new configuration for OpenSearch Dashboards + fix of update-config role

- New config: -- migration and renaming of Kibana->OSDasboards -- removal of TheHiveButton plugin (not compatible with OSD, needs to be updated) - Ansible role update-config fixed. - The script to convert exported objects to a template updated.

new configuration for OpenSearch Dashboards + fix of update-config role
14e002f0 · Václav Bartoš · d1559b4f · 14e002f0 · 14e002f0 · 14e002f0
Commit 14e002f0 authored 2 years ago by Václav Bartoš
--- a/roles/opensearch-dashboards/tasks/init.yml
+++ b/roles/opensearch-dashboards/tasks/init.yml
@@ -42,8 +42,7 @@
    - "{{playbook_dir}}/secrets/CA/ca.crt"
    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"

- name: Get openid authkey
-  remote_user: dashboards
+- name: Get authkey
  set_fact:
    kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"


--- a/roles/opensearch-dashboards/tasks/update-config.yml
+++ b/roles/opensearch-dashboards/tasks/update-config.yml
 ---

+- name: Get authkey
+  set_fact:
+    kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"
+
 - name: Configure Opensearch Dashboards properties
  remote_user: dashboards
  template:
@@ -16,10 +20,17 @@
    owner: dashboards
    group: dashboards

-
 - name: Copy opensearch-dashboards_graphs.ndjson to container
  remote_user: dashboards
  template:
    src: "opensearch-dashboards_graphs.ndjson.j2"
    dest: /tmp/opensearch-dashboards_graphs.ndjson

+- name: Import graphs to Opensearch Dashboards
+  remote_user: dashboards
+  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
+          -b /tmp/cookie.txt -c /tmp/cookie.txt \
+          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+          -H "osd-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+          -F "file=@/tmp/opensearch-dashboards_graphs.ndjson"'
+  ignore_errors: True
--- a/roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2
+++ b/roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2
--- a/utils/kibana_graphs2template.py
+++ b/utils/kibana_graphs2template.py
 #!/usr/bin/env python
+# Get exported objects from OpenSearch dashobards (menu - Stack management - Saved objects - Export all)
+# and convert them to a template to be put into:
+# roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2

 import argparse,re

 parser = argparse.ArgumentParser()
-parser.add_argument("graphsfile", help="input kibana_graphs.ndjson file")
+parser.add_argument("graphsfile", help="input *.ndjson file")
 parser.add_argument("templatefile", help="output template file")
 args = parser.parse_args()

@@ -11,8 +14,8 @@ r=open(args.graphsfile,"r")
 w=open(args.templatefile,"w")

 for line in r:
- line=re.sub(r'(^.*thehive_button.*url\\":[^"].")[^\\"]*(.*apikey\\":[^"]*")[^\\"]*(.*owner\\":[^"]*")[^\\"]*(.*$)',"\g<1>https://{{soctoolsproxy}}:9000\g<2>{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\g<3>{{THEHIVE_KIBANA_USER.username}}\g<4>",line)
- line=re.sub(r"(^.*)https:\/\/[^\/]*(.*destination\.ip_misp\.keyword.*$)","\g<1>{{misp_url}}\g<2>",line)
+ #line=re.sub(r'(^.*thehive_button.*url\\":[^"].")[^\\"]*(.*apikey\\":[^"]*")[^\\"]*(.*owner\\":[^"]*")[^\\"]*(.*$)',"\g<1>https://{{soctoolsproxy}}:9000\g<2>{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\g<3>{{THEHIVE_KIBANA_USER.username}}\g<4>",line)
+ line=re.sub(r"https://[^:]*:","https://{{soctoolsproxy}}:",line)
 w.write(line)

 r.close()