mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
2.4 searchnode es config
This commit is contained in:
m0duspwnens
@@ -2,7 +2,7 @@
|
||||
{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
|
||||
{% for minionid, ip in salt.saltutil.runner(
|
||||
'mine.get',
|
||||
tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
|
||||
tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-searchnode or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
|
||||
fun='network.ip_addrs',
|
||||
tgt_type='compound') | dictsort()
|
||||
%}
|
||||
|
||||
@@ -147,6 +147,8 @@ base:
|
||||
- logstash.soc_logstash
|
||||
- logstash.adv_logstash
|
||||
- elasticsearch.index_templates
|
||||
- elasticsearch.soc_elasticsearch
|
||||
- elasticsearch.adv_elasticsearch
|
||||
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
|
||||
- elasticsearch.auth
|
||||
{% endif %}
|
||||
|
||||
@@ -1,18 +1,18 @@
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
|
||||
{% from 'logstash/map.jinja' import REDIS_NODES with context %}
|
||||
{% from 'logstash/map.jinja' import LOGSTASH_NODES with context %}
|
||||
|
||||
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
|
||||
|
||||
{% if grains.id.split('_') | last in ['manager','managersearch'] %}
|
||||
{% if REDIS_NODES | length > 1 %}
|
||||
{% if LOGSTASH_NODES | length > 1 %}
|
||||
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
|
||||
{% if HIGHLANDER %}
|
||||
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'transform']) %}
|
||||
{% endif %}
|
||||
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [GLOBALS.manager]}}) %}
|
||||
{% for SN in REDIS_NODES.keys() %}
|
||||
{% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(SN) %}
|
||||
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': []}}) %}
|
||||
{% for NODE in LOGSTASH_NODES %}
|
||||
{% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(NODE.keys()|first) %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if grains.id.split('_') | last == 'manager' %}
|
||||
|
||||
@@ -15,7 +15,7 @@ include:
|
||||
{% set ROLES = salt['pillar.get']('elasticsearch:roles', {}) %}
|
||||
{% from 'elasticsearch/config.map.jinja' import ESCONFIG with context %}
|
||||
{% from 'elasticsearch/template.map.jinja' import ES_INDEX_SETTINGS without context %}
|
||||
{% from 'logstash/map.jinja' import REDIS_NODES with context %}
|
||||
{% from 'logstash/map.jinja' import LOGSTASH_NODES %}
|
||||
|
||||
vm.max_map_count:
|
||||
sysctl.present:
|
||||
@@ -293,9 +293,9 @@ so-elasticsearch:
|
||||
- networks:
|
||||
- sosbridge:
|
||||
- ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }}
|
||||
- extra_hosts: {{ REDIS_NODES }}
|
||||
- extra_hosts: {{ LOGSTASH_NODES }}
|
||||
- environment:
|
||||
{% if REDIS_NODES | length == 1 %}
|
||||
{% if LOGSTASH_NODES | length == 1 %}
|
||||
- discovery.type=single-node
|
||||
{% endif %}
|
||||
- ES_JAVA_OPTS=-Xms{{ GLOBALS.elasticsearch.es_heap }} -Xmx{{ GLOBALS.elasticsearch.es_heap }} -Des.transport.cname_in_publish_address=true -Dlog4j2.formatMsgNoLookups=true
|
||||
|
||||
@@ -1,14 +1,20 @@
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% set REDIS_NODES = [] %}
|
||||
{% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch'] %}
|
||||
{% set node_data = salt['pillar.get']('logstash:nodes') %}
|
||||
{% for node_type, node_details in node_data.items() | sort %}
|
||||
{% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
|
||||
{% for hostname in node_data[node_type].keys() %}
|
||||
{% do REDIS_NODES.append({hostname:node_details[hostname].ip}) %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% do REDIS_NODES.append({GLOBALS.hostname:GLOBALS.node_ip}) %}
|
||||
{% endif %}
|
||||
{% set LOGSTASH_NODES = [] %}
|
||||
{% set node_data = salt['pillar.get']('logstash:nodes') %}
|
||||
|
||||
{% for node_type, node_details in node_data.items() | sort %}
|
||||
{% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch'] %}
|
||||
{% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
|
||||
{% for hostname in node_data[node_type].keys() %}
|
||||
{% do REDIS_NODES.append({hostname:node_details[hostname].ip}) %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% do REDIS_NODES.append({GLOBALS.hostname:GLOBALS.node_ip}) %}
|
||||
{% endif %}
|
||||
|
||||
{% for hostname in node_data[node_type].keys() %}
|
||||
{% do LOGSTASH_NODES.append({hostname:node_details[hostname].ip}) %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user