From 6ee66a34bce56d5db19dab5f6be42be10037a8af Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Wed, 25 Jan 2023 17:12:03 -0500
Subject: [PATCH] Revert "Elastic Agent and Fleet - Import Mode"

---
 salt/allowed_states.map.jinja                 |  3 +--
 salt/common/tools/sbin/so-elastic-fleet-setup | 13 ++-----------
 salt/common/tools/sbin/so-image-common        |  2 --
 salt/firewall/assigned_hostgroups.map.yaml    |  5 -----
 salt/top.sls                                  |  1 -
 setup/so-setup                                |  8 ++++----
 6 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 823b7b647..2f6cc60a0 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -107,8 +107,7 @@
           'zeek',
           'schedule',
           'tcpreplay',
-          'docker_clean',
-          'elastic-fleet'
+          'docker_clean'
           ],
       'so-manager': [
           'salt.master',
diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/common/tools/sbin/so-elastic-fleet-setup
index 01968fcb4..4e3d7639c 100755
--- a/salt/common/tools/sbin/so-elastic-fleet-setup
+++ b/salt/common/tools/sbin/so-elastic-fleet-setup
@@ -19,18 +19,10 @@ printf "\n"
 curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/settings" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d  '{"fleet_server_hosts":["https://{{ GLOBALS.manager_ip }}:8220"]}'
 printf "\n\n"
 
-# Configure certificates
+# Create Logstash Output payload
 mkdir -p /opt/so/conf/elastic-fleet/certs
 cp /etc/ssl/certs/intca.crt /opt/so/conf/elastic-fleet/certs
 cp /etc/pki/elasticfleet* /opt/so/conf/elastic-fleet/certs
-
-{% if grains.role == 'so-import' %}
-# Add SO-Manager Elasticsearch Ouput
-curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d '{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities":[ "/etc/pki/ca.crt" ]}}'
-printf "\n\n"
-
-{% else %}
-# Create Logstash Output payload
 LOGSTASHCRT=$(openssl x509 -in /opt/so/conf/elastic-fleet/certs/elasticfleet.crt)
 LOGSTASHKEY=$(openssl rsa -in  /opt/so/conf/elastic-fleet/certs/elasticfleet.key)
 LOGSTASHCA=$(openssl x509 -in  /opt/so/conf/elastic-fleet/certs/intca.crt)
@@ -38,13 +30,12 @@ JSON_STRING=$( jq -n \
                   --arg LOGSTASHCRT "$LOGSTASHCRT" \
                   --arg LOGSTASHKEY "$LOGSTASHKEY" \
                   --arg LOGSTASHCA "$LOGSTASHCA" \
-                  '{"name":"so-manager_logstash","id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]}}'
+                  '{"name":"so-manager_logstash","id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]}}'                
                   )
 
 # Add SO-Manager Logstash Ouput
 curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
 printf "\n\n"
-{%- endif %}
 
 # Add Elastic Fleet Integrations
 
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 0f03d891e..3851d8b4a 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -24,8 +24,6 @@ container_list() {
 
   if [ $MANAGERCHECK == 'so-import' ]; then
     TRUSTED_CONTAINERS=(
-      "so-elastic-agent"
-      "so-elastic-agent-builder"
       "so-elasticsearch"
       "so-filebeat"
       "so-idstools"
diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml
index 3b6f4a59a..6e249ec93 100644
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -436,7 +436,6 @@ role:
               - {{ portgroups.influxdb }}
               - {{ portgroups.elasticsearch_rest }}
               - {{ portgroups.elasticsearch_node }}
-              - {{ portgroups.elastic_agent_control }}
           sensors:
             portgroups:
               - {{ portgroups.beats_5044 }}
@@ -454,10 +453,6 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
-          elastic_agent_endpoint:
-             portgroups:
-               - {{ portgroups.elasticsearch_rest }}
-               - {{ portgroups.elastic_agent_control }}
           analyst:
             portgroups:
               - {{ portgroups.nginx }}
diff --git a/salt/top.sls b/salt/top.sls
index 4b8531f4d..e29d3b081 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -344,7 +344,6 @@ base:
     - zeek
     - schedule
     - docker_clean
-    - elastic-fleet
 
   '*_receiver and G@saltversion:{{saltversion}}':
     - match: compound
diff --git a/setup/so-setup b/setup/so-setup
index 1d5e1c122..86e9f23d0 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -587,10 +587,10 @@ if ! [[ -f $install_opt_file ]]; then
 		add_web_user
 		info "Restarting SOC to pick up initial user"
 		logCmd "so-soc-restart"
-	        title "Setting up Elastic Fleet"
-	        logCmd "so-elastic-fleet-setup"
-	        if [[ ! $is_import ]]; then
-		  	title "Setting up Playbook"
+		if [[ ! $is_import ]]; then
+			title "Setting up Elastic Fleet"
+			logCmd "so-elastic-fleet-setup"
+			title "Setting up Playbook"
 			logCmd "so-playbook-reset"
 		fi
 		checkin_at_boot