Merge pull request #8453 from Security-Onion-Solutions/fix/elasticsearch_geoip_local

Configure Elasticsearch to use local GeoLite2 databases by default

salt/elasticsearch/config.map.jinja

@@ -1,6 +1,5 @@
 {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
 {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
-{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
 
 {% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
   {% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %}
@@ -34,10 +33,6 @@
     {% endif %}
 {% endif %}
 
-{% if ISAIRGAP %}
-  {% do ESCONFIG.elasticsearch.config.ingest.geoip.downloader.update({'enabled': false}) %}
-{% endif %}
-
 {# merge with the elasticsearch pillar #}
 {% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %}
 

salt/elasticsearch/defaults.yaml

@@ -58,7 +58,7 @@ elasticsearch:
     ingest:
       geoip:
         downloader:
-          enabled: true
+          enabled: false
     logger:
       org:
         elasticsearch: