Fix annotations and defaults for logstash

salt/elasticfleet/init.sls

@@ -31,6 +31,7 @@ elasticfleet_sbin:
     - source: salt://elasticfleet/tools/sbin
     - user: 947
     - group: 939
+    - file_mode: 755
 
 elasticfleet_sbin_jinja:
   file.recurse:
@@ -38,6 +39,7 @@ elasticfleet_sbin_jinja:
     - source: salt://elasticfleet/tools/sbin_jinja
     - user: 947
     - group: 939 
+    - file_mode: 755
     - template: jinja
 
 eaconfdir:

salt/logstash/defaults.yaml

@@ -1,6 +1,23 @@
 logstash:
   assigned_pipelines:
     roles:
+      standalone:
+        - manager
+        - search
+      receiver:
+        - receiver
+      heavynode:
+        - search
+      searchnode:
+        - search
+      manager:
+        - manager
+      managersearch:
+        - manager
+        - search
+      fleet:
+        - fleet
+  defined_pipelines:
     fleet:
       - so/0012_input_elastic_agent.conf     
       - so/9806_output_lumberjack_fleet.conf.jinja
@@ -13,10 +30,27 @@ logstash:
       - so/0011_input_endgame.conf
       - so/0012_input_elastic_agent.conf
       - so/9999_output_redis.conf.jinja
-      search:
+    searchnode:
       - so/0900_input_redis.conf.jinja
       - so/9805_output_elastic_agent.conf.jinja
       - so/9900_output_endgame.conf.jinja
+    custom0: []
+    custom1: []
+    custom2: []
+    custom3: []
+    custom4: []
+  docker_options:
+    port_bindings:
+      - 0.0.0.0:3765:3765
+      - 0.0.0.0:5044:5044
+      - 0.0.0.0:5055:5055
+      - 0.0.0.0:5056:5056
+      - 0.0.0.0:5644:5644
+      - 0.0.0.0:6050:6050
+      - 0.0.0.0:6051:6051
+      - 0.0.0.0:6052:6052
+      - 0.0.0.0:6053:6053
+      - 0.0.0.0:9600:9600
   settings:
     lsheap: 500m
   config:

salt/logstash/soc_logstash.yaml

@@ -1,14 +1,33 @@
 logstash:
   assigned_pipelines:
-    roles:
-      receiver: &assigned_pipelines
-        description: List of pipelines assigned to this role.
+    standalone: &assigned_pipelines
+      description: List of defined pipelines to add to this role.
       advanced: True
       helpLink: logstash.html
       multiline: True
-      fleet: *assigned_pipelines
+      forcedType: "[]string"
+    receiver: *assigned_pipelines
+    heavynode: *assigned_pipelines
+    searchnode: *assigned_pipelines
     manager: *assigned_pipelines
-      search: *assigned_pipelines
+    managersearch: *assigned_pipelines
+    fleet: *assigned_pipelines
+  defined_pipelines:
+    roles:
+      receiver: &defined_pipelines
+        description: List of pipeline configurations assign to this group.
+        advanced: True
+        helpLink: logstash.html
+        multiline: True
+        forcedType: "[]string" 
+      fleet: *defined_pipelines
+      manager: *defined_pipelines
+      search: *defined_pipelines
+      custom0: *defined_pipelines
+      custom1: *defined_pipelines
+      custom2: *defined_pipelines
+      custom3: *defined_pipelines
+      custom4: *defined_pipelines
   settings:
     lsheap: 
       description: Heap size to use for logstash
@@ -38,6 +57,12 @@ logstash:
       helpLink: logstash.html
       readonly: True
       advanced: True
+    docker_options:
+      port_bindings:
+        description: List of ports to open to the logstash docker container. Firewall ports will still need to be added to the firewall configuration.
+        helpLink: logstash.html
+        advanced: True
+        multiline: True
   dmz_nodes:
     description: "List of receiver nodes in DMZs. Prevents sensors from sending to these receivers. Primarily used for external Elastic agents."
     helpLink: logstash.html