From c389944e5cb6aa50489b20cd4dd4518950b1c542 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 8 Nov 2022 09:56:53 -0500 Subject: [PATCH] Initial support for Elastic Package Registry --- salt/allowed_states.map.jinja | 4 ++ salt/elastic-fleet-package-registry/init.sls | 47 ++++++++++++++++++++ salt/kibana/config.map.jinja | 2 + salt/kibana/defaults.yaml | 1 + 4 files changed, 54 insertions(+) create mode 100644 salt/elastic-fleet-package-registry/init.sls diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 949fa5951..899a56b23 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -37,6 +37,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'idstools', 'suricata.manager', @@ -120,6 +121,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'idstools', 'suricata.manager', @@ -140,6 +142,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'manager', 'idstools', @@ -170,6 +173,7 @@ 'soc', 'kratos', 'elastic-fleet', + 'elastic-fleet-package-registry', 'firewall', 'idstools', 'suricata.manager', diff --git a/salt/elastic-fleet-package-registry/init.sls b/salt/elastic-fleet-package-registry/init.sls new file mode 100644 index 000000000..fd29c84b0 --- /dev/null +++ b/salt/elastic-fleet-package-registry/init.sls @@ -0,0 +1,47 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use +# this file except in compliance with the Elastic License 2.0. +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls in allowed_states %} +{% from 'vars/globals.map.jinja' import GLOBALS %} + +# Add Group +elasticsagentprgroup: + group.present: + - name: elastic-agent-pr + - gid: 948 + + +# Add user +elastic-agent-pr: + user.present: + - uid: 948 + - gid: 948 + - home: /opt/so/conf/elastic-fleet-pr + - createhome: False + +so-elastic-fleet-package-registry: + docker_container.running: + #- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent:{{ GLOBALS.so_version }} + - image: docker.elastic.co/package-registry/distribution:8.4.1 + - name: so-elastic-fleet-package-registry + - hostname: Fleet-package-reg-{{ GLOBALS.hostname }} + - detach: True + - user: 948 + - extra_hosts: + - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} + - port_bindings: + - 0.0.0.0:8080:8080 + +append_so-elastic-fleet-package-registry_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-elastic-fleet-package-registry + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/kibana/config.map.jinja b/salt/kibana/config.map.jinja index af0e26fd5..8a107c2c9 100644 --- a/salt/kibana/config.map.jinja +++ b/salt/kibana/config.map.jinja @@ -7,6 +7,8 @@ {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %} +{% do KIBANACONFIG.kibana.config.xpack.fleet.update({'registryUrl': 'http://' ~ GLOBALS.manager_ip ~ ':8080'}) %} + {% if salt['pillar.get']('kibana:secrets') %} {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %} {% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %} diff --git a/salt/kibana/defaults.yaml b/salt/kibana/defaults.yaml index f6bf17e7e..d1c971461 100644 --- a/salt/kibana/defaults.yaml +++ b/salt/kibana/defaults.yaml @@ -31,6 +31,7 @@ kibana: kibanaServer: hostname: localhost fleet: + registryUrl: "" packages: - name: fleet_server version: latest