/files/elasticsearch.yml
+++ b/salt/elastic/files/elasticsearch.yml
@@ -0,0 +1,10 @@
 {%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
 cluster.name: "{{ esclustername }}"
 network.host: 0.0.0.0
 # minimum_master_nodes need to be explicitly set when bound on a public IP
 # set to 1 to allow single node clusters
 # Details: https://github.com/elastic/elasticsearch/pull/17288
 discovery.zen.minimum_master_nodes: 1
 # This is a test -- if this is here, then the volume is mounted correctly.
 path.logs: /var/log/elasticsearch
--- a/salt/elastic/files/log4j2.properties
+++ b/salt/elastic/files/log4j2.properties
@@ -0,0 +1,20 @@
 status = error
 #appender.console.type = Console
 #appender.console.name = console
 #appender.console.layout.type = PatternLayout
 #appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
 #rootLogger.level = info
 #rootLogger.appenderRef.console.ref = console
 # This is a test -- if this here, then the volume is mounted correctly.
 appender.rolling.type = RollingFile
 appender.rolling.name = rolling
 appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
 appender.rolling.layout.type = PatternLayout
 appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %.10000m%n
 appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}.log
 appender.rolling.policies.type = Policies
 appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
 appender.rolling.policies.time.interval = 1
 appender.rolling.policies.time.modulate = true
 rootLogger.level = info
 rootLogger.appenderRef.rolling.ref = rolling
--- a/salt/elastic/init.sls
+++ b/salt/elastic/init.sls
@@ -13,9 +13,15 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set esclustername = salt['pillar.get'](master:esclustername) %}
+{% set esclustername = salt['pillar.get']('master:esclustername', '') %}
-{% set esheap = salt['pillar.get'](master:esheap) %}
+{% set esheap = salt['pillar.get']('master:esheap', '') %}
-{% set esaccessip = salt['pillar.get'](master:esaccessip) %}
+{% set esaccessip = salt['pillar.get']('master:esaccessip', '') %}
 # Add ES Group
 elasticsearchgroup:
  group.present:
    - name: elasticsearch
    - gid: 930
 # Add ES user
 elasticsearch:
@@ -24,45 +30,39 @@ elasticsearch:
    - gid: 930
    - home: /opt/so/conf/elasticsearch
-# Add the logstash user for the jog4j settings
+eslog4jfile:
-logstash:
+  file.managed:
-  user.present:
+    - name: /opt/so/conf/elasticsearch/log4j2.properties
-    - uid: 931
+    - source: salt://elasticsearch/files/log4j2.properties
    - gid: 931
    - home: /opt/so/conf/logstash
 file.directory:
  - name: /opt/so/conf/logstash
  - user: 931
  - group: 939
  - makedirs: True
 file.manage:
  - name: /opt/so/conf/logstash/log4j2.properties
  - source: salt://logstash/files/log4j2.properties
  - user: 931
  - group: 939
 file.directory:
  - name: /opt/so/conf/elasticsearch
    - user: 930
    - group: 939
    - template: jinja
-file.directory:
+esyml:
  file.managed:
    - name: /opt/so/conf/elasticsearch/elasticsearch.yml
    - source: salt://elasticsearch/files/elasticsearch.yml
    - user: 930
    - group: 939
    - template: jinja
 nsmesdir:
  file.directory:
    - name: /nsm/elasticsearch
    - user: 930
    - group: 939
    - makedirs: True
-file.directory:
+eslogdir:
  file.directory:
    - name: /opt/so/log/elasticsearch
    - user: 930
    - group: 939
    - makedirs: True
 so-elasticsearch:
-  dockerng.running:
+  docker_container.running:
-    - image: pillaritem/so-elasticsearch
+    - image: securityonion/so-elasticsearch:latest
    - hostname: elasticsearch
    - user: elasticsearch
    - environment:
@@ -79,7 +79,6 @@ so-elasticsearch:
      - {{ esaccessip }}:9200:9200
      - {{ esaccessip }}:9300:9300
    - binds:
      - /opt/so/conf/logstash/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro
      - /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
      - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
      - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -15,32 +15,32 @@
 # Logstash Section
-# Only run this is you are in the sensor role
+logstashgroup:
-{% if grains['role'] == 'so-sensor' %}
+  group.present:
    - name: logstash
    - gid: 931
-# Add Logstash user
+# Add the logstash user for the jog4j settings
 logstash:
  user.present:
    - uid: 931
    - gid: 931
    - home: /opt/so/conf/logstash
-# Create logstash conf directory
+lsconfdir:
-file.directory:
+  file.directory:
    - name: /opt/so/conf/logstash
    - user: 931
    - group: 939
    - makedirs: True
-# Set the heap size from the sensor pillar
+log4jfile:
-{% set lsheap = salt['pillar.get'](sensor:lsheap) %}
+  file.managed:
    - name: /opt/so/conf/logstash/log4j2.properties
    - source: salt://logstash/files/log4j2.properties
    - user: 931
    - group: 939
 {% else %}
 # Set the heap size from the master pillar
 {% set lsheap = salt['pillar.get'](master:lsheap) %}
 {% endif %}
 # Create the conf/d logstash directory
 file.directory: