{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% import_yaml 'firewall/ports/ports.yaml' as portgroups %} {% set portgroups = portgroups.firewall.ports %} {% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', True) %} role: eval: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} sensors: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} searchnodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} heavynodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} elastic_agent_endpoint: portgroups: - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} syslog: portgroups: - {{ portgroups.syslog }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} manager: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} {% if ISAIRGAP is sameas true %} - {{ portgroups.agrules }} {% endif %} sensors: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} searchnodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.beats_5644 }} heavynodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.beats_5644 }} self: portgroups: - {{ portgroups.syslog}} syslog: portgroups: - {{ portgroups.syslog }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} elastic_agent_endpoint: portgroups: - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} endgame: portgroups: - {{ portgroups.endgame }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} managersearch: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} sensors: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} searchnodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} heavynodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} elastic_agent_endpoint: portgroups: - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} endgame: portgroups: - {{ portgroups.endgame }} syslog: portgroups: - {{ portgroups.syslog }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} standalone: chain: DOCKER-USER: hostgroups: standalone: portgroups: - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.docker_registry }} - {{ portgroups.sensoroni }} - {{ portgroups.yum }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} - {{ portgroups.endgame }} - {{ portgroups.strelka_frontend }} sensors: portgroups: - {{ portgroups.docker_registry }} - {{ portgroups.influxdb }} - {{ portgroups.sensoroni }} - {{ portgroups.yum }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} searchnodes: portgroups: - {{ portgroups.docker_registry }} - {{ portgroups.influxdb }} - {{ portgroups.sensoroni }} - {{ portgroups.yum }} - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} heavynodes: portgroups: - {{ portgroups.docker_registry }} - {{ portgroups.influxdb }} - {{ portgroups.sensoroni }} - {{ portgroups.yum }} - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} elastic_agent_endpoint: portgroups: - {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_data }} endgame: portgroups: - {{ portgroups.endgame }} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} syslog: portgroups: - {{ portgroups.syslog }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} standalone: portgroups: - {{ portgroups.salt_manager }} sensors: portgroups: - {{ portgroups.salt_manager }} searchnodes: portgroups: - {{ portgroups.salt_manager }} heavynodes: portgroups: - {{ portgroups.salt_manager }} helixsensor: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} sensors: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} searchnodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} searchnode: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} dockernet: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} {% if TRUE_CLUSTER %} searchnodes: portgroups: - {{ portgroups.elasticsearch_node }} {% endif %} self: portgroups: - {{ portgroups.syslog}} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} sensor: chain: DOCKER-USER: hostgroups: self: portgroups: - {{ portgroups.syslog}} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} heavynode: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} dockernet: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} self: portgroups: - {{ portgroups.syslog}} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} import: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} sensors: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} searchnodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} receiver: chain: DOCKER-USER: hostgroups: sensors: portgroups: - {{ portgroups.beats_5644 }} searchnodes: portgroups: - {{ portgroups.redis }} - {{ portgroups.beats_5644 }} self: portgroups: - {{ portgroups.redis }} - {{ portgroups.syslog}} - {{ portgroups.beats_5644 }} syslog: portgroups: - {{ portgroups.syslog }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} endgame: portgroups: - {{ portgroups.endgame }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} idh: chain: INPUT: hostgroups: anywhere: portgroups: {% set idh_services = salt['pillar.get']('idh:services', []) %} {% for service in idh_services %} - {{ portgroups['idh_'~service] }} {% endfor %} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} manager: portgroups: - {{ portgroups.ssh }}