From 97a2d91d15f85767c85a51e23f881c48a7a37fd3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 12:14:30 -0400 Subject: [PATCH 01/28] Re-arrange whiptail screens --- salt/elasticsearch/files/elasticsearch.yml | 7 +- setup/so-whiptail | 477 +++++++++++---------- 2 files changed, 250 insertions(+), 234 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index acad465d1..40f708057 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -42,5 +42,10 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% # authz_exception: true {%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} -node.name: {{ ESCLUSTERNAME }} +node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m +{%- if salt['pillar.get']('elasticsearch:true_cluster') %} + {%- if grains.role == 'so-manager' %} +node.roles: [ master ] + {%- endif %} +{%- endif %} diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..78e66285b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -31,24 +31,6 @@ whiptail_airgap() { whiptail_check_exitstatus $exitstatus } -whiptail_basic_zeek() { - - [ -n "$TESTING" ] && return - - if [[ $is_smooshed ]]; then - local PROCS=$(expr $lb_procs / 2) - if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi - else - local PROCS=$lb_procs - fi - - BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_basic_suri() { [ -n "$TESTING" ] && return @@ -68,15 +50,10 @@ whiptail_basic_suri() { } -whiptail_zeek_pins() { +whiptail_basic_zeek() { [ -n "$TESTING" ] && return - local cpu_core_list_whiptail=() - for item in "${cpu_core_list[@]}"; do - cpu_core_list_whiptail+=("$item" "OFF") - done - if [[ $is_smooshed ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi @@ -84,65 +61,11 @@ whiptail_zeek_pins() { local PROCS=$lb_procs fi - ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') - - IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" -} - -whiptail_zeek_version() { - - [ -n "$TESTING" ] && return - - ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ - "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) + BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus - -} - -whiptail_sensor_nics() { - - [ -n "$TESTING" ] && return - - filter_unused_nics - - if [[ $is_ec2 ]]; then - local menu_text="Please select NIC for the Monitor Interface:" - local list_type="radiolist" - else - local menu_text="Please add NICs to the Monitor Interface:" - local list_type="checklist" - fi - - BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - while [ -z "$BNICS" ] - do - BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - done - - BNICS=$(echo "$BNICS" | tr -d '"') - - IFS=' ' read -ra BNICS <<< "$BNICS" - - for bond_nic in "${BNICS[@]}"; do - if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then - whiptail \ - --title "Security Onion Setup" \ - --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ - 8 75 - exit - fi - done } whiptail_bond_nics_mtu() { @@ -184,6 +107,13 @@ whiptail_check_exitstatus() { esac } +whiptail_components_adv_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 +} + whiptail_create_admin_user() { [ -n "$TESTING" ] && return @@ -291,13 +221,6 @@ whiptail_create_web_user() { whiptail_check_exitstatus $exitstatus } -whiptail_invalid_user_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 -} - whiptail_create_web_user_password1() { [ -n "$TESTING" ] && return @@ -321,72 +244,6 @@ whiptail_create_web_user_password2() { } -whiptail_fleet_custom_hostname() { - - [ -n "$TESTING" ] && return - - FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ - "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_requirements_error() { - - local requirement_needed=$1 - local current_val=$2 - local needed_val=$3 - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" \ - --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_storage_requirements() { - local mount=$1 - local current_val=$2 - local needed_val=$3 - - [ -n "$TESTING" ] && return - - read -r -d '' message <<- EOM - Free space on mount point '${mount}' is currently ${current_val}. - - You need ${needed_val} to meet minimum requirements. - - Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. - - Press YES to continue anyway, or press NO to cancel. - EOM - - whiptail \ - --title "Security Onion Setup" \ - --yesno "$message" \ - 14 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_invalid_pass_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 -} - -whiptail_invalid_pass_characters_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 -} - whiptail_cur_close_days() { [ -n "$TESTING" ] && return @@ -502,11 +359,26 @@ whiptail_eval_adv() { whiptail_check_exitstatus $exitstatus } -whiptail_components_adv_warning() { +whiptail_fleet_custom_hostname() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 + FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ + "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_gauge_post_setup() { + + if [ -n "$TESTING" ]; then + cat >> $setup_log 2>&1 + else + local msg=$1 + + whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 + fi } whiptail_helix_apikey() { @@ -594,6 +466,27 @@ whiptail_install_type() { export install_type } +whiptail_invalid_pass_characters_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 +} + +whiptail_invalid_pass_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 +} + +whiptail_invalid_user_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 +} + whiptail_log_size_limit() { [ -n "$TESTING" ] && return @@ -608,6 +501,17 @@ whiptail_log_size_limit() { } +whiptail_make_changes() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_management_interface_dns() { [ -n "$TESTING" ] && return @@ -672,43 +576,6 @@ whiptail_management_nic() { } -whiptail_nids() { - - [ -n "$TESTING" ] && return - - NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ - "Suricata" "Suricata" ON \ - "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - -whiptail_oinkcode() { - - [ -n "$TESTING" ] && return - - OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - -whiptail_make_changes() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - whiptail_management_server() { [ -n "$TESTING" ] && return @@ -756,6 +623,17 @@ whiptail_manager_adv() { } +# Ask if you want to do true clustering +whiptail_manager_adv_escluster(){ + + [ -n "$TESTING" ] && return + + MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + # Ask which additional components to install whiptail_manager_adv_service_zeeklogs() { @@ -810,6 +688,54 @@ whiptail_manager_adv_service_zeeklogs() { } +whiptail_manager_updates() { + + [ -n "$TESTING" ] && return + + local update_string + update_string=$(whiptail --title "Security Onion Setup" --radiolist \ + "How would you like to download OS package updates for your grid?" 20 75 4 \ + "MANAGER" "Manager node is proxy for updates" ON \ + "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + case "$update_string" in + 'MANAGER') + export MANAGERUPDATES='1' + ;; + *) + export MANAGERUPDATES='0' + ;; + esac + +} + +whiptail_manager_updates_warning() { + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup"\ + --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ + 8 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_nids() { + + [ -n "$TESTING" ] && return + + NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ + "Suricata" "Suricata" ON \ + "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_network_notice() { [ -n "$TESTING" ] && return @@ -895,6 +821,18 @@ whiptail_node_ls_input_threads() { } +whiptail_oinkcode() { + + [ -n "$TESTING" ] && return + + OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + #TODO: helper function to display error message or exit if batch mode # exit_if_batch <"Error string"> @@ -1049,6 +987,21 @@ whiptail_patch_schedule_select_hours() { } +whiptail_requirements_error() { + + local requirement_needed=$1 + local current_val=$2 + local needed_val=$3 + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" \ + --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_rule_setup() { [ -n "$TESTING" ] && return @@ -1080,6 +1033,46 @@ whiptail_sensor_config() { } +whiptail_sensor_nics() { + + [ -n "$TESTING" ] && return + + filter_unused_nics + + if [[ $is_ec2 ]]; then + local menu_text="Please select NIC for the Monitor Interface:" + local list_type="radiolist" + else + local menu_text="Please add NICs to the Monitor Interface:" + local list_type="checklist" + fi + + BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + while [ -z "$BNICS" ] + do + BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + done + + BNICS=$(echo "$BNICS" | tr -d '"') + + IFS=' ' read -ra BNICS <<< "$BNICS" + + for bond_nic in "${BNICS[@]}"; do + if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then + whiptail \ + --title "Security Onion Setup" \ + --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ + 8 75 + exit + fi + done +} + whiptail_set_hostname() { [ -n "$TESTING" ] && return @@ -1200,15 +1193,30 @@ whiptail_so_allow() { fi } -whiptail_gauge_post_setup() { +whiptail_storage_requirements() { + local mount=$1 + local current_val=$2 + local needed_val=$3 - if [ -n "$TESTING" ]; then - cat >> $setup_log 2>&1 - else - local msg=$1 + [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 - fi + read -r -d '' message <<- EOM + Free space on mount point '${mount}' is currently ${current_val}. + + You need ${needed_val} to meet minimum requirements. + + Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. + + Press YES to continue anyway, or press NO to cancel. + EOM + + whiptail \ + --title "Security Onion Setup" \ + --yesno "$message" \ + 14 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_strelka_rules() { @@ -1251,40 +1259,6 @@ whiptail_suricata_pins() { } -whiptail_manager_updates() { - - [ -n "$TESTING" ] && return - - local update_string - update_string=$(whiptail --title "Security Onion Setup" --radiolist \ - "How would you like to download OS package updates for your grid?" 20 75 4 \ - "MANAGER" "Manager node is proxy for updates" ON \ - "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - case "$update_string" in - 'MANAGER') - export MANAGERUPDATES='1' - ;; - *) - export MANAGERUPDATES='0' - ;; - esac - -} - -whiptail_manager_updates_warning() { - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup"\ - --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ - 8 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_node_updates() { [ -n "$TESTING" ] && return @@ -1322,3 +1296,40 @@ whiptail_you_sure() { return $exitstatus } + +whiptail_zeek_pins() { + + [ -n "$TESTING" ] && return + + local cpu_core_list_whiptail=() + for item in "${cpu_core_list[@]}"; do + cpu_core_list_whiptail+=("$item" "OFF") + done + + if [[ $is_smooshed ]]; then + local PROCS=$(expr $lb_procs / 2) + if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi + else + local PROCS=$lb_procs + fi + + ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') + + IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" +} + +whiptail_zeek_version() { + + [ -n "$TESTING" ] && return + + ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ + "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} From bab6b151ff9f0fbf58e9ecb36c4d3adac3824959 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:07:22 -0400 Subject: [PATCH 02/28] Add cluster whiptail questions --- setup/so-setup | 3 +++ setup/so-whiptail | 14 +++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..e9ad3a281 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,6 +320,9 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv + if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ] + whiptail_manager_adv_escluster + fi whiptail_zeek_version # Don't run this function for now since Snort is not yet supported # whiptail_nids diff --git a/setup/so-whiptail b/setup/so-whiptail index 78e66285b..437b2192c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -631,7 +631,19 @@ whiptail_manager_adv_escluster(){ MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) local exitstatus=$? - whiptail_check_exitstatus $exitstatus + + if [[ $exitstatus == 0 ]]; then + whiptail_manager_adv_escluster_name + fi +} + +# Get a cluster name +whiptail_manager_adv_escluster_name(){ + + [ -n "$TESTING" ] && return + + ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter a name for your ES cluster!" 10 75 securityonion 3>&1 1>&2 2>&3) } # Ask which additional components to install From bbb825a2079423d87796c3a68c201ed2f256f4c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:33:40 -0400 Subject: [PATCH 03/28] Add cluster whiptail questions --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index e9ad3a281..cad7fea6a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,7 +320,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ] + if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ]]; then whiptail_manager_adv_escluster fi whiptail_zeek_version From f893cf203f37be8dc6dd35e00237ec78a2dc92cc Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:38:17 -0400 Subject: [PATCH 04/28] Change whiptail logic --- setup/so-setup | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index cad7fea6a..93a63a758 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,8 +320,10 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ]]; then - whiptail_manager_adv_escluster + if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then + whiptail_manager_adv_escluster + fi fi whiptail_zeek_version # Don't run this function for now since Snort is not yet supported From c22e8c08a6074a786726170752f1b57a7357f0e5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:40:22 -0400 Subject: [PATCH 05/28] Change whiptail logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 93a63a758..74ff6c0b8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,7 +320,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + if [ "$MANAGERADV" = 'ADVANCED' ]; then if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then whiptail_manager_adv_escluster fi From c538e5f85b9ea83eb8d48ece5356e87d70571ead Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:40:56 -0400 Subject: [PATCH 06/28] Change whiptail logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 74ff6c0b8..ab0d809a1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -321,7 +321,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv if [ "$MANAGERADV" = 'ADVANCED' ]; then - if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then + if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then whiptail_manager_adv_escluster fi fi From 6f703fad259775cffd67fdddf44fc884f2d93143 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:44:43 -0400 Subject: [PATCH 07/28] Change whiptail logic --- setup/so-whiptail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 437b2192c..302fb96e6 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -628,7 +628,8 @@ whiptail_manager_adv_escluster(){ [ -n "$TESTING" ] && return - MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) + whiptail --title "Security Onion Setup" --yesno \ + "Do you want to set up a traditional ES cluster?" 8 75 local exitstatus=$? From 23bc5e303e873372f12ad51ca2d02d05b52be64c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:52:43 -0400 Subject: [PATCH 08/28] Add clustering to ES function --- setup/so-functions | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 06f103cfc..dc2a9e7fd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,14 +1200,19 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - " true_cluster: False"\ - " true_cluster_name: 'so'"\ + if [ -z "$ESCLUSTERNAME" ]; then + " true_cluster: False" + " true_cluster_name: 'so'" + else + " true_cluster: True" + " true_cluster_name: '$ESCLUSTERNAME'" + fi " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ - " cluster_routing_allocation_disk_watermark_low: '95%'"\ - " cluster_routing_allocation_disk_watermark_high: '98%'"\ - " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ + " cluster_routing_allocation_disk_watermark_low: '95%'"\ + " cluster_routing_allocation_disk_watermark_high: '98%'"\ + " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ " index_settings:"\ " so-beats:"\ " shards: 1"\ From 7e0063d47467b184f7b3dc81db166582a810cdb9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:55:11 -0400 Subject: [PATCH 09/28] Fix pillar syntax --- setup/so-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index dc2a9e7fd..d134a8ac8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1201,11 +1201,11 @@ manager_global() { "elasticsearch:"\ " replicas: 0"\ if [ -z "$ESCLUSTERNAME" ]; then - " true_cluster: False" - " true_cluster_name: 'so'" + printf " true_cluster: False" + " true_cluster_name: 'so'" else - " true_cluster: True" - " true_cluster_name: '$ESCLUSTERNAME'" + printf " true_cluster: True" + " true_cluster_name: '$ESCLUSTERNAME'" fi " discovery_nodes: 1"\ " hot_warm_enabled: False"\ From 4e1bff2231799b951d7495bc722227d48a392edf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:56:13 -0400 Subject: [PATCH 10/28] Fix pillar syntax --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index d134a8ac8..fab24b2f2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,7 +1200,7 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - if [ -z "$ESCLUSTERNAME" ]; then + if [[ -z "$ESCLUSTERNAME" ]]; then printf " true_cluster: False" " true_cluster_name: 'so'" else From 55b6f5ce996bdb126451f4fde21703e451b5e976 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:02:26 -0400 Subject: [PATCH 11/28] Fix pillar syntax --- setup/so-functions | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fab24b2f2..cb7e447ea 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,13 +1200,14 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - if [[ -z "$ESCLUSTERNAME" ]]; then - printf " true_cluster: False" - " true_cluster_name: 'so'" + if [ -n "$ESCLUSTERNAME" ]; then + printf " true_cluster: True"\ + " true_cluster_name: '$ESCLUSTERNAME'"\ else - printf " true_cluster: True" - " true_cluster_name: '$ESCLUSTERNAME'" + printf " true_cluster: False"\ + " true_cluster_name: 'so'"\ fi + " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ From 3cb419174af91ddc1f0148a8eb3943ddbeae48c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:04:06 -0400 Subject: [PATCH 12/28] Fix pillar syntax --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index cb7e447ea..cae48c777 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,7 +1199,7 @@ manager_global() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " replicas: 0"\ + " replicas: 0" if [ -n "$ESCLUSTERNAME" ]; then printf " true_cluster: True"\ " true_cluster_name: '$ESCLUSTERNAME'"\ From 722f2b3913cca624520ce230c9ad163d1ba5337e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:08:06 -0400 Subject: [PATCH 13/28] Fix pillar syntax --- setup/so-functions | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index cae48c777..0c2bc804d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1201,13 +1201,15 @@ manager_global() { "elasticsearch:"\ " replicas: 0" if [ -n "$ESCLUSTERNAME" ]; then - printf " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'"\ + printf '%s\n'\ + " true_cluster: True"\ + " true_cluster_name: '$ESCLUSTERNAME'" else - printf " true_cluster: False"\ - " true_cluster_name: 'so'"\ + printf '%s\n'\ + " true_cluster: False"\ + " true_cluster_name: 'so'" fi - + printf '%s\n'\ " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ From 87adbb5f819b4864062800d06886226b604942ff Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:20:33 -0400 Subject: [PATCH 14/28] printf issues --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0c2bc804d..9ded48ddf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,15 +1199,15 @@ manager_global() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " replicas: 0" + " replicas: 0" >> "$global_pillar" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'" + " true_cluster_name: '$ESCLUSTERNAME'" >> "$global_pillar" else printf '%s\n'\ " true_cluster: False"\ - " true_cluster_name: 'so'" + " true_cluster_name: 'so'" >> "$global_pillar" fi printf '%s\n'\ " discovery_nodes: 1"\ From 57d8f2542212230740ed33ee4a9c84ee31f0f5e0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 16:44:14 -0400 Subject: [PATCH 15/28] Create master node role in ES --- salt/elasticsearch/files/elasticsearch.yml | 11 ++++------- setup/so-functions | 11 +++++++++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 40f708057..b5d0b0293 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,11 +1,8 @@ {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- if salt['pillar.get']('elasticsearch:hot_warm_enabled') or salt['pillar.get']('elasticsearch:true_cluster') %} -{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name', '') %} -{%- else %} {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} -{%- endif %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} -{% set FEATURES = salt['pillar.get']('elastic:features', False) %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set FEATURES = salt['pillar.get']('elastic:features', False) %} +{%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -44,7 +41,7 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m -{%- if salt['pillar.get']('elasticsearch:true_cluster') %} +{%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} node.roles: [ master ] {%- endif %} diff --git a/setup/so-functions b/setup/so-functions index 9ded48ddf..3566d0d5e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1331,8 +1331,15 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: '$NODE_ES_HEAP_SIZE'"\ - " esclustername: {{ grains.host }}"\ + " esheap: '$NODE_ES_HEAP_SIZE'" + if [ -n "$ESCLUSTERNAME" ]; then + printf '%s\n'\ + " esclustername: $ESCLUSTERNAME" + else + printf '%s\n'\ + " esclustername: {{ grains.host }}" + fi + printf '%s\n'\ " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ From d004263b71179c323b95421734b7b71fbc24e5db Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Dec 2020 14:33:22 -0500 Subject: [PATCH 16/28] Add Elastic Clustering --- pillar/top.sls | 1 + salt/elasticsearch/files/elasticsearch.yml | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pillar/top.sls b/pillar/top.sls index 77db6fe60..627fed80b 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -82,6 +82,7 @@ base: - elasticsearch.search - global - minions.{{ grains.id }} + - data.nodestab '*_import': - zeeklogs diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index b5d0b0293..a7a6ad34a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -43,6 +43,14 @@ node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} -node.roles: [ master ] + {%- if salt['pillar.get']('nodestab', {}) %} +node.roles: [ master, remote_cluster_client ] + {%- endif %} + {%- else %} +node.roles: [ data, ingest, ml ] {%- endif %} +discovery.seed_hosts: + - {{ grains.master }} +cluster.initial_master_nodes: + - {{ grains.master }} {%- endif %} From 3e322c38eb4559e8f3ccf34f321e47175c4d00ad Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Dec 2020 15:33:35 -0500 Subject: [PATCH 17/28] Fix config for single cluster mode --- salt/elasticsearch/files/elasticsearch.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index a7a6ad34a..b4ea86d5a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,8 +1,12 @@ {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip') %} {%- set FEATURES = salt['pillar.get']('elastic:features', False) %} {%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{%- if TRUECLUSTER is sameas true %} + {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name') %} +{%- else %} + {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %} +{%- endif %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -45,12 +49,16 @@ script.max_compilations_rate: 1000/1m {%- if grains.role == 'so-manager' %} {%- if salt['pillar.get']('nodestab', {}) %} node.roles: [ master, remote_cluster_client ] - {%- endif %} - {%- else %} -node.roles: [ data, ingest, ml ] - {%- endif %} discovery.seed_hosts: - {{ grains.master }} cluster.initial_master_nodes: - {{ grains.master }} + {%- endif %} + {%- else %} +node.roles: [ data, ingest, ml ] +discovery.seed_hosts: + - {{ grains.master }} +cluster.initial_master_nodes: + - {{ grains.master }} + {%- endif %} {%- endif %} From 94253e92a65e4b130f55a362115ea3ca2009de66 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Dec 2020 10:38:18 -0500 Subject: [PATCH 18/28] Adjust the elasticsearch config --- salt/elasticsearch/files/elasticsearch.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index b4ea86d5a..1d3afb49a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -13,7 +13,7 @@ network.host: 0.0.0.0 # minimum_master_nodes need to be explicitly set when bound on a public IP # set to 1 to allow single node clusters # Details: https://github.com/elastic/elasticsearch/pull/17288 -discovery.zen.minimum_master_nodes: 1 +#discovery.zen.minimum_master_nodes: 1 # This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true @@ -38,9 +38,9 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% #xpack.security.http.ssl.client_authentication: none #xpack.security.authc: # anonymous: -# username: anonymous_user -# roles: superuser -# authz_exception: true +# username: anonymous_user +# roles: superuser +# authz_exception: true {%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} @@ -48,17 +48,16 @@ script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} {%- if salt['pillar.get']('nodestab', {}) %} -node.roles: [ master, remote_cluster_client ] +node.roles: [ master, data, remote_cluster_client ] discovery.seed_hosts: - {{ grains.master }} -cluster.initial_master_nodes: - - {{ grains.master }} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - {{ SN.split('_')|first }} + {%- endfor %} {%- endif %} {%- else %} node.roles: [ data, ingest, ml ] discovery.seed_hosts: - {{ grains.master }} -cluster.initial_master_nodes: - - {{ grains.master }} {%- endif %} -{%- endif %} +{%- endif %} \ No newline at end of file From 8ea088c3fc0eb55416956342150beecb840f00bf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 7 Dec 2020 14:09:41 -0500 Subject: [PATCH 19/28] Restart Elastic on addition of node. --- pillar/data/addtotab.sh | 5 +++-- salt/elasticsearch/init.sls | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index ac3d913a5..b4c80e6fe 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -54,7 +54,8 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then salt-call state.apply utility queue=True fi fi -#if [ $TYPE == 'nodestab' ]; then +if [ $TYPE == 'nodestab' ]; then + salt-call state.apply elasticseach # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls -#fi +fi diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 0b28ee6d1..7f3a7af56 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -189,12 +189,10 @@ so-elasticsearch: - user: elasticsearch - extra_hosts: - {{ grains.host }}:{{ NODEIP }} - {%- if ismanager %} {%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - {{ SN.split('_')|first }}:{{ SNDATA.ip }} - {%- endfor %} - {%- endif %} + {%- endfor %} {%- endif %} - environment: - discovery.type=single-node From d6fa739c608095fc7a5d717ab403cec17a42e3ba Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 8 Dec 2020 11:17:47 -0500 Subject: [PATCH 20/28] Adding queue=True --- pillar/data/addtotab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index b4c80e6fe..0029f5492 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -55,7 +55,7 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then fi fi if [ $TYPE == 'nodestab' ]; then - salt-call state.apply elasticseach + salt-call state.apply elasticseach queue=True # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls fi From 6ceecbd524becb75f4d10d9390848b0cd29920e7 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 09:42:03 -0500 Subject: [PATCH 21/28] Fixing some elasticsearch logic --- salt/elasticsearch/init.sls | 27 ++++++++++++++------------- salt/utility/bin/crossthestreams | 13 +++++++------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 7f3a7af56..2e2e4d3f4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -21,22 +21,22 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} - -{%- if FEATURES is sameas true %} +{% if FEATURES is sameas true %} {% set FEATUREZ = "-features" %} {% else %} {% set FEATUREZ = '' %} {% endif %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} - {% set esclustername = salt['pillar.get']('manager:esclustername', '') %} - {% set esheap = salt['pillar.get']('manager:esheap', '') %} + {% set esclustername = salt['pillar.get']('manager:esclustername') %} + {% set esheap = salt['pillar.get']('manager:esheap') %} {% set ismanager = True %} {% elif grains['role'] in ['so-node','so-heavynode'] %} - {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %} - {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %} + {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} + {% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set ismanager = False %} {% endif %} @@ -188,14 +188,15 @@ so-elasticsearch: - name: so-elasticsearch - user: elasticsearch - extra_hosts: - - {{ grains.host }}:{{ NODEIP }} - {%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - - {{ SN.split('_')|first }}:{{ SNDATA.ip }} - {%- endfor %} - {%- endif %} + - "{{ grains.host }}:{{ NODEIP }}" + {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" + {% endfor %} + {% endif %} - environment: + {% if TRUECLUSTER is sameas false %} - discovery.type=single-node + {% endif %} - ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }} ulimits: - memlock=-1:-1 diff --git a/salt/utility/bin/crossthestreams b/salt/utility/bin/crossthestreams index 6998c7669..490c7b548 100644 --- a/salt/utility/bin/crossthestreams +++ b/salt/utility/bin/crossthestreams @@ -1,8 +1,8 @@ #!/bin/bash {% set ES = salt['pillar.get']('manager:mainip', '') %} -{%- set MANAGER = salt['grains.get']('master') %} +{% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} - +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} # Wait for ElasticSearch to come up, so that we can query for version infromation echo -n "Waiting for ElasticSearch..." @@ -34,9 +34,10 @@ echo "Applying cross cluster search config..." -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MANAGER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}" # Add all the search nodes to cross cluster searching. - -{%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} +{%- if TRUECLUSTER is sameas false %} + {%- if salt['pillar.get']('nodestab', {}) %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} curl -XPUT -L http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}' - {%- endfor %} + {%- endfor %} + {%- endif %} {%- endif %} From e983322a182c2e9e89e06c4202df0e3da80144d2 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 11:31:22 -0500 Subject: [PATCH 22/28] Fix elastic if statement --- salt/elasticsearch/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 2e2e4d3f4..80876aec4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -189,6 +189,7 @@ so-elasticsearch: - user: elasticsearch - extra_hosts: - "{{ grains.host }}:{{ NODEIP }}" + {% if salt['pillar.get']('nodestab', {}) %} {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" {% endfor %} From 0a48f7d5dcf48fddceac434d310bfca61ef492c6 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 15:22:09 -0500 Subject: [PATCH 23/28] Simplify logic --- salt/elasticsearch/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 80876aec4..3e0bac708 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -195,7 +195,7 @@ so-elasticsearch: {% endfor %} {% endif %} - environment: - {% if TRUECLUSTER is sameas false %} + {% if TRUECLUSTER is sameas false or (TRUECLUSTER is sameas true and not salt['pillar.get']('nodestab', {})) %} - discovery.type=single-node {% endif %} - ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }} From 101ddd18a529811b49e5d9ecac6aac8f56bb11bc Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 16:08:09 -0500 Subject: [PATCH 24/28] Fix print statments --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e772a99c5..6a6f42dc7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1309,13 +1309,13 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: '$NODE_ES_HEAP_SIZE'" + " esheap: '$NODE_ES_HEAP_SIZE'" >> "$pillar_file" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ - " esclustername: $ESCLUSTERNAME" + " esclustername: $ESCLUSTERNAME" >> "$pillar_file" else printf '%s\n'\ - " esclustername: {{ grains.host }}" + " esclustername: {{ grains.host }}" >> "$pillar_file" fi printf '%s\n'\ " node_type: '$NODETYPE'"\ From af15f0eb38e9bd39ec7fed5e7cda826ec5e09643 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 16:23:38 -0500 Subject: [PATCH 25/28] remove ml node.role --- salt/elasticsearch/files/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index eee129cf9..0cadaf44c 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -56,7 +56,7 @@ discovery.seed_hosts: {%- endfor %} {%- endif %} {%- else %} -node.roles: [ data, ingest, ml ] +node.roles: [ data, ingest ] discovery.seed_hosts: - {{ grains.master }} {%- endif %} From 379f1d98d89c38041b5230cebe9cbaeac837f66e Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 09:15:17 -0500 Subject: [PATCH 26/28] fix addtotab --- pillar/data/addtotab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index 0029f5492..271558295 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -55,7 +55,7 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then fi fi if [ $TYPE == 'nodestab' ]; then - salt-call state.apply elasticseach queue=True + salt-call state.apply elasticsearch queue=True # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls fi From d9d7f49b96812ca836c9d6506fe841797a638215 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 11:09:38 -0500 Subject: [PATCH 27/28] Adjust elasticsearch.yml --- salt/elasticsearch/files/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 0cadaf44c..3472b24db 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -42,7 +42,6 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% # roles: superuser # authz_exception: true {%- endif %} -node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} @@ -57,6 +56,7 @@ discovery.seed_hosts: {%- endif %} {%- else %} node.roles: [ data, ingest ] +node.attr.box_type: {{ NODE_ROUTE_TYPE }} discovery.seed_hosts: - {{ grains.master }} {%- endif %} From 42833b2086725f0da36e1f07d9fab3c90ecd5248 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 11:14:32 -0500 Subject: [PATCH 28/28] Make non clustered node attributes --- salt/elasticsearch/files/elasticsearch.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 3472b24db..1ad65c43f 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -61,4 +61,7 @@ discovery.seed_hosts: - {{ grains.master }} {%- endif %} {%- endif %} +{%- if TRUECLUSTER is sameas false %} +node.attr.box_type: {{ NODE_ROUTE_TYPE }} +{%- endif %} indices.query.bool.max_clause_count: 1500