From f494ffcebe3be9dcb26fefd7ebae3cfda0a794b2 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 11 Mar 2019 11:16:24 -0400
Subject: [PATCH] Hive Module - Sync ES config

---
 salt/hive/init.sls                         | 30 +++++++++++++---------
 salt/hive/thehive/etc/es/elasticsearch.yml | 19 ++++++++++++++
 2 files changed, 37 insertions(+), 12 deletions(-)
 create mode 100644 salt/hive/thehive/etc/es/elasticsearch.yml

diff --git a/salt/hive/init.sls b/salt/hive/init.sls
index fa3d6e581..7772008d8 100644
--- a/salt/hive/init.sls
+++ b/salt/hive/init.sls
@@ -1,3 +1,19 @@
+hiveconfdir:
+  file.directory:
+    - name: /opt/so/conf/hive/etc
+    - makedirs: True
+
+hivelogdir:
+  file.directory:
+    - name: /opt/so/log/hive
+    - makedirs: True
+
+hiveconf:
+  file.recurse:
+    - name: /opt/so/conf/hive/etc
+    - source: salt://hive/thehive/etc
+    - template: jinja
+
 # Install Elasticsearch
 
 # Made directory for ES data to live in
@@ -15,6 +31,8 @@ so-thehive-es:
     - tty: True
     - binds:
       - /nsm/hive/esdata:/usr/share/elasticsearch/data:rw
+      - /opt/so/conf/hive/etc/es/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
+      - /opt/so/log/hive:/var/log/elasticsearch:rw
     - environment:
       - http.host=0.0.0.0
       - http.port=9400
@@ -36,18 +54,6 @@ so-cortex:
     - hostname: so-cortex
     - name: so-cortex
 
-# Install Hive
-hiveconfdir:
-  file.directory:
-    - name: /opt/so/conf/hive/etc
-    - makedirs: True
-
-hiveconf:
-  file.managed:
-    - name: /opt/so/conf/hive/etc/application.conf
-    - source: salt://hive/thehive/etc/application.conf
-    - template: jinja
-
 so-thehive:
   docker_container.running:
     - image: thehiveproject/thehive:latest
diff --git a/salt/hive/thehive/etc/es/elasticsearch.yml b/salt/hive/thehive/etc/es/elasticsearch.yml
new file mode 100644
index 000000000..197c780a3
--- /dev/null
+++ b/salt/hive/thehive/etc/es/elasticsearch.yml
@@ -0,0 +1,19 @@
+cluster.name: "hive"
+network.host: 0.0.0.0
+discovery.zen.minimum_master_nodes: 1
+# This is a test -- if this is here, then the volume is mounted correctly.
+path.logs: /var/log/elasticsearch
+action.destructive_requires_name: true
+path.logs: /var/log/elasticsearch
+transport.bind_host: 0.0.0.0
+transport.publish_host: 0.0.0.0
+transport.publish_port: 9500
+http.host: 0.0.0.0
+http.port: 9400
+transport.tcp.port: 9500
+transport.host: 0.0.0.0
+xpack.security.enabled: false
+script.inline: true
+thread_pool.index.queue_size: 100000
+thread_pool.search.queue_size: 100000
+thread_pool.bulk.queue_size: 100000