Add Failover Support

2025-12-06 09:12:45 +01:00 · 2023-07-10 10:38:14 -04:00
parent 8c16feb772
commit 7805ca8beb
2 changed files with 14 additions and 2 deletions
--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -731,7 +731,6 @@ firewall:
                - yum
                - beats_5044
                - beats_5644
-                - beats_5056
                - elastic_agent_control
                - elastic_agent_data
                - elastic_agent_update
@@ -1159,6 +1158,9 @@ firewall:
      chain:
        DOCKER-USER:
          hostgroups:
+            fleet:
+              portgroups:
+                - beats_5056
            sensor:
              portgroups:
                - beats_5044
--- a/salt/logstash/pipelines/config/so/9806_output_lumberjack_fleet.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9806_output_lumberjack_fleet.conf.jinja
@@ -1,3 +1,13 @@
+{% set FAILOVER_LOGSTASH_NODES = [] %}
+{% set node_data = salt['pillar.get']('logstash:nodes', {GLOBALS.role.split('-')[1]: {GLOBALS.hostname: {'ip': GLOBALS.node_ip}}}) %}
+{% for node_type, node_details in node_data.items() | sort %}
+{%   if node_type not in ['heavynode', 'fleet', 'searchnode'] %}
+{%     for hostname in node_data[node_type].keys() %}
+{%       do FAILOVER_LOGSTASH_NODES.append(node_details[hostname].ip) %}
+{%     endfor %}
+{%   endif %}
+{% endfor %}
+
 filter {
       mutate {
                    add_tag => "fleet-lumberjack-{{ GLOBALS.hostname }}"
@@ -7,7 +17,7 @@ filter {
 output { 
    lumberjack { 
        codec => json 
-        hosts => "{{ GLOBALS.manager }}"
+        hosts => {{  FAILOVER_LOGSTASH_NODES }}
        ssl_certificate => "/usr/share/filebeat/ca.crt"
        port => 5056 
        id => "fleet-lumberjack-{{ GLOBALS.hostname }}"