From c8a360357781b7eeab87e4071c210792004f2cc0 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Thu, 2 Oct 2025 14:47:38 -0500 Subject: [PATCH] update logstash fleet output policy --- .../so-elastic-fleet-outputs-update | 14 ++++++-- .../tools/sbin_jinja/so-elastic-fleet-setup | 2 +- salt/manager/tools/sbin/soup | 34 +++++++++++++++++++ 3 files changed, 47 insertions(+), 3 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update index 43eef6ee9..24f38765a 100644 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update @@ -15,8 +15,18 @@ if ! is_manager_node; then fi function update_logstash_outputs() { - # Generate updated JSON payload - JSON_STRING=$(jq -n --arg UPDATEDLIST $NEW_LIST_JSON '{"name":"grid-logstash","type":"logstash","hosts": $UPDATEDLIST,"is_default":true,"is_default_monitoring":true,"config_yaml":""}') + if logstash_policy=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "http://localhost:5601/api/fleet/outputs/so-manager_logstash" --retry 3 --retry-delay 10 --fail 2>/dev/null); then + SSL_CONFIG=$(echo "$logstash_policy" | jq -r '.item.ssl') + if SECRETS=$(echo "$logstash_policy" | jq -er '.item.secrets' 2>/dev/null); then + JSON_STRING=$(jq -n \ + --arg UPDATEDLIST $NEW_LIST_JSON \ + '{"name":"grid-logstash","type":"logstash","hosts": $UPDATEDLIST,"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl": $SSL_CONFIG,"secrets": $SECRETS}') + else + JSON_STRING=$(jq -n \ + --arg UPDATEDLIST $NEW_LIST_JSON \ + '{"name":"grid-logstash","type":"logstash","hosts": $UPDATEDLIST,"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl": $SSL_CONFIG}') + fi + fi # Update Logstash Outputs curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/outputs/so-manager_logstash" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" | jq diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup index ab6757893..446fc6c9a 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup @@ -127,7 +127,7 @@ JSON_STRING=$( jq -n \ --arg LOGSTASHCRT "$LOGSTASHCRT" \ --arg LOGSTASHKEY "$LOGSTASHKEY" \ --arg LOGSTASHCA "$LOGSTASHCA" \ - '{"name":"grid-logstash","is_default":true,"is_default_monitoring":true,"id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055", "{{ GLOBALS.manager }}:5055"],"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]},"proxy_id":null}' + '{"name":"grid-logstash","is_default":true,"is_default_monitoring":true,"id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055", "{{ GLOBALS.manager }}:5055"],"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"certificate_authorities":[ $LOGSTASHCA ]},"secrets":{"ssl":{"key": $LOGSTASHKEY }},"proxy_id":null}' ) if ! fleet_api "outputs" -XPOST -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"; then echo -e "\nFailed to create logstash fleet output" diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 52d6e92e9..18ed1581f 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -422,6 +422,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.4.150 ]] && up_to_2.4.160 [[ "$INSTALLEDVERSION" == 2.4.160 ]] && up_to_2.4.170 [[ "$INSTALLEDVERSION" == 2.4.170 ]] && up_to_2.4.180 + [[ "$INSTALLEDVERSION" == 2.4.180 ]] && up_to_2.4.190 true } @@ -617,6 +618,16 @@ post_to_2.4.190() { update_import_fleet_output fi + # Check if expected default policy is logstash (global.pipeline is REDIS or "") + pipeline=$(lookup_pillar "pipeline" "global") + if [[ -z "$pipeline" ]] || [[ "$pipeline" == "REDIS" ]]; then + # Check if this grid is currently affected by corrupt fleet output policy + if elastic-agent status | grep "config: key file not configured" > /dev/null 2>&1; then + echo "Elastic Agent shows an ssl error connecting to logstash output. Updating output policy..." + update_default_logstash_output + fi + fi + POSTVERSION=2.4.190 } @@ -1173,6 +1184,29 @@ update_import_fleet_output() { fi } +update_default_logstash_output() { + echo "Updating fleet logstash output policy grid-logstash" + if logstash_policy=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "http://localhost:5601/api/fleet/outputs/so-manager_logstash" --retry 3 --retry-delay 10 --fail 2>/dev/null); then + SSL_CONFIG=$(echo "$logstash_policy" | jq -r '.item.ssl') + # Keep already configured hosts for this update, subsequent host updates come from so-elastic-fleet-outputs-update + HOSTS=$(echo "$logstash_policy" | jq -r '.item.hosts') + DEFAULT_ENABLED=$(echo "$logstash_policy" | jq -r '.item.is_default') + DEFAULT_MONITORING_ENABLED=$(echo "$logstash_policy" | jq -r '.item.is_default_monitoring') + LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-logstash.key) + JSON_STRING=$(jq -n \ + --argjson HOSTS "$HOSTS" \ + --arg DEFAULT_ENABLED "$DEFAULT_ENABLED" \ + --arg DEFAULT_MONITORING_ENABLED "$DEFAULT_MONITORING_ENABLED" \ + --argjson SSL_CONFIG "$SSL_CONFIG" \ + --arg LOGSTASHKEY "$LOGSTASHKEY" \ + '{"name":"grid-logstash","type":"logstash","hosts": $HOSTS,"is_default": $DEFAULT_ENABLED,"is_default_monitoring": $DEFAULT_MONITORING_ENABLED,"config_yaml":"","ssl": $SSL_CONFIG,"secrets":{"ssl":{"key": $LOGSTASHKEY }}}') + fi + + if curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/outputs/so-manager_logstash" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" --retry 3 --retry-delay 10 --fail; then + echo "Successfully updated grid-logstash fleet output policy" + fi +} + update_salt_mine() { echo "Populating the mine with mine_functions for each host." set +e