mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
40 lines
1.7 KiB
Plaintext
40 lines
1.7 KiB
Plaintext
{% set so_elastic_user_pass = salt['random.get_str'](20) %}
|
|
{% set so_kibana_user_pass = salt['random.get_str'](20) %}
|
|
{% set so_logstash_user_pass = salt['random.get_str'](20) %}
|
|
{% set so_beats_user_pass = salt['random.get_str'](20) %}
|
|
{% set so_monitor_user_pass = salt['random.get_str'](20) %}
|
|
|
|
elastic_auth_pillar:
|
|
file.managed:
|
|
- name: /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
|
|
- mode: 600
|
|
- reload_pillar: True
|
|
- contents: |
|
|
elasticsearch:
|
|
auth:
|
|
enabled: False
|
|
users:
|
|
so_elastic_user:
|
|
user: so_elastic
|
|
pass: {{ so_elastic_user_pass }}
|
|
so_kibana_user:
|
|
user: so_kibana
|
|
pass: {{ so_kibana_user_pass }}
|
|
so_logstash_user:
|
|
user: so_logstash
|
|
pass: {{ so_logstash_user_pass }}
|
|
so_beats_user:
|
|
user: so_beats
|
|
pass: {{ so_beats_user_pass }}
|
|
so_monitor_user:
|
|
user: so_monitor
|
|
pass: {{ so_monitor_user_pass }}
|
|
# since we are generating a random password, and we don't want that to happen everytime
|
|
# a highstate runs, we only manage the file each user isn't present in the file. if the
|
|
# pillar file doesn't exists, then the default vault provided to pillar.get should not
|
|
# be within the file either, so it should then be created
|
|
- unless:
|
|
{% for so_app_user, values in salt['pillar.get']('elasticsearch:auth:users', {'so_noapp_user': {'user': 'r@NDumu53Rd0NtDOoP'}}).items() %}
|
|
- grep {{ values.user }} /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
|
|
{% endfor%}
|