ES salt module - Sync config files

2025-12-06 17:22:49 +01:00 · 2018-02-08 13:36:24 -05:00
parent ee44c54060
commit 6b155ca464
4 changed files with 84 additions and 55 deletions
--- a/salt/elastic/files/elasticsearch.yml
+++ b/salt/elastic/files/elasticsearch.yml
@@ -0,0 +1,10 @@
+{%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
+cluster.name: "{{ esclustername }}"
+network.host: 0.0.0.0
+
+# minimum_master_nodes need to be explicitly set when bound on a public IP
+# set to 1 to allow single node clusters
+# Details: https://github.com/elastic/elasticsearch/pull/17288
+discovery.zen.minimum_master_nodes: 1
+# This is a test -- if this is here, then the volume is mounted correctly.
+path.logs: /var/log/elasticsearch
--- a/salt/elastic/files/log4j2.properties
+++ b/salt/elastic/files/log4j2.properties
@@ -0,0 +1,20 @@
+status = error
+#appender.console.type = Console
+#appender.console.name = console
+#appender.console.layout.type = PatternLayout
+#appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
+#rootLogger.level = info
+#rootLogger.appenderRef.console.ref = console
+# This is a test -- if this here, then the volume is mounted correctly.
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %.10000m%n
+appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}.log
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+rootLogger.level = info
+rootLogger.appenderRef.rolling.ref = rolling
--- a/salt/elastic/init.sls
+++ b/salt/elastic/init.sls
@@ -13,9 +13,15 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.

-{% set esclustername = salt['pillar.get'](master:esclustername) %}
-{% set esheap = salt['pillar.get'](master:esheap) %}
-{% set esaccessip = salt['pillar.get'](master:esaccessip) %}
+{% set esclustername = salt['pillar.get']('master:esclustername', '') %}
+{% set esheap = salt['pillar.get']('master:esheap', '') %}
+{% set esaccessip = salt['pillar.get']('master:esaccessip', '') %}
+
+# Add ES Group
+elasticsearchgroup:
+  group.present:
+    - name: elasticsearch
+    - gid: 930

 # Add ES user
 elasticsearch:
@@ -24,45 +30,39 @@ elasticsearch:
    - gid: 930
    - home: /opt/so/conf/elasticsearch

-# Add the logstash user for the jog4j settings
-logstash:
-  user.present:
-    - uid: 931
-    - gid: 931
-    - home: /opt/so/conf/logstash
-
-file.directory:
-  - name: /opt/so/conf/logstash
-  - user: 931
-  - group: 939
-  - makedirs: True
-
-file.manage:
-  - name: /opt/so/conf/logstash/log4j2.properties
-  - source: salt://logstash/files/log4j2.properties
-  - user: 931
-  - group: 939
-
-file.directory:
-  - name: /opt/so/conf/elasticsearch
+eslog4jfile:
+  file.managed:
+    - name: /opt/so/conf/elasticsearch/log4j2.properties
+    - source: salt://elasticsearch/files/log4j2.properties
    - user: 930
    - group: 939
+    - template: jinja

-file.directory:
+esyml:
+  file.managed:
+    - name: /opt/so/conf/elasticsearch/elasticsearch.yml
+    - source: salt://elasticsearch/files/elasticsearch.yml
+    - user: 930
+    - group: 939
+    - template: jinja
+
+nsmesdir:
+  file.directory:
    - name: /nsm/elasticsearch
    - user: 930
    - group: 939
    - makedirs: True

-file.directory:
+eslogdir:
+  file.directory:
    - name: /opt/so/log/elasticsearch
    - user: 930
    - group: 939
    - makedirs: True

 so-elasticsearch:
-  dockerng.running:
-    - image: pillaritem/so-elasticsearch
+  docker_container.running:
+    - image: securityonion/so-elasticsearch:latest
    - hostname: elasticsearch
    - user: elasticsearch
    - environment:
@@ -79,7 +79,6 @@ so-elasticsearch:
      - {{ esaccessip }}:9200:9200
      - {{ esaccessip }}:9300:9300
    - binds:
-      - /opt/so/conf/logstash/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro
      - /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
      - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
      - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -15,32 +15,32 @@

 # Logstash Section

-# Only run this is you are in the sensor role
-{% if grains['role'] == 'so-sensor' %}
+logstashgroup:
+  group.present:
+    - name: logstash
+    - gid: 931

-# Add Logstash user
+# Add the logstash user for the jog4j settings
 logstash:
  user.present:
    - uid: 931
    - gid: 931
    - home: /opt/so/conf/logstash

-# Create logstash conf directory
-file.directory:
+lsconfdir:
+  file.directory:
    - name: /opt/so/conf/logstash
    - user: 931
    - group: 939
    - makedirs: True

-# Set the heap size from the sensor pillar
-{% set lsheap = salt['pillar.get'](sensor:lsheap) %}
+log4jfile:
+  file.managed:
+    - name: /opt/so/conf/logstash/log4j2.properties
+    - source: salt://logstash/files/log4j2.properties
+    - user: 931
+    - group: 939

-{% else %}
-
-# Set the heap size from the master pillar
-{% set lsheap = salt['pillar.get'](master:lsheap) %}
-
-{% endif %}

 # Create the conf/d logstash directory
 file.directory: