CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0968d384358bea1f8376f23301bed0cb541c3e9
securityonion/salt/elasticsearch/config.map.jinja

47 lines
2.3 KiB
Django/Jinja
Raw Blame History

{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
{% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %}
{% endif %}
{% if salt['pillar.get']('elasticsearch:true_cluster', False) %}
{% if grains.id.split('_') | last in ['manager','managersearch'] %}
{% if salt['pillar.get']('nodestab', {}) %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
{% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'transform']) %}
{% endif %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
{% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(SN.split('_')|first) %}
{% endfor %}
{% endif %}
{% if grains.id.split('_') | last == 'manager' %}
{% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': ''}) %}
{% endif %}
{% else %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['data', 'ingest']}) %}
{% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'master', 'transform']) %}
{% endif %}
{% do ESCONFIG.elasticsearch.config.node.attr.update({'box_type': 'hot'}) %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [grains.master]}}) %}
{% endif %}
{% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.xpack.ml.update({'enabled': true}) %}
{% endif %}
{% endif %}
{# merge with the elasticsearch pillar #}
{% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %}
{% if salt['pillar.get']('elasticsearch:config:path:repo', False) %}
{% for repo in pillar.elasticsearch.config.path.repo %}
{# remove elasticsearch.config.path.repo value if the directory doesn't exist on the node #}
{% if not salt['file.directory_exists'](repo) %}
{% do ESCONFIG.path.repo.remove(repo) %}
{% endif %}
{% endfor %}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink