ES salt module - Sync config files

salt/elastic/files/elasticsearch.yml

@@ -0,0 +1,10 @@
+{%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
+cluster.name: "{{ esclustername }}"
+network.host: 0.0.0.0
+
+# minimum_master_nodes need to be explicitly set when bound on a public IP
+# set to 1 to allow single node clusters
+# Details: https://github.com/elastic/elasticsearch/pull/17288
+discovery.zen.minimum_master_nodes: 1
+# This is a test -- if this is here, then the volume is mounted correctly.
+path.logs: /var/log/elasticsearch

salt/elastic/files/log4j2.properties

@@ -0,0 +1,20 @@
+status = error
+#appender.console.type = Console
+#appender.console.name = console
+#appender.console.layout.type = PatternLayout
+#appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
+#rootLogger.level = info
+#rootLogger.appenderRef.console.ref = console
+# This is a test -- if this here, then the volume is mounted correctly.
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %.10000m%n
+appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}.log
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+rootLogger.level = info
+rootLogger.appenderRef.rolling.ref = rolling

salt/elastic/init.sls

@@ -13,9 +13,15 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-{% set esclustername = salt['pillar.get'](master:esclustername) %}
+{% set esclustername = salt['pillar.get']('master:esclustername', '') %}
-{% set esheap = salt['pillar.get'](master:esheap) %}
+{% set esheap = salt['pillar.get']('master:esheap', '') %}
-{% set esaccessip = salt['pillar.get'](master:esaccessip) %}
+{% set esaccessip = salt['pillar.get']('master:esaccessip', '') %}
+
+# Add ES Group
+elasticsearchgroup:
+  group.present:
+    - name: elasticsearch
+    - gid: 930
 
 # Add ES user
 elasticsearch:
@@ -24,45 +30,39 @@ elasticsearch:
     - gid: 930
     - home: /opt/so/conf/elasticsearch
 
-# Add the logstash user for the jog4j settings
+eslog4jfile:
-logstash:
+  file.managed:
-  user.present:
+    - name: /opt/so/conf/elasticsearch/log4j2.properties
-    - uid: 931
+    - source: salt://elasticsearch/files/log4j2.properties
-    - gid: 931
+    - user: 930
-    - home: /opt/so/conf/logstash
+    - group: 939
+    - template: jinja
 
-file.directory:
+esyml:
-  - name: /opt/so/conf/logstash
+  file.managed:
-  - user: 931
+    - name: /opt/so/conf/elasticsearch/elasticsearch.yml
-  - group: 939
+    - source: salt://elasticsearch/files/elasticsearch.yml
-  - makedirs: True
+    - user: 930
+    - group: 939
+    - template: jinja
 
-file.manage:
+nsmesdir:
-  - name: /opt/so/conf/logstash/log4j2.properties
+  file.directory:
-  - source: salt://logstash/files/log4j2.properties
+    - name: /nsm/elasticsearch
-  - user: 931
+    - user: 930
-  - group: 939
+    - group: 939
+    - makedirs: True
 
-file.directory:
+eslogdir:
-  - name: /opt/so/conf/elasticsearch
+  file.directory:
-  - user: 930
+    - name: /opt/so/log/elasticsearch
-  - group: 939
+    - user: 930
-
+    - group: 939
-file.directory:
+    - makedirs: True
-  - name: /nsm/elasticsearch
-  - user: 930
-  - group: 939
-  - makedirs: True
-
-file.directory:
-  - name: /opt/so/log/elasticsearch
-  - user: 930
-  - group: 939
-  - makedirs: True
 
 so-elasticsearch:
-  dockerng.running:
+  docker_container.running:
-    - image: pillaritem/so-elasticsearch
+    - image: securityonion/so-elasticsearch:latest
     - hostname: elasticsearch
     - user: elasticsearch
     - environment:
@@ -79,7 +79,6 @@ so-elasticsearch:
       - {{ esaccessip }}:9200:9200
       - {{ esaccessip }}:9300:9300
     - binds:
-      - /opt/so/conf/logstash/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro
       - /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
       - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
       - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw

salt/logstash/init.sls

@@ -15,32 +15,32 @@
 
 # Logstash Section
 
-# Only run this is you are in the sensor role
+logstashgroup:
-{% if grains['role'] == 'so-sensor' %}
+  group.present:
+    - name: logstash
+    - gid: 931
 
-# Add Logstash user
+# Add the logstash user for the jog4j settings
 logstash:
   user.present:
     - uid: 931
     - gid: 931
     - home: /opt/so/conf/logstash
 
-# Create logstash conf directory
+lsconfdir:
-file.directory:
+  file.directory:
-  - name: /opt/so/conf/logstash
+    - name: /opt/so/conf/logstash
-  - user: 931
+    - user: 931
-  - group: 939
+    - group: 939
-  - makedirs: True
+    - makedirs: True
 
-# Set the heap size from the sensor pillar
+log4jfile:
-{% set lsheap = salt['pillar.get'](sensor:lsheap) %}
+  file.managed:
+    - name: /opt/so/conf/logstash/log4j2.properties
+    - source: salt://logstash/files/log4j2.properties
+    - user: 931
+    - group: 939
 
-{% else %}
-
-# Set the heap size from the master pillar
-{% set lsheap = salt['pillar.get'](master:lsheap) %}
-
-{% endif %}
 
 # Create the conf/d logstash directory
 file.directory: