mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Elastic Agent setup changes
This commit is contained in:
Josh Brower
@@ -55,12 +55,17 @@ printf "\n\n"
|
|||||||
#-H 'kbn-xsrf: true' -H 'Content-Type: application/json' \
|
#-H 'kbn-xsrf: true' -H 'Content-Type: application/json' \
|
||||||
#-d '{"name":"Endpoints-Initalization","id":"endpoints","description":"Initial Endpoint Policy","namespace":"default","monitoring_enabled":["logs"]}'
|
#-d '{"name":"Endpoints-Initalization","id":"endpoints","description":"Initial Endpoint Policy","namespace":"default","monitoring_enabled":["logs"]}'
|
||||||
|
|
||||||
|
ENDPOINTSENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints-default")) | .api_key')
|
||||||
|
GRIDNODESENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("so-grid-ndoes")) | .api_key')
|
||||||
|
|
||||||
# Store needed data in minion pillar
|
# Store needed data in minion pillar
|
||||||
pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
|
pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
|
||||||
printf '%s\n'\
|
printf '%s\n'\
|
||||||
"elasticfleet:"\
|
"elasticfleet:"\
|
||||||
" server:"\
|
" server:"\
|
||||||
" es_token: '$ESTOKEN'"\
|
" es_token: '$ESTOKEN'"\
|
||||||
|
" endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\
|
||||||
|
" grid_enrollment: '$GRIDNODESENROLLMENTOKEN'"\
|
||||||
" url: '{{ GLOBALS.manager_ip }}'"\
|
" url: '{{ GLOBALS.manager_ip }}'"\
|
||||||
"" >> "$pillar_file"
|
"" >> "$pillar_file"
|
||||||
|
|
||||||
@@ -78,4 +83,4 @@ cd securityonion-image/so-elastic-agent-builder
|
|||||||
docker build -t so-elastic-agent-builder .
|
docker build -t so-elastic-agent-builder .
|
||||||
|
|
||||||
so-elastic-agent-gen-installers
|
so-elastic-agent-gen-installers
|
||||||
/opt/so/conf/elastic-fleet/so_agent-installers/so-elastic-agent_linux
|
salt-call state.apply elastic-fleet.install_agent_grid
|
||||||
@@ -7,7 +7,7 @@
|
|||||||
{% if not AGENT_STATUS %}
|
{% if not AGENT_STATUS %}
|
||||||
|
|
||||||
run_installer:
|
run_installer:
|
||||||
cmd.run:
|
cmd.script:
|
||||||
- name: salt://elastic-fleet/files/so_agent-installers/so-elastic-agent_linux
|
- name: salt://elastic-fleet/files/so_agent-installers/so-elastic-agent_linux
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ kibana:
|
|||||||
- type: system/metrics
|
- type: system/metrics
|
||||||
enabled: false
|
enabled: false
|
||||||
- name: Endpoints-Initial
|
- name: Endpoints-Initial
|
||||||
id: endpoints
|
id: endpoints-default
|
||||||
description: "Initial Endpoint Policy"
|
description: "Initial Endpoint Policy"
|
||||||
namespace: default
|
namespace: default
|
||||||
monitoring_enabled: ['logs']
|
monitoring_enabled: ['logs']
|
||||||
|
|||||||
Reference in New Issue
Block a user