diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 949fa5951..899a56b23 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -37,6 +37,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'idstools', 'suricata.manager', @@ -120,6 +121,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'idstools', 'suricata.manager', @@ -140,6 +142,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'manager', 'idstools', @@ -170,6 +173,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'idstools', 'suricata.manager', diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index a7fc19801..cfc4ff4ab 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -42,6 +42,7 @@ container_list() { "so-elastalert" "so-elastic-agent" "so-elastic-agent-builder" + "so-elastic-fleet-package-registry" "so-elasticsearch" "so-filebeat" "so-grafana" diff --git a/salt/elastic-fleet-package-registry/init.sls b/salt/elastic-fleet-package-registry/init.sls new file mode 100644 index 000000000..f14ad47c7 --- /dev/null +++ b/salt/elastic-fleet-package-registry/init.sls @@ -0,0 +1,46 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use +# this file except in compliance with the Elastic License 2.0. +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} +{% from 'vars/globals.map.jinja' import GLOBALS %} + +# Add Group +elasticsagentprgroup: + group.present: + - name: elastic-agent-pr + - gid: 948 + + +# Add user +elastic-agent-pr: + user.present: + - uid: 948 + - gid: 948 + - home: /opt/so/conf/elastic-fleet-pr + - createhome: False + +so-elastic-fleet-package-registry: + docker_container.running: + - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-fleet-package-registry:{{ GLOBALS.so_version }} + - name: so-elastic-fleet-package-registry + - hostname: Fleet-package-reg-{{ GLOBALS.hostname }} + - detach: True + - user: 948 + - extra_hosts: + - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} + - port_bindings: + - 0.0.0.0:8080:8080 + +append_so-elastic-fleet-package-registry_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-elastic-fleet-package-registry + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/kibana/config.map.jinja b/salt/kibana/config.map.jinja index af0e26fd5..8a107c2c9 100644 --- a/salt/kibana/config.map.jinja +++ b/salt/kibana/config.map.jinja @@ -7,6 +7,8 @@ {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %} +{% do KIBANACONFIG.kibana.config.xpack.fleet.update({'registryUrl': 'http://' ~ GLOBALS.manager_ip ~ ':8080'}) %} + {% if salt['pillar.get']('kibana:secrets') %} {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %} {% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %} diff --git a/salt/kibana/defaults.yaml b/salt/kibana/defaults.yaml index f6bf17e7e..d1c971461 100644 --- a/salt/kibana/defaults.yaml +++ b/salt/kibana/defaults.yaml @@ -31,6 +31,7 @@ kibana: kibanaServer: hostname: localhost fleet: + registryUrl: "" packages: - name: fleet_server version: latest diff --git a/salt/top.sls b/salt/top.sls index 973978537..d9653fca1 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -191,6 +191,7 @@ base: {%- if REDIS %} - redis {%- endif %} + - elastic-fleet-package-registry {%- if KIBANA %} - kibana.so_savedobjects_defaults {%- endif %}