Fix annotations and defaults for logstash

setup/so-functions

@@ -917,17 +917,19 @@ create_repo() {
 	logCmd "createrepo /nsm/repo"
 }
 
-detect_cloud() {
-  info "Testing if setup is running on a cloud instance..."
-  if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || \
-     ( curl --fail -s -m 5 -H "X-aws-ec2-metadata-token: $(curl -s -X PUT -m 5 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 30')" http://169.254.169.254/latest/meta-data/instance-id > /dev/null) || \
-     (dmidecode -s bios-vendor | grep -q Google > /dev/null) || \
-     [ -f /var/log/waagent.log ]; then 
 
-    info "Detected a cloud installation..." && export is_cloud="true"; 
-  else
-    info "This does not appear to be a cloud installation."
-  fi
+detect_cloud() {
+	info "Testing if setup is running on a cloud instance..."
+	if dmidecode -s bios-version | grep -q amazon || \
+		dmidecode -s bios-vendor | grep -q Amazon || \
+		dmidecode -s bios-vendor | grep -q Google || \
+		[ -f /var/log/waagent.log ]; then
+
+		info "Detected a cloud installation..."
+		export is_cloud="true"
+	else
+		info "This does not appear to be a cloud installation."
+	fi
 }
 
 detect_os() {
@@ -962,6 +964,17 @@ detect_os() {
 
 }
 
+download_elastic_agent_artifacts() {
+   #TODO - ISO
+
+   logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
+
+   logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz"
+
+   logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
+
+	}
+
 installer_progress_loop() {
 	local i=0
 	local msg="${1:-Performing background actions...}"
@@ -2312,18 +2325,18 @@ set_initial_firewall_policy() {
 
 	case "$install_type" in
 		'EVAL' | 'MANAGER' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
-			$default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true
+			$default_salt_dir/salt/common/tools/sbin/so-firewall includehost $minion_type $MAINIP --apply
 			;;
 	esac
 }
 
 set_initial_firewall_access() {
 	if [[ ! -z "$ALLOW_CIDR" ]]; then
-		$default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true
+		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost analyst $ALLOW_CIDR --apply
 	fi
 	if [[ ! -z "$MINION_CIDR" ]]; then
-		$default_salt_dir/salt/common/tools/sbin/so-firewall --role=sensors --ip=$MINION_CIDR --apply=false
-		$default_salt_dir/salt/common/tools/sbin/so-firewall --role=searchnodes --ip=$MINION_CIDR --apply=true
+		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensors $MINION_CIDR
+		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost searchnodes $MINION_CIDR --apply
 	fi
 }
 

setup/so-setup

@@ -607,6 +607,9 @@ if ! [[ -f $install_opt_file ]]; then
 		securityonion_repo
 		# Update existing packages
 		update_packages
+		# Download Elastic Agent Artifacts
+		title "Downloading Elastic Agent Artifacts"
+		download_elastic_agent_artifacts
 		# Install salt
 		saltify
 		# Start the master service

setup/so-whiptail

@@ -471,7 +471,7 @@ whiptail_gauge_post_setup() {
 	[ -n "$TESTING" ] && return
 
 	idh_preferences=$(whiptail --title "$whiptail_title" --radiolist \
-		"\nBy default, the IDH services selected in the previous screen will be bound to all interfaces and IP addresses on this system.\n\nIf you would like to prevent IDH services from being published on this system's management IP, you can select the option below." 20 75 5 \
+		"\nBy default, IDH services will be bound to all interfaces and IP addresses on this system.\n\nIf you would like to prevent IDH services from being published on this system's management IP, you can select the option below." 20 75 5 \
 		"$MAINIP" "Disable IDH services on this management IP " OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?