CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

generate elasticsearch.auth pillar if it doesnt exist

Browse Source
This commit is contained in:
m0duspwnens
2021-05-25 11:52:58 -04:00
parent 5a1e8d9fe9
commit 8d9d5a267a
4 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/top.sls
View File

@@ -46,6 +46,9 @@ base:
- logstash.manager - logstash.manager
- logstash.search - logstash.search
- elasticsearch.search - elasticsearch.search
{% if salt['file.exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
- data.* - data.*
- zeeklogs - zeeklogs
- secrets - secrets

9
salt/elasticsearch/auth.sls Normal file
View File

@@ -0,0 +1,9 @@
elastic_auth_pillar:
file.managed:
- name: /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
- contents: |
elasticsearch:
auth:
enabled: False
user: so_elastic
pass: {{ salt['random.get_str'](20) }}

1
salt/elasticsearch/files/curl.config Normal file
View File

@@ -0,0 +1 @@
user = "salt['pillar.get']('elasticsearch:auth:user'):salt['pillar.get']('elasticsearch:auth:pass')"

8
salt/elasticsearch/init.sls
View File

@@ -256,6 +256,14 @@ so-elasticsearch-templates:
- template: jinja - template: jinja
{% endif %} {% endif %}
elastic_curl_config:
file.managed:
- name: /opt/so/conf/elasticsearch/curl.config
- mode: 600
# since we are generating a random password, and we don't want that to happen everytime
# a highstate runs, we only manage the file if it doesn't exist
- unless: ls /opt/so/conf/elasticsearch/curl.config
{% endif %} {# if grains['role'] != 'so-helix' #} {% endif %} {# if grains['role'] != 'so-helix' #}
{% else %} {% else %}