Merge pull request #7565 from Security-Onion-Solutions/fix/es_template_fix

Custom ES template fixes

salt/elasticsearch/init.sls

@@ -207,6 +207,7 @@ escomponenttemplates:
       
 # Auto-generate templates from defaults file
 {% for index, settings in ES_INDEX_SETTINGS.items() %}
+  {% if settings.index_template is defined %}
 es_index_template_{{index}}:
   file.managed:
     - name: /opt/so/conf/elasticsearch/templates/index/{{ index }}-template.json
@@ -216,6 +217,7 @@ es_index_template_{{index}}:
     - template: jinja
     - onchanges_in:
       - cmd: so-elasticsearch-templates
+  {% endif %}
 {% endfor %}
 
 {% if TEMPLATES %}

salt/elasticsearch/template.map.jinja

@@ -1,7 +1,9 @@
 {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
 {%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ESCONFIG.elasticsearch.index_settings, merge=True) %}
 {% for index, settings in ES_INDEX_SETTINGS.items() %}
-  {% if settings.index_sorting, False %}
-    {% do settings.index_template.template.settings.index.pop('sort') %}
+  {% if settings.index_template is defined %}
+    {% if not settings.get('index_sorting', False) | to_bool and settings.index_template.template.settings.index.sort is defined %}
+      {% do settings.index_template.template.settings.index.pop('sort') %}
+    {% endif %}
   {% endif %}
 {% endfor %}

salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load

@@ -48,7 +48,7 @@ fi
 
 cd ${ELASTICSEARCH_ROLES}
 
-echo "Loading templates..."
+echo "Loading roles..."
 for role in *; do
 	name=$(echo "$role" | cut -d. -f1)
 	so-elasticsearch-query _security/role/$name -XPUT -d @"$role"

salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load

@@ -30,7 +30,7 @@ echo -n "Waiting for ElasticSearch..."
 COUNT=0
 ELASTICSEARCH_CONNECTED="no"
 while [[ "$COUNT" -le 240 ]]; do
-    {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+      so-elasticsearch-query -k --output /dev/null --silent --head --fail
 	if [ $? -eq 0 ]; then
 		ELASTICSEARCH_CONNECTED="yes"
 		echo "connected!"
@@ -50,21 +50,20 @@ fi
 cd ${ELASTICSEARCH_TEMPLATES}/component/ecs
 
 echo "Loading ECS component templates..."
-for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE-mappings"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_component_template/$TEMPLATE-mappings -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
-echo
+for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE-mappings"; so-elasticsearch-query _component_template/$TEMPLATE-mappings -d@$i -XPUT 2>/dev/null; echo; done
 
 # Load SO-specific component templates
 cd ${ELASTICSEARCH_TEMPLATES}/component/so
 
 echo "Loading Security Onion component templates..."
-for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_component_template/$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE"; so-elasticsearch-query _component_template/$TEMPLATE -d@$i -XPUT 2>/dev/null; echo; done
 echo
 
 # Load SO index templates
 cd ${ELASTICSEARCH_TEMPLATES}/index
 
 echo "Loading Security Onion index templates..."
-for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_index_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; so-elasticsearch-query _index_template/so-$TEMPLATE -d@$i -XPUT 2>/dev/null; echo; done
 echo
 
 cd - >/dev/null