From 50895ee30475fadcd09d5a36cd508590f6620826 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Jan 2023 10:16:58 -0500 Subject: [PATCH 1/8] need to set_minion_info in setup for each node type --- setup/so-setup | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/setup/so-setup b/setup/so-setup index 5088395f3..2644ca220 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -366,6 +366,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_airgap fi detect_cloud + set_minion_info set_default_log_size >> $setup_log 2>&1 info "Verifying all network devices are managed by Network Manager that should be" check_network_manager_conf @@ -385,6 +386,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_airgap fi detect_cloud + set_minion_info set_default_log_size >> $setup_log 2>&1 info "Verifying all network devices are managed by Network Manager that should be" check_network_manager_conf @@ -429,6 +431,7 @@ if ! [[ -f $install_opt_file ]]; then collect_mngr_hostname add_mngr_ip_to_hosts check_manager_connection + set_minion_info whiptail_end_settings elif [[ $is_idh ]]; then @@ -437,6 +440,7 @@ if ! [[ -f $install_opt_file ]]; then collect_mngr_hostname add_mngr_ip_to_hosts check_manager_connection + set_minion_info whiptail_end_settings elif [[ $is_import ]]; then @@ -466,6 +470,7 @@ if ! [[ -f $install_opt_file ]]; then collect_mngr_hostname add_mngr_ip_to_hosts check_manager_connection + set_minion_info whiptail_end_settings fi From b23575d85e36cbce492c28f0494f9d95307652ee Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Jan 2023 11:03:03 -0500 Subject: [PATCH 2/8] add global vars for manager --- salt/vars/manager.map.jinja | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 salt/vars/manager.map.jinja diff --git a/salt/vars/manager.map.jinja b/salt/vars/manager.map.jinja new file mode 100644 index 000000000..c6b348341 --- /dev/null +++ b/salt/vars/manager.map.jinja @@ -0,0 +1,15 @@ +{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} +{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %} + +{% set ROLE_GLOBALS = {} %} + +{% set MANAGER_GLOBALS = + [ + ELASTICSEARCH_GLOBALS, + LOGSTASH_GLOBALS + ] +%} + +{% for sg in MANAGER_GLOBALS %} +{% do salt['defaults.merge'](ROLE_GLOBALS, sg, merge_lists=False, in_place=True) %} +{% endfor %} From d1460ae01fd5eed2c2418f47c89298faba5c65fa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Jan 2023 17:05:40 -0500 Subject: [PATCH 3/8] add node_data.ips pillar. grab influx host ip for soc extra_hosts --- pillar/node_data/ips.sls | 10 ++++------ pillar/top.sls | 1 + salt/soc/init.sls | 3 ++- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pillar/node_data/ips.sls b/pillar/node_data/ips.sls index 233038e66..59c598879 100644 --- a/pillar/node_data/ips.sls +++ b/pillar/node_data/ips.sls @@ -1,7 +1,5 @@ {% set node_types = {} %} {% set manage_alived = salt.saltutil.runner('manage.alived', show_ip=True) %} -{% set manager = grains.master %} -{% set manager_type = manager.split('_')|last %} {% for minionid, ip in salt.saltutil.runner('mine.get', tgt='*', fun='network.ip_addrs', tgt_type='glob') | dictsort() %} {% set hostname = minionid.split('_')[0] %} {% set node_type = minionid.split('_')[1] %} @@ -24,10 +22,10 @@ node_data: {% for node_type, host_values in node_types.items() %} - {{node_type}}: {% for hostname, details in host_values.items() %} - {{hostname}}: - ip: {{details.ip}} - alive: {{ details.alive }} + {{hostname}}: + ip: {{details.ip}} + alive: {{ details.alive }} + role: {{node_type}} {% endfor %} {% endfor %} diff --git a/pillar/top.sls b/pillar/top.sls index 074a0a9d4..d24b6980f 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -10,6 +10,7 @@ base: - sensoroni.adv_sensoroni - telegraf.soc_telegraf - telegraf.adv_telegraf + - node_data.ips '* and not *_eval and not *_import': - logstash.nodes diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 40cb4487d..65cae16e6 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -110,8 +110,9 @@ so-soc: - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw - /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw - /opt/so/saltstack:/opt/so/saltstack:rw - {%- if salt['pillar.get']('nodestab', {}) %} - extra_hosts: + - {{GLOBALS.influxdb_host}}:{{pillar.node_data[GLOBALS.influxdb_host].ip}} + {%- if salt['pillar.get']('nodestab', {}) %} {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - {{ SN.split('_')|first }}:{{ SNDATA.ip }} {%- endfor %} From 3f99e3402e3f1b6368d9e92117f1c9911be1a272 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 25 Jan 2023 10:53:58 -0500 Subject: [PATCH 4/8] add elasticsearch pillar files to manager and adv_elasticsearch to those that had soc_elasticsearch --- pillar/top.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pillar/top.sls b/pillar/top.sls index d24b6980f..61088e0a3 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -52,6 +52,8 @@ base: - redis.adv_redis - influxdb.soc_influxdb - influxdb.adv_influxdb + - elasticsearch.soc_elasticsearch + - elasticsearch.adv_elasticsearch - backup.soc_backup - backup.adv_backup - minions.{{ grains.id }} @@ -77,6 +79,7 @@ base: - soc_global - kratos.soc_kratos - elasticsearch.soc_elasticsearch + - elasticsearch.adv_elasticsearch - manager.soc_manager - soc.soc_soc - kratos.soc_kratos @@ -112,6 +115,7 @@ base: - influxdb.soc_influxdb - influxdb.adv_influxdb - elasticsearch.soc_elasticsearch + - elasticsearch.adv_elasticsearch - manager.soc_manager - soc.soc_soc - backup.soc_backup @@ -170,6 +174,7 @@ base: {% endif %} - kratos.soc_kratos - elasticsearch.soc_elasticsearch + - elasticsearch.adv_elasticsearch - manager.soc_manager - soc.soc_soc - soc_global From b7a5937dc1675e61461e6bcd08e40ae39e46f7c2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 25 Jan 2023 14:04:36 -0500 Subject: [PATCH 5/8] add soc_logstash and adv_logstash to nodes in pillar/top --- pillar/top.sls | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pillar/top.sls b/pillar/top.sls index 61088e0a3..87cab8c29 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -24,11 +24,15 @@ base: - logstash - logstash.manager - logstash.search + - logstash.soc_logstash + - logstash.adv_logstash - elasticsearch.index_templates '*_manager': - logstash - logstash.manager + - logstash.soc_logstash + - logstash.adv_logstash - elasticsearch.index_templates '*_manager or *_managersearch': @@ -98,6 +102,7 @@ base: - logstash.manager - logstash.search - logstash.soc_logstash + - logstash.adv_logstash - elasticsearch.index_templates {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth @@ -139,6 +144,8 @@ base: '*_searchnode': - logstash - logstash.search + - logstash.soc_logstash + - logstash.adv_logstash - elasticsearch.index_templates {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth @@ -153,6 +160,8 @@ base: '*_receiver': - logstash - logstash.receiver + - logstash.soc_logstash + - logstash.adv_logstash {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} - elasticsearch.auth {% endif %} From 790aa6b684e292d9fb17bc64f33c92caf963aa93 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 25 Jan 2023 15:18:56 -0500 Subject: [PATCH 6/8] add logstash pillar items for minions --- salt/common/tools/sbin/so-minion | 19 +++++++++++++++++++ setup/so-functions | 19 +++++-------------- setup/so-setup | 3 +++ 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index 1f71eb12e..a51a31ed4 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -119,6 +119,18 @@ function add_elastic_to_minion() { " " >> $PILLARFILE } +function add_logstash_to_minion() { + # Create the logstash advanced pillar + printf '%s\n'\ + "logstash_settings:"\ + " ls_host: '$LSHOSTNAME'"\ + " ls_pipeline_batch_size: 125"\ + " ls_input_threads: 1"\ + " lsheap: $LSHEAP"\ + " ls_pipeline_workers: $CPUCORES"\ + " " >> $PILLARFILE +} + # Analyst Workstation function add_analyst_to_minion() { printf '%s\n'\ @@ -167,6 +179,7 @@ function add_sensor_to_minion() { function createEVAL() { add_elastic_to_minion + add_logstash_to_minion add_sensor_to_minion } @@ -176,20 +189,24 @@ function createIDHNODE() { function createIMPORT() { add_elastic_to_minion + add_logstash_to_minion add_sensor_to_minion } function createHEAVYNODE() { add_elastic_to_minion + add_logstash_to_minion add_sensor_to_minion } function createMANAGER() { add_elastic_to_minion + add_logstash_to_minion } function createMANAGERSEARCH() { add_elastic_to_minion + add_logstash_to_minion } function createSENSOR() { @@ -198,10 +215,12 @@ function createSENSOR() { function createSEARCHNODE() { add_elastic_to_minion + add_logstash_to_minion } function createSTANDALONE() { add_elastic_to_minion + add_logstash_to_minion add_sensor_to_minion } diff --git a/setup/so-functions b/setup/so-functions index a046b49ca..045a728aa 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1307,15 +1307,7 @@ idh_pillar() { logstash_pillar() { # Create the logstash advanced pillar touch $adv_logstash_pillar_file - title "Create the logstash pillar" - printf '%s\n'\ - "logstash_settings:"\ - " ls_host: '$HOSTNAME'"\ - " ls_pipeline_batch_size: 125"\ - " ls_input_threads: 1"\ - " lsheap: $NODE_LS_HEAP_SIZE"\ - " ls_pipeline_workers: $num_cpu_cores"\ - "" > "$logstash_pillar_file" + touch $logstash_pillar_file } # Set Logstash heap size based on total memory @@ -1339,10 +1331,6 @@ ls_heapsize() { esac export LS_HEAP_SIZE - if [[ "$install_type" =~ ^(EVAL|MANAGERSEARCH|STANDALONE)$ ]]; then - NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE - export NODE_LS_HEAP_SIZE - fi } idstools_pillar() { @@ -1887,6 +1875,9 @@ drop_install_options() { NODETYPE=${install_type^^} echo "NODETYPE=$NODETYPE" >> /opt/so/install.txt echo "CORECOUNT=$lb_procs" >> /opt/so/install.txt + echo "LSHOSTNAME=$HOSTNAME" >> /opt/so/install.txt + echo "LSHEAP=$LS_HEAP_SIZE" >> /opt/so/install.txt + echo "CPUCORES=$num_cpu_cores" >> /opt/so/install.txt } remove_package() { @@ -2391,4 +2382,4 @@ verify_setup() { else whiptail_setup_failed fi -} \ No newline at end of file +} diff --git a/setup/so-setup b/setup/so-setup index 2644ca220..ccae9510b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -528,6 +528,9 @@ if ! [[ -f $install_opt_file ]]; then export PATCHSCHEDULENAME=$PATCHSCHEDULENAME export INTERFACE="bond0" export CORECOUNT=$lb_procs + export LSHOSTNAME=$HOSTNAME + export LSHEAP=$LS_HEAP_SIZE + export CPUCORES=$num_cpu_cores logCmd "so-minion -o=setup" title "Creating Global SLS" From 08750154b42a64272939bfefb9ab0d30ec44fe92 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 26 Jan 2023 09:11:28 -0500 Subject: [PATCH 7/8] add missing quotes in check_web_pass --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 045a728aa..666721557 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -200,7 +200,7 @@ check_service_status() { } check_web_pass() { - info Making sure web credential passwords match + info "Making sure web credential passwords match" check_pass_match "$WEBPASSWD1" "$WEBPASSWD2" "WPMATCH" } From aafbdf6afcca03df8706590ff3282520cea43b52 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 26 Jan 2023 10:12:37 -0500 Subject: [PATCH 8/8] adjust retry and timeout for wait_for_influxdb --- salt/influxdb/init.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 5a4936843..1758f17ae 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -94,10 +94,10 @@ wait_for_influxdb: - ssl: True - verify_ssl: False - status: 200 - - timeout: 30 + - timeout: 10 - retry: - attempts: 5 - interval: 60 + attempts: 20 + interval: 5 - require: - docker_container: so-influxdb