Merge pull request #11090 from Security-Onion-Solutions/issue/10998

Issue/10998

salt/elasticsearch/defaults.yaml

@@ -58,6 +58,12 @@ elasticsearch:
         elasticsearch:
           deprecation: ERROR
   index_settings:
+    global_overrides:
+      index_template:
+        template:
+          settings:
+            index:
+              number_of_replicas: default_placeholder
     so-logs:
       index_sorting: False
       index_template:

salt/elasticsearch/soc_elasticsearch.yaml

@@ -47,6 +47,16 @@ elasticsearch:
             global: True
             helpLink: elasticsearch.html
   index_settings:
+    global_overrides:
+      index_template:
+        template:
+          settings:
+            index:
+              number_of_replicas:
+                description: Number of replicas required for all indices. Multiple replicas protects against data loss, but also increases storage costs. This setting will be applied to all indices.
+                forcedType: int
+                global: True
+                helpLink: elasticsearch.html
     so-logs: &indexSettings
       index_sorting: 
         description: Sorts the index by event time, at the cost of additional processing resource consumption.
@@ -64,6 +74,7 @@ elasticsearch:
             index:
               number_of_replicas: 
                 description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs.
+                forcedType: int
                 global: True
                 helpLink: elasticsearch.html
               mapping:

salt/elasticsearch/template.map.jinja

@@ -1,11 +1,28 @@
-{% import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS with context %}
+{% import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS %}
-{%- set ES_INDEX_SETTINGS_ORIG = salt['pillar.get']('elasticsearch:index_settings', default=ELASTICSEARCHDEFAULTS.elasticsearch.index_settings, merge=True) %}
+{% set DEFAULT_GLOBAL_OVERRIDES = ELASTICSEARCHDEFAULTS.elasticsearch.index_settings.pop('global_overrides') %}
+
+{% set PILLAR_GLOBAL_OVERRIDES = {} %}
+{% if salt['pillar.get']('elasticsearch:index_settings') is defined %}
+{%   set ES_INDEX_PILLAR = salt['pillar.get']('elasticsearch:index_settings') %}
+{%   if ES_INDEX_PILLAR.global_overrides is defined %}
+{%     set PILLAR_GLOBAL_OVERRIDES = ES_INDEX_PILLAR.pop('global_overrides') %}
+{%   endif %}
+{% endif %}
+
+{% set ES_INDEX_SETTINGS_ORIG = ELASTICSEARCHDEFAULTS.elasticsearch.index_settings %}
+
+{% set ES_INDEX_SETTINGS_GLOBAL_OVERRIDES = {} %}
+{% for index in ES_INDEX_SETTINGS_ORIG.keys() %}
+{%   do ES_INDEX_SETTINGS_GLOBAL_OVERRIDES.update({index: salt['defaults.merge'](ELASTICSEARCHDEFAULTS.elasticsearch.index_settings[index], PILLAR_GLOBAL_OVERRIDES, in_place=False)}) %}
+{% endfor %}
+
 {% set ES_INDEX_SETTINGS = {} %}
-{% for index, settings in ES_INDEX_SETTINGS_ORIG.items() %}
+{% do ES_INDEX_SETTINGS_GLOBAL_OVERRIDES.update(salt['defaults.merge'](ES_INDEX_SETTINGS_GLOBAL_OVERRIDES, ES_INDEX_PILLAR, in_place=False)) %}
+{% for index, settings in ES_INDEX_SETTINGS_GLOBAL_OVERRIDES.items() %}
 {%   if settings.index_template is defined %}
 {%     if not settings.get('index_sorting', False) | to_bool and settings.index_template.template.settings.index.sort is defined %}
 {%       do settings.index_template.template.settings.index.pop('sort') %}
 {%     endif %}
 {%   endif %}
-  {% do ES_INDEX_SETTINGS.update({index | replace("_x_", "."): ES_INDEX_SETTINGS_ORIG[index]}) %}
+{%   do ES_INDEX_SETTINGS.update({index | replace("_x_", "."): ES_INDEX_SETTINGS_GLOBAL_OVERRIDES[index]}) %}
 {% endfor %}