Merge pull request #7561 from Security-Onion-Solutions/es_template_map_fix

Custom ES Template Fixes
2026-02-02 21:33:56 +01:00 · 2022-03-15 10:01:42 -04:00
parent 63cef4daff 408f9d6695
commit d46620ea2a
8 changed files with 572 additions and 9 deletions
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -207,6 +207,7 @@ escomponenttemplates:
      
 # Auto-generate templates from defaults file
 {% for index, settings in ES_INDEX_SETTINGS.items() %}
+  {% if settings.index_template is defined %}
 es_index_template_{{index}}:
  file.managed:
    - name: /opt/so/conf/elasticsearch/templates/index/{{ index }}-template.json
@@ -216,6 +217,7 @@ es_index_template_{{index}}:
    - template: jinja
    - onchanges_in:
      - cmd: so-elasticsearch-templates
+  {% endif %}
 {% endfor %}

 {% if TEMPLATES %}
--- a/salt/elasticsearch/template.map.jinja
+++ b/salt/elasticsearch/template.map.jinja
@@ -1,7 +1,9 @@
 {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
 {%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ESCONFIG.elasticsearch.index_settings, merge=True) %}
 {% for index, settings in ES_INDEX_SETTINGS.items() %}
-  {% if settings.index_sorting, False %}
-    {% do settings.index_template.template.settings.index.pop('sort') %}
+  {% if settings.index_template is defined %}
+    {% if not settings.get('index_sorting', False) | to_bool and settings.index_template.template.settings.index.sort is defined %}
+      {% do settings.index_template.template.settings.index.pop('sort') %}
+    {% endif %}
  {% endif %}
 {% endfor %}
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load
@@ -48,7 +48,7 @@ fi

 cd ${ELASTICSEARCH_ROLES}

-echo "Loading templates..."
+echo "Loading roles..."
 for role in *; do
 	name=$(echo "$role" | cut -d. -f1)
 	so-elasticsearch-query _security/role/$name -XPUT -d @"$role"
--- a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
+++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load
@@ -60,6 +60,15 @@ echo "Loading Security Onion component templates..."
 for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_component_template/$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
 echo

+if [ -d ${ELASTICSEARCH_TEMPLATES}/component/custom ]; then
+  # Load custom component templates
+  cd ${ELASTICSEARCH_TEMPLATES}/component/custom
+
+  echo "Loading custom component templates..."
+  for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE"; curl -K /opt/so/conf/elasticsearch/curl.config -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_component_template/$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+  echo
+fi
+
 # Load SO index templates
 cd ${ELASTICSEARCH_TEMPLATES}/index