diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index 21b94a2ba..2e5e28a6c 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -178,6 +178,11 @@ docker: custom_bind_mounts: [] extra_hosts: [] extra_env: [] + 'so-elastic-agent': + final_octet: 46 + custom_bind_mounts: [] + extra_hosts: [] + extra_env: [] 'so-telegraf': final_octet: 99 custom_bind_mounts: [] diff --git a/salt/elasticagent/enabled.sls b/salt/elasticagent/enabled.sls index 52467a54e..ee4b1d2be 100644 --- a/salt/elasticagent/enabled.sls +++ b/salt/elasticagent/enabled.sls @@ -31,19 +31,16 @@ so-elastic-agent: - {{ XTRAHOST }} {% endfor %} {% endif %} - - port_bindings: - {% for BINDING in DOCKER.containers['so-elastic-agent'].port_bindings %} - - {{ BINDING }} - {% endfor %} - binds: - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro + - /nsm:/nsm:ro {% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} - {{ BIND }} {% endfor %} {% endif %} - - environment: {% if DOCKER.containers['so-elastic-agent'].extra_env %} + - environment: {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %} - {{ XTRAENV }} {% endfor %} diff --git a/salt/elasticagent/files/elastic-agent.yml.jinja b/salt/elasticagent/files/elastic-agent.yml.jinja index 3eb63962b..45bac49b4 100644 --- a/salt/elasticagent/files/elastic-agent.yml.jinja +++ b/salt/elasticagent/files/elastic-agent.yml.jinja @@ -11,6 +11,7 @@ outputs: - 'https://{{ GLOBALS.hostname }}:9200' username: '{{ ES_USER }}' password: '{{ ES_PASS }}' + ssl.verification_mode: none output_permissions: {} agent: download: @@ -29,7 +30,7 @@ inputs: meta: package: name: log - version: 1.1.2 + version: data_stream: namespace: so package_policy_id: 80ffa884-2cfc-459a-964a-34df25714d85 @@ -54,7 +55,7 @@ inputs: meta: package: name: log - version: 1.1.2 + version: data_stream: namespace: so package_policy_id: 90103ac4-f6bd-4a4a-b596-952c332390fc @@ -79,7 +80,7 @@ inputs: meta: package: name: log - version: 1.1.2 + version: data_stream: namespace: so package_policy_id: 6197fe84-9b58-4d9b-8464-3d517f28808d diff --git a/salt/elasticagent/tools/sbin/so-elastic-agent-restart b/salt/elasticagent/tools/sbin/so-elastic-agent-restart new file mode 100755 index 000000000..cb125ce10 --- /dev/null +++ b/salt/elasticagent/tools/sbin/so-elastic-agent-restart @@ -0,0 +1,10 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +/usr/sbin/so-restart elastic-agent $1 diff --git a/salt/elasticagent/tools/sbin/so-elastic-agent-start b/salt/elasticagent/tools/sbin/so-elastic-agent-start new file mode 100755 index 000000000..294b9ba7a --- /dev/null +++ b/salt/elasticagent/tools/sbin/so-elastic-agent-start @@ -0,0 +1,12 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + + +. /usr/sbin/so-common + +/usr/sbin/so-start elastic-agent $1 diff --git a/salt/elasticagent/tools/sbin/so-elastic-agent-stop b/salt/elasticagent/tools/sbin/so-elastic-agent-stop new file mode 100755 index 000000000..cbfdcd380 --- /dev/null +++ b/salt/elasticagent/tools/sbin/so-elastic-agent-stop @@ -0,0 +1,12 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + + +. /usr/sbin/so-common + +/usr/sbin/so-stop elastic-agent $1 diff --git a/salt/elasticfleet/install_agent_grid.sls b/salt/elasticfleet/install_agent_grid.sls index 00a74437e..2199d2530 100644 --- a/salt/elasticfleet/install_agent_grid.sls +++ b/salt/elasticfleet/install_agent_grid.sls @@ -7,10 +7,12 @@ {% set AGENT_STATUS = salt['service.available']('elastic-agent') %} {% if not AGENT_STATUS %} +{% if grains.role not in ['so-heavy'] %} run_installer: cmd.script: - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64 - cwd: /opt/so - args: -token={{ GRIDNODETOKEN }} +{% endif %} {% endif %} diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index e9aff9e09..df0adb73c 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -133,6 +133,15 @@ function add_elasticsearch_to_minion() { " " >> $PILLARFILE } + +# Add Elastic Agent settings to the minion file +function add_elastic_agent_to_minion() { + printf '%s\n'\ + "elasticagent:"\ + " enabled: True"\ + " " >> $PILLARFILE +} + # Add Elastic Fleet Server settings to the minion file function add_fleet_to_minion() { @@ -518,6 +527,7 @@ function createIDH() { function createHEAVYNODE() { add_elasticsearch_to_minion + add_elastic_agent_to_minion add_logstash_to_minion add_sensor_to_minion add_strelka_to_minion