Fix Elastic Agent for Heavy

2025-12-15 05:32:49 +01:00 · 2023-06-23 10:45:58 -04:00
parent 8de01625a8
commit a9585b2a7f
8 changed files with 57 additions and 8 deletions
--- a/salt/docker/defaults.yaml
+++ b/salt/docker/defaults.yaml
@@ -178,6 +178,11 @@ docker:
      custom_bind_mounts: []
      extra_hosts: []
      extra_env: []
+    'so-elastic-agent':
+      final_octet: 46
+      custom_bind_mounts: []
+      extra_hosts: []
+      extra_env: []
    'so-telegraf':
      final_octet: 99
      custom_bind_mounts: []
--- a/salt/elasticagent/enabled.sls
+++ b/salt/elasticagent/enabled.sls
@@ -31,19 +31,16 @@ so-elastic-agent:
        - {{ XTRAHOST }}
          {% endfor %}
        {% endif %}
-    - port_bindings:
-      {% for BINDING in DOCKER.containers['so-elastic-agent'].port_bindings %}
-      - {{ BINDING }}
-      {% endfor %}
    - binds:
      - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
+      - /nsm:/nsm:ro
     {% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
        {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
      - {{ BIND }}
        {% endfor %}
      {% endif %}      
-    - environment:
      {% if DOCKER.containers['so-elastic-agent'].extra_env %}
+    - environment:
        {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %}
      - {{ XTRAENV }}
        {% endfor %}
--- a/salt/elasticagent/files/elastic-agent.yml.jinja
+++ b/salt/elasticagent/files/elastic-agent.yml.jinja
@@ -11,6 +11,7 @@ outputs:
      - 'https://{{ GLOBALS.hostname }}:9200'
    username: '{{ ES_USER }}'
    password: '{{ ES_PASS }}'
+    ssl.verification_mode: none
 output_permissions: {}
 agent:
  download:
@@ -29,7 +30,7 @@ inputs:
    meta:
      package:
        name: log
-        version: 1.1.2
+        version: 
    data_stream:
      namespace: so
    package_policy_id: 80ffa884-2cfc-459a-964a-34df25714d85
@@ -54,7 +55,7 @@ inputs:
    meta:
      package:
        name: log
-        version: 1.1.2
+        version: 
    data_stream:
      namespace: so
    package_policy_id: 90103ac4-f6bd-4a4a-b596-952c332390fc
@@ -79,7 +80,7 @@ inputs:
    meta:
      package:
        name: log
-        version: 1.1.2
+        version: 
    data_stream:
      namespace: so
    package_policy_id: 6197fe84-9b58-4d9b-8464-3d517f28808d
--- a/salt/elasticagent/tools/sbin/so-elastic-agent-restart
+++ b/salt/elasticagent/tools/sbin/so-elastic-agent-restart
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart elastic-agent $1
--- a/salt/elasticagent/tools/sbin/so-elastic-agent-start
+++ b/salt/elasticagent/tools/sbin/so-elastic-agent-start
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start elastic-agent $1
--- a/salt/elasticagent/tools/sbin/so-elastic-agent-stop
+++ b/salt/elasticagent/tools/sbin/so-elastic-agent-stop
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop elastic-agent $1
--- a/salt/elasticfleet/install_agent_grid.sls
+++ b/salt/elasticfleet/install_agent_grid.sls
@@ -7,10 +7,12 @@
 {% set AGENT_STATUS = salt['service.available']('elastic-agent') %}
 {% if not AGENT_STATUS  %}

+{% if grains.role not in ['so-heavy'] %}
 run_installer:
  cmd.script:
    - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64
    - cwd: /opt/so
    - args: -token={{ GRIDNODETOKEN }}
+{% endif %}  

 {% endif %}
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -133,6 +133,15 @@ function add_elasticsearch_to_minion() {
 		"  " >> $PILLARFILE
 }

+
+# Add Elastic Agent settings to the minion file
+function add_elastic_agent_to_minion() {
+    printf '%s\n'\
+		"elasticagent:"\
+		"  enabled: True"\
+		"  " >> $PILLARFILE
+}
+
 # Add Elastic Fleet Server settings to the minion file
 function add_fleet_to_minion() {

@@ -518,6 +527,7 @@ function createIDH() {

 function createHEAVYNODE() {
 	add_elasticsearch_to_minion
+    add_elastic_agent_to_minion
 	add_logstash_to_minion
 	add_sensor_to_minion
 	add_strelka_to_minion