Merge pull request #8682 from Security-Onion-Solutions/2.4/elastic-fleet

2.4/elastic fleet
2025-12-10 03:02:58 +01:00 · 2022-09-07 18:53:35 -04:00
parent e3e0e4c6ed f00aafdfb2
commit d9ae646ef2
5 changed files with 13 additions and 4 deletions
--- a/salt/common/tools/sbin/so-elastic-agent-gen-installers
+++ b/salt/common/tools/sbin/so-elastic-agent-gen-installers
@@ -26,7 +26,7 @@ do
    docker run -e CGO_ENABLED=0 -e GOOS=$OS \
    --mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \
    --mount type=bind,source=/tmp/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
-    --mount type=bind,source=/opt/so/conf/elastic-fleet/so_agent-installers/,target=/output/ \
+    --mount type=bind,source=/opt/so/saltstack/local/salt/elastic-fleet/files/so_agent-installers/,target=/output/ \
    so-elastic-agent-builder go build -ldflags "-X main.fleetHost=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN"  -o /output/so-elastic-agent_$OS
    printf "\n $OS Installer Generated..."
 done
--- a/salt/common/tools/sbin/so-elastic-fleet-setup
+++ b/salt/common/tools/sbin/so-elastic-fleet-setup
@@ -55,12 +55,17 @@ printf "\n\n"
 #-H 'kbn-xsrf: true' -H 'Content-Type: application/json' \
 #-d  '{"name":"Endpoints-Initalization","id":"endpoints","description":"Initial Endpoint Policy","namespace":"default","monitoring_enabled":["logs"]}'
 ENDPOINTSENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json'  | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints-default")) | .api_key')
 GRIDNODESENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json'  | jq .list | jq -r -c '.[] | select(.policy_id | contains("so-grid-nodes")) | .api_key')
 # Store needed data in minion pillar
 pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
 printf '%s\n'\
    "elasticfleet:"\
    "  server:"\
    "    es_token: '$ESTOKEN'"\
    "    endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\
    "    grid_enrollment: '$GRIDNODESENROLLMENTOKEN'"\
    "    url: '{{ GLOBALS.manager_ip }}'"\
    "" >> "$pillar_file"
@@ -78,4 +83,4 @@ cd securityonion-image/so-elastic-agent-builder
 docker build -t so-elastic-agent-builder .
 so-elastic-agent-gen-installers
-/opt/so/conf/elastic-fleet/so_agent-installers/so-elastic-agent_linux
+salt-call state.apply elastic-fleet.install_agent_grid
--- a/salt/elastic-fleet/files/so_agent-installers/readme
+++ b/salt/elastic-fleet/files/so_agent-installers/readme
@@ -0,0 +1,2 @@
 SO-Generated installers will be found under Salt local
--- a/salt/elastic-fleet/install_agent_grid.sls
+++ b/salt/elastic-fleet/install_agent_grid.sls
@@ -2,12 +2,14 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
 {%- set GRIDNODETOKEN = salt['pillar.get']('elasticfleet:server:grid_enrollment') -%}
 {% set AGENT_STATUS = salt['service.available']('elastic-agent') %}
 {% if not AGENT_STATUS  %}
 run_installer:
-  cmd.run:
+  cmd.script:
    - name: salt://elastic-fleet/files/so_agent-installers/so-elastic-agent_linux
    - args: -token={{ GRIDNODETOKEN }}
 {% endif %}
--- a/salt/kibana/defaults.yaml
+++ b/salt/kibana/defaults.yaml
@@ -70,7 +70,7 @@ kibana:
                  - type: system/metrics
                    enabled: false
          - name: Endpoints-Initial
-            id: endpoints
+            id: endpoints-default
            description: "Initial Endpoint Policy"
            namespace: default
            monitoring_enabled: ['logs']
		`@@ -0,0 +1,2 @@`
							`SO-Generated installers will be found under Salt local`