diff --git a/access.ips b/access.ips index a8cf1ea0ee61974d0893aed839777135ad8404bf..9800b686b19f5efe4dd311e387a504754bfcf7b8 100644 --- a/access.ips +++ b/access.ips @@ -19,9 +19,9 @@ ### Nifi ports - End ### -### ODFE - Start ### +### OPENSEARCH - Start ### #172.22.0.0/16 -### ODFE - End ### +### OPENSEARCH - End ### ### KeyCloak - Start ### diff --git a/configure.sh b/configure.sh index f7e239be7fcea3a7cfe426e8da2e9d909514cee7..72040949da31820948ea12eb0f61b0e0136860ea 100755 --- a/configure.sh +++ b/configure.sh @@ -11,7 +11,7 @@ wait () { done } -echo "By default, all services except HAProxy stats and ODFE are public!" +echo "By default, all services except HAProxy stats and OPENSEARCH are public!" echo "The configuration file: access.ips is used to configure external access to the services" echo "Do you want to modify/edit this file now?" read -p "(yes|no) [no] : " MODIFY diff --git a/generate_haproxy_whitelist_files.sh b/generate_haproxy_whitelist_files.sh index 1ddb6dacedf20cd3da673bb1b36b04a2a6fec4f6..a60a2451c43478cdfff7755ad23e8a1c7c100a06 100755 --- a/generate_haproxy_whitelist_files.sh +++ b/generate_haproxy_whitelist_files.sh @@ -2,7 +2,7 @@ awk '/HAProxy Stats - Start/{flag=1; next} /HAProxy Stats - End/{flag=0} flag' access.ips > roles/haproxy/files/stats_whitelist.lst awk '/Nifi Management - Start/{flag=1; next} /Nifi Management - End/{flag=0} flag' access.ips > roles/haproxy/files/nifi_whitelist.lst awk '/Nifi ports - Start/{flag=1; next} /Nifi ports - End/{flag=0} flag' access.ips > roles/haproxy/files/nifiports_whitelist.lst -awk '/ODFE - Start/{flag=1; next} /ODFE - End/{flag=0} flag' access.ips > roles/haproxy/files/odfe_whitelist.lst +awk '/OPENSEARCH - Start/{flag=1; next} /OPENSEARCH - End/{flag=0} flag' access.ips > roles/haproxy/files/opensearch-dashboards_whitelist.lst awk '/KeyCloak - Start/{flag=1; next} /KeyCloak - End/{flag=0} flag' access.ips > roles/haproxy/files/keycloak_whitelist.lst awk '/TheHive - Start/{flag=1; next} /TheHive - End/{flag=0} flag' access.ips > roles/haproxy/files/thehive_whitelist.lst awk '/Cortex - Start/{flag=1; next} /Cortex - End/{flag=0} flag' access.ips > roles/haproxy/files/cortex_whitelist.lst diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index aaadfaa22cf1df8bc9bb11a10e7933422ebe2c31..18fa2b79c79029fb1dd2bc8d37a491fe7fb411a3 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -12,8 +12,6 @@ repo: soctools version: 7 suffix: a20201004 -kibana_plugins_version: "v0.7" - THEHIVE_KIBANA_USER: username: "kibana" name: "Kibana" @@ -69,15 +67,15 @@ sysctlconfig: - { key: "vm.max_map_count" , val: "524288" } nifi_javamem: "1500m" -odfe_javamem: "512m" +opensearch_javamem: "512m" nifi_version: 1.12.1 nifi_repo: "https://archive.apache.org/dist" ca_cn: "SOCTOOLS-CA" -odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}" -odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}" +opensearches_img: "{{repo}}/opensearches:{{version}}{{suffix}}" +opensearchdashboards_img: "{{repo}}/opensearch-dashboards:{{version}}{{suffix}}" #elk_version: "oss-7.6.1" elk_version: "oss-7.4.2" #odfeplugin_version: "1.7.0.0" @@ -89,6 +87,7 @@ openid_subjkey: preferred_username keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}" +opensearch_version: "2.3.0" elastic_username: "admin" misp_dbname: "mispdb" @@ -100,10 +99,9 @@ services: - openjdk - zookeeper - nifi - - elasticsearch - - kibana - - odfees - - odfekibana + - opensearch + - opensearches + - opensearch-dashboards - keycloak - misp - cassandra diff --git a/group_vars/all/variables.template b/group_vars/all/variables.template index 04576f39a7e109c393776ab21dbd7a25330655b1..286875f7d467c3474ff7630a5d0b610d4d989c95 100644 --- a/group_vars/all/variables.template +++ b/group_vars/all/variables.template @@ -21,7 +21,7 @@ soctools_users: # DN: "CN=soc_admin_2" # CN: "soc_admin_2" -# list of users(username) from previous step which will recive admin roles in ODFE. (Minimum one user is required) +# list of users(username) from previous step which will recive admin roles in OPENSEARCH. (Minimum one user is required) ODFE_ADMIN_USERS: - soc_admin # - soc_admin_2 diff --git a/initsoctools.yml b/initsoctools.yml index b4371504f088735a35d38c7fd317456a65c51c51..d0dd9cf97f45dfb418c4c404f3eda09514ba2b26 100644 --- a/initsoctools.yml +++ b/initsoctools.yml @@ -40,15 +40,15 @@ roles: - cortex -- name: Reconfigure and start OpenDistro for Elasticsearch - hosts: odfeescontainers +- name: Reconfigure and start opensearch + hosts: opensearchescontainers roles: - - odfees + - opensearches -- name: Reconfigure and start OpenDistro Kibana for Elasticsearch - hosts: odfekibanacontainers +- name: Reconfigure and start opensearch Kibana + hosts: opensearchkibanacontainers roles: - - odfekibana + - opensearch-dashboards - name: Install and run filebeat hosts: filebeat diff --git a/inventories/elasticsearch b/inventories/elasticsearch deleted file mode 100644 index 73901fb0cd71e4434bd33159a45fc97c34ee98bb..0000000000000000000000000000000000000000 --- a/inventories/elasticsearch +++ /dev/null @@ -1,3 +0,0 @@ -[odfeescontainers] -soctools-odfe-1 ansible_connection=docker -soctools-odfe-2 ansible_connection=docker diff --git a/inventories/kibana b/inventories/kibana deleted file mode 100644 index 1f00ac6c362b94aaf698cb74343d1fbf2a402ab1..0000000000000000000000000000000000000000 --- a/inventories/kibana +++ /dev/null @@ -1,2 +0,0 @@ -[odfekibanacontainers] -soctools-kibana ansible_connection=docker diff --git a/inventories/opensearch b/inventories/opensearch new file mode 100644 index 0000000000000000000000000000000000000000..ecdf1be4d3928eb611bb2b3255d8346f732b31bb --- /dev/null +++ b/inventories/opensearch @@ -0,0 +1,3 @@ +[opensearchescontainers] +soctools-opensearch-1 ansible_connection=docker +soctools-opensearch-2 ansible_connection=docker diff --git a/inventories/opensearch-dashboards b/inventories/opensearch-dashboards new file mode 100644 index 0000000000000000000000000000000000000000..22b6a754228278d7ef7f6dc2393e1650c5fbc8cc --- /dev/null +++ b/inventories/opensearch-dashboards @@ -0,0 +1,2 @@ +[opensearchdashboardscontainers] +soctools-opensearch-dashboards ansible_connection=docker diff --git a/restart-soctools.yml b/restart-soctools.yml index 5aa1c94116243ecdf120c17813677b9c59643630..060161f87d77f4984d579ea35ceb5d04189dbc9b 100644 --- a/restart-soctools.yml +++ b/restart-soctools.yml @@ -25,15 +25,15 @@ roles: - nifi -- name: Restart services for OpenDistro for Elasticsearch - hosts: odfeescontainers +- name: Restart services for opensearch + hosts: opensearchescontainers roles: - - odfees + - opensearches -- name: Restart services for OpenDistro Kibana for Elasticsearch - hosts: odfekibanacontainers +- name: Restart services for opensearch Kibana + hosts: opensearchdashboardscontainers roles: - - odfekibana + - opensearch-dashboards - name: Restart services for MISP hosts: mispcontainers diff --git a/roles/build/files/odfees/odfesupervisord.conf b/roles/build/files/opensearch-dashboards/dashboardssupervisord.conf similarity index 69% rename from roles/build/files/odfees/odfesupervisord.conf rename to roles/build/files/opensearch-dashboards/dashboardssupervisord.conf index 975b7cdcb388e0292b82abde53f0a593505bda3c..775390b75db5c8926861dd27ea0624b82f27790e 100644 --- a/roles/build/files/odfees/odfesupervisord.conf +++ b/roles/build/files/opensearch-dashboards/dashboardssupervisord.conf @@ -16,18 +16,18 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] serverurl=unix:///tmp/supervisor.sock -[program:odfe] -user=elasticsearch -group=elasticsearch -directory=/usr/share/elasticsearch -command=sh -c "/usr/share/elasticsearch/bin/elasticsearch" +[program:opensearch-dashboards] +user=dashboards +group=dashboards +directory=/opt/opensearch-dashboards +command=sh -c "/opt/opensearch-dashboards/bin/opensearch-dashboards -c /opt/opensearch-dashboards/config/opensearch_dashboards.yml" autostart=false autorestart=true logfile_maxbytes=10MB stdout_logfile_backups = 0 stderr_logfile_backups = 0 -stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log -stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log +stderr_logfile = /var/log/supervisor/opensearch-dashboards_stderr.log +stdout_logfile = /var/log/supervisor/opensearch-dashboards_stdout.log [program:filebeat] directory=/opt/filebeat diff --git a/roles/build/files/elasticsearch/.empty b/roles/build/files/opensearch/.empty similarity index 100% rename from roles/build/files/elasticsearch/.empty rename to roles/build/files/opensearch/.empty diff --git a/roles/build/files/kibana/kibanasupervisord.conf b/roles/build/files/opensearches/opensearchsupervisord.conf similarity index 76% rename from roles/build/files/kibana/kibanasupervisord.conf rename to roles/build/files/opensearches/opensearchsupervisord.conf index 2cceed0bc2c3da97bb7b6012a381430808a6f5ae..d6ed091da03956dd49fc31c063f9866ec9c9e6cc 100644 --- a/roles/build/files/kibana/kibanasupervisord.conf +++ b/roles/build/files/opensearches/opensearchsupervisord.conf @@ -16,18 +16,18 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] serverurl=unix:///tmp/supervisor.sock -[program:kibana] -user=kibana -group=kibana -directory=/usr/share/kibana -command=sh -c "/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml" +[program:opensearch] +user=opensearch +group=opensearch +directory=/opt/opensearch +command=sh -c "/opt/opensearch/bin/opensearch" autostart=false autorestart=true logfile_maxbytes=10MB stdout_logfile_backups = 0 stderr_logfile_backups = 0 -stderr_logfile = /var/log/supervisor/kibana_stderr.log -stdout_logfile = /var/log/supervisor/kibana_stdout.log +stderr_logfile = /var/log/supervisor/opensearch_stderr.log +stdout_logfile = /var/log/supervisor/opensearch_stdout.log [program:filebeat] directory=/opt/filebeat diff --git a/roles/build/tasks/centos.yml b/roles/build/tasks/centos.yml index 62a8fb1fbd84dce5a27660a24f9eab54b59d9b97..2bbb7635c6b9f946196af54195ff558329a01475 100644 --- a/roles/build/tasks/centos.yml +++ b/roles/build/tasks/centos.yml @@ -1,15 +1,5 @@ --- -- name: Check for CentOS image - docker_image_info: - name: "{{repo}}/centos:{{version}}{{suffix}}" - register: centosimg - -- name: Assert CentOS image - assert: - that: centosimg.images | length == 0 - fail_msg: "CentOS image already exists" - - name: Create etc tree in build directory file: path: '{{ temp_root}}/{{ item.path }}' diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml index 6dd4e6c892787e04bac92c62284a48b2294df9cf..2dbc112f63015bddeddb4b2db373ef998d8c3365 100644 --- a/roles/build/tasks/main.yml +++ b/roles/build/tasks/main.yml @@ -5,7 +5,15 @@ - "'CHANGE_ME' not in soctoolsproxy" fail_msg: "Review *all* settings in group_vars/all/main.yml" -- include: centos.yml +# Create CentOS image if not created yet +- name: Check for CentOS image + docker_image_info: + name: "{{repo}}/centos:{{version}}{{suffix}}" + register: centosimg + +- name: Include tasks to create CentOS image + include_tasks: centos.yml + when: centosimg.images | length == 0 - name: Create main build dir file: diff --git a/roles/build/templates/elasticsearch/Dockerfile.j2 b/roles/build/templates/elasticsearch/Dockerfile.j2 deleted file mode 100644 index 7947f249dfbcd76cd796e5599269bdf25d436b29..0000000000000000000000000000000000000000 --- a/roles/build/templates/elasticsearch/Dockerfile.j2 +++ /dev/null @@ -1,21 +0,0 @@ -FROM {{repo}}/openjdk:{{version}}{{suffix}} - -ENV PATH="/usr/share/elasticsearch/bin:${PATH}" - -RUN groupadd -g 1000 elasticsearch && \ - adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch - -WORKDIR /usr/share/elasticsearch - -RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \ - rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{elk_version}}-no-jdk-x86_64.rpm && \ - cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \ - chown -R elasticsearch /usr/share/elasticsearch/config && \ - mkdir -p /usr/share/elasticsearch/data && \ - chown -R elasticsearch /usr/share/elasticsearch/data && \ - sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch - -RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers - -ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] - diff --git a/roles/build/templates/kibana/Dockerfile.j2 b/roles/build/templates/kibana/Dockerfile.j2 deleted file mode 100644 index db7d064db56e385b1c695a349db18a610346e5a3..0000000000000000000000000000000000000000 --- a/roles/build/templates/kibana/Dockerfile.j2 +++ /dev/null @@ -1,22 +0,0 @@ -FROM {{repo}}/centos:{{version}}{{suffix}} - -RUN yum install -y supervisor -RUN yum clean all - -ENV PATH="/usr/share/kibana/bin:${PATH}" - -RUN groupadd -g 1000 kibana && \ - adduser -u 1000 -g 1000 -d /usr/share/kibana kibana - -WORKDIR /usr/share/kibana - -RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \ - rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-{{elk_version}}-x86_64.rpm && \ - cp -a /etc/kibana/ /usr/share/kibana/config/ && \ - chown -R kibana /usr/share/kibana/config/ - -RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers - -COPY kibanasupervisord.conf /etc/supervisord.conf -ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] - diff --git a/roles/build/templates/odfees/Dockerfile.j2 b/roles/build/templates/odfees/Dockerfile.j2 deleted file mode 100644 index a4834a5e3caff38bd7f76182455a747638c2f952..0000000000000000000000000000000000000000 --- a/roles/build/templates/odfees/Dockerfile.j2 +++ /dev/null @@ -1,19 +0,0 @@ -FROM {{repo}}/elasticsearch:{{version}}{{suffix}} - -ENV PATH="/usr/share/elasticsearch/bin:${PATH}" - -USER root -WORKDIR /usr/share/elasticsearch - -RUN for PLUGIN in \ - https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-{{odfeplugin_version}}.zip \ - https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-{{odfeplugin_version}}.zip \ - https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-{{odfeplugin_version}}.zip; \ - do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \ - chown -R elasticsearch plugins/opendistro_security - -RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers -RUN yum install -y supervisor rsync -RUN yum clean all -COPY odfesupervisord.conf /etc/supervisord.conf -ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] diff --git a/roles/build/templates/opensearch-dashboards/Dockerfile.j2 b/roles/build/templates/opensearch-dashboards/Dockerfile.j2 new file mode 100644 index 0000000000000000000000000000000000000000..1b82e8ebbf6a5fb0c5e2467d90931a88277d90f0 --- /dev/null +++ b/roles/build/templates/opensearch-dashboards/Dockerfile.j2 @@ -0,0 +1,25 @@ +FROM {{repo}}/centos:{{version}}{{suffix}} + +RUN yum install -y supervisor +RUN yum clean all + +ENV PATH="/opt/opensearch-dashboards/bin:${PATH}" +ARG OPENSEARCH_VERSION={{opensearch_version}} + +RUN groupadd -g 1000 dashboards && \ + adduser -u 1000 -g 1000 -d /opt/opensearch-dashboards -M dashboards + +RUN cd /opt && \ + yum install -y wget sudo && \ + wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/${OPENSEARCH_VERSION}/opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64.tar.gz -O /tmp/opensearch-dashboards.tar.gz && \ + tar -xvzf /tmp/opensearch-dashboards.tar.gz && \ + ln -s $(find /opt -mindepth 1 -maxdepth 1 -type d | grep -i opensearch) /opt/opensearch-dashboards && \ + chown -R dashboards:dashboards /opt/opensearch-dashboards/ + +WORKDIR /opt/opensearch-dashboards + +RUN echo 'dashboards ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers + +COPY dashboardssupervisord.conf /etc/supervisord.conf +ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] + diff --git a/roles/build/templates/opensearch/Dockerfile.j2 b/roles/build/templates/opensearch/Dockerfile.j2 new file mode 100644 index 0000000000000000000000000000000000000000..bf9794bcd2bdf59072e34315135711e100903e08 --- /dev/null +++ b/roles/build/templates/opensearch/Dockerfile.j2 @@ -0,0 +1,23 @@ +FROM {{repo}}/centos:{{version}}{{suffix}} + +ENV PATH="/opt/opensearch/bin:${PATH}" +ARG OPENSEARCH_VERSION={{opensearch_version}} + +RUN groupadd -g 1000 opensearch && \ + adduser -u 1000 -g 1000 -d /opt/opensearch -M opensearch + + +RUN cd /opt && \ + yum install -y wget sudo && \ + wget https://artifacts.opensearch.org/releases/bundle/opensearch/${OPENSEARCH_VERSION}/opensearch-${OPENSEARCH_VERSION}-linux-x64.tar.gz -O /tmp/opensearch.tar.gz && \ + tar -xvzf /tmp/opensearch.tar.gz && \ + ln -s $(find /opt -mindepth 1 -maxdepth 1 -type d | grep -i opensearch) /opt/opensearch && \ + chown -R opensearch:opensearch /opt/opensearch/ + +WORKDIR /opt/opensearch + +RUN echo 'opensearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers + +ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] + + diff --git a/roles/build/templates/opensearches/Dockerfile.j2 b/roles/build/templates/opensearches/Dockerfile.j2 new file mode 100644 index 0000000000000000000000000000000000000000..f2abb04e2812dd29e3fd241c9c50109e466bba5a --- /dev/null +++ b/roles/build/templates/opensearches/Dockerfile.j2 @@ -0,0 +1,12 @@ +FROM {{repo}}/opensearch:{{version}}{{suffix}} + +ENV PATH="/opt/opensearch/bin:${PATH}" + +USER root +WORKDIR /opt/opensearch + +RUN echo 'opensearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers +RUN yum install -y supervisor rsync +RUN yum clean all +COPY opensearchsupervisord.conf /etc/supervisord.conf +ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml index 693108e48ac0dc8826c9ac68e37fa5af4315071e..bc7bcfc61b299afafe9f9508160c3f4f7766f8ca 100644 --- a/roles/ca/tasks/main.yml +++ b/roles/ca/tasks/main.yml @@ -42,8 +42,8 @@ command: roles/ca/files/easyrsa/easyrsa show-cert {{item}} with_items: - "{{ groups['nificontainers'] }}" - - "{{ groups['odfeescontainers'] }}" - - "{{ groups['odfekibanacontainers'] }}" + - "{{ groups['opensearchescontainers'] }}" + - "{{ groups['opensearchdashboardscontainers'] }}" - "{{ groups['keycloakcontainers'] }}" - "{{ groups['mispcontainers'] }}" - "{{ groups['thehive'] }}" @@ -63,8 +63,8 @@ build-serverClient-full {{item}} nopass with_items: - "{{ groups['nificontainers'] }}" - - "{{ groups['odfeescontainers'] }}" - - "{{ groups['odfekibanacontainers'] }}" + - "{{ groups['opensearchescontainers'] }}" + - "{{ groups['opensearchdashboardscontainers'] }}" - "{{ groups['keycloakcontainers'] }}" - "{{ groups['mispcontainers'] }}" - "{{ groups['thehive'] }}" @@ -100,8 +100,8 @@ Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}" with_items: - "{{ groups['nificontainers'] }}" - - "{{ groups['odfeescontainers'] }}" - - "{{ groups['odfekibanacontainers'] }}" + - "{{ groups['opensearchescontainers'] }}" + - "{{ groups['opensearchdashboardscontainers'] }}" - "{{ groups['keycloakcontainers'] }}" - "{{ groups['thehive'] }}" - "{{ groups['cortex'] }}" diff --git a/roles/cortex/tasks/configure.yml b/roles/cortex/tasks/configure.yml index cbcb0e99965da2affc197a7ff7b367cfd5c8843f..7e94fcbf22f82f7d92a37bfa19ecd7e0dd31d622 100644 --- a/roles/cortex/tasks/configure.yml +++ b/roles/cortex/tasks/configure.yml @@ -41,7 +41,6 @@ register: cortexadminuserkey args: warn: false - run_once: True - set_fact: cortexadminuserapikey={{ cortexadminuserkey.stdout }} diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2 index acfe9020d6979cd730eaf57c27ece4f15658b05d..4155af9a310b65dcd141dcb4f7002941c1954fa4 100644 --- a/roles/cortex/templates/application.conf.j2 +++ b/roles/cortex/templates/application.conf.j2 @@ -14,7 +14,7 @@ search { index = cortex # ElasticSearch instance address. # For cluster, join address:port with ',': "http://ip1:9200,ip2:9200,ip3:9200" - #uri = "https://{{groups['odfeescontainers'][0]}}:9200" + #uri = "https://{{groups['opensearchescontainers'][0]}}:9200" uri = "http://localhost:9200" ## Advanced configuration diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index d09016fa8b7912a3659bf0629cbae142c57a2037..e21541f2713f0c6b2896aeaa820bd994bdf701bb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -6,8 +6,8 @@ - include: keycloak.yml - include: zookeeper.yml - include: nifi.yml -- include: odfees.yml -- include: odfekibana.yml +- include: opensearches.yml +- include: opensearch-dashboards.yml - include: misp.yml - include: keycloak.yml - include: cassandra.yml diff --git a/roles/docker/tasks/odfekibana.yml b/roles/docker/tasks/opensearch-dashboards.yml similarity index 50% rename from roles/docker/tasks/odfekibana.yml rename to roles/docker/tasks/opensearch-dashboards.yml index 8426ce61d2d839917dca6fddfb7166a52f39d7cc..66808f43a91f5d1277f9801f63a599c2d6857aec 100644 --- a/roles/docker/tasks/odfekibana.yml +++ b/roles/docker/tasks/opensearch-dashboards.yml @@ -1,23 +1,23 @@ --- -- name: Create odfe kibana containers and connect to network +- name: Create Opensearch Dashboard containers and connect to network docker_container: name: "{{ item }}" hostname: "{{ item }}" - image: "{{ odfekibana_img }}" + image: "{{ opensearchdashboards_img }}" networks: - name: "{{ soctools_netname }}" networks_cli_compatible: yes interactive: "yes" - with_items: "{{ groups['odfekibanacontainers'] }}" + with_items: "{{ groups['opensearchdashboardscontainers'] }}" tags: - start-docker-containers -- name: Disconnect odfe kibana containers from network and remove +- name: Disconnect Opensearch Dashboard containers from network and remove docker_container: name: "{{ item }}" state: absent - with_items: "{{ groups['odfekibanacontainers'] }}" + with_items: "{{ groups['opensearchdashboardscontainers'] }}" tags: - stop-docker-containers diff --git a/roles/docker/tasks/odfees.yml b/roles/docker/tasks/opensearches.yml similarity index 51% rename from roles/docker/tasks/odfees.yml rename to roles/docker/tasks/opensearches.yml index 7ae76b5de752ab1ff385f49ffc443387f4196dc4..6057b2f9ab9a6560afbcb189be3a5dc31044aac8 100644 --- a/roles/docker/tasks/odfees.yml +++ b/roles/docker/tasks/opensearches.yml @@ -1,25 +1,25 @@ --- -- name: Create odfe elasticsearch containers and connect to network +- name: Create odfe Opensearch containers and connect to network docker_container: name: "{{ item }}" hostname: "{{ item }}" - image: "{{ odfees_img }}" + image: "{{ opensearches_img }}" networks: - name: "{{ soctools_netname }}" networks_cli_compatible: yes volumes: - - "{{item}}:/usr/share/elasticsearch/data" + - "{{item}}:/opt/opensearch/data" interactive: "yes" - with_items: "{{ groups['odfeescontainers'] }}" + with_items: "{{ groups['opensearchescontainers'] }}" tags: - start-docker-containers -- name: Disconnect odfe elasticsearch containers from network and remove +- name: Disconnect Opensearch containers from network and remove docker_container: name: "{{ item }}" state: absent - with_items: "{{ groups['odfeescontainers'] }}" + with_items: "{{ groups['opensearchescontainers'] }}" tags: - stop-docker-containers diff --git a/roles/docker/tasks/volumecreate.yml b/roles/docker/tasks/volumecreate.yml index a4e92207fcff83c4d282524f04456c2455b08475..4e45a4235dfe7d36878f91529942351e72c335f1 100644 --- a/roles/docker/tasks/volumecreate.yml +++ b/roles/docker/tasks/volumecreate.yml @@ -32,11 +32,11 @@ tags: - start-docker-containers -- name: Create OpenDistro for Elasticearch volumes +- name: Create Opensearch volumes docker_volume: name: "{{item}}" with_items: - - "{{ groups['odfeescontainers'] }}" + - "{{ groups['opensearchescontainers'] }}" tags: - start-docker-containers diff --git a/roles/haproxy/tasks/init.yml b/roles/haproxy/tasks/init.yml index aaf8aa32add3a1c818b3128899b2f90c786116dc..7f8b77c00756ab6747443138fc151d0e9bc10c2f 100644 --- a/roles/haproxy/tasks/init.yml +++ b/roles/haproxy/tasks/init.yml @@ -15,13 +15,13 @@ - stats - nifi - nifiports - - odfe + - opensearch - keycloak - thehive - cortex - misp - user-mgmt-ui - - kibana + - opensearch-dashboards - name: Create required directories file: diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index 8a92792b895a8ada0a1fed8176ad6ea9cb44dac6..5f463b537d171c81dba9ba501a078a52396238ba 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -38,7 +38,7 @@ listen nifiserv {% endfor %} tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/nifi_whitelist.lst } -listen odfeserv +listen opensearchserv bind *:9200 ssl crt /etc/ssl/haproxy alpn h2,http/1.1 mode http maxconn 5000 @@ -46,10 +46,10 @@ listen odfeserv balance source option tcpka option httplog -{% for odfehost in groups['odfeescontainers'] %} - server {{odfehost}} {{odfehost}}:9200 ssl check verify none +{% for opensearchhost in groups['opensearchescontainers'] %} + server {{opensearchhost}} {{opensearchhost}}:9200 ssl check verify none {% endfor %} - tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/odfe_whitelist.lst } + tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/opensearch_whitelist.lst } listen keycloakserv bind *:12443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1 @@ -92,7 +92,7 @@ listen cortexserv {% endfor %} tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/cortex_whitelist.lst } -listen kibanaserv +listen opensearch-dashboards-serv bind *:5601 ssl crt /etc/ssl/haproxy alpn h2,http/1.1 mode http maxconn 5000 @@ -101,10 +101,10 @@ listen kibanaserv option tcpka option forwardfor option httplog -{% for kibanahost in groups['odfekibanacontainers'] %} - server {{kibanahost}} {{kibanahost}}:5601 ssl check verify none +{% for opensearchdashboardshost in groups['opensearchdashboardscontainers'] %} + server {{opensearchdashboardshost}} {{opensearchdashboardshost}}:5601 ssl check verify none {% endfor %} - tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/kibana_whitelist.lst } + tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/opensearch-dashboards_whitelist.lst } listen mispserv bind *:6443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1 diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2 index 1619ccd9e65d3bc8bd6453e0b01d457c9ade2db5..9d79a0402106e193b6e675208d60bf262f0d0f1a 100644 --- a/roles/nifi/templates/flow.xml.j2 +++ b/roles/nifi/templates/flow.xml.j2 @@ -12617,8 +12617,8 @@ <variable name="elastic_username" value="{{ elastic_username }}" /> <variable name="misp_url" value="{{ misp_url }}" /> <variable name="elastic_url" value="https://{{ soctoolsproxy }}:9200" /> - <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" /> + <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}" /> </rootGroup> <controllerServices /> <reportingTasks /> -</flowController> \ No newline at end of file +</flowController> diff --git a/roles/odfees/tasks/init.yml b/roles/odfees/tasks/init.yml deleted file mode 100644 index 0eaedc5b5529f0568b706fea12f87d9d64c0489f..0000000000000000000000000000000000000000 --- a/roles/odfees/tasks/init.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- - -- name: Copy cacert to ca-trust dir - remote_user: root - copy: - src: "{{playbook_dir}}/secrets/CA/ca.crt" - dest: /etc/pki/ca-trust/source/anchors/ca.crt - -- name: Install cacert to root truststore - remote_user: root - command: "update-ca-trust" - -- name: Copy certificates in odfe conf dir - remote_user: elasticsearch - copy: - src: "{{ item }}" - dest: "config/" - mode: 0600 - with_items: - - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12" - - "{{playbook_dir}}/secrets/CA/cacerts.jks" - - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12" - -- name: Configure sysconfig - remote_user: elasticsearch - template: - src: sysconfig_elasticsearch.j2 - dest: sysconfig_elasticsearch - -- name: Copy sysconfig to /etc - remote_user: elasticsearch - command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch" - -- name: Configure odfe properties - remote_user: elasticsearch - template: - src: "config/{{item}}.j2" - dest: "config/{{item}}" - with_items: - - elasticsearch.yml - - jvm.options - - log4j2.properties - -- name: Change password for admin - remote_user: elasticsearch - command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" - register: adminhash - # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname" - -- set_fact: - adminhashpwd: "{{ adminhash.stdout }}" - #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}" - remote_user: elasticsearch - -- name: Change password for cortex - remote_user: elasticsearch - command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}" - register: cortexhash - # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname" - -- set_fact: - cortexhashpwd: "{{ cortexhash.stdout }}" - #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}" - remote_user: elasticsearch - -- name: Configure opendistro_security properties - remote_user: elasticsearch - template: - src: "securityconfig/{{item}}.j2" - dest: "plugins/opendistro_security/securityconfig/{{item}}" - with_items: - - internal_users.yml - - config.yml - - roles_mapping.yml - - -- name: Start OpenDistro for Elasticsearch - remote_user: root - command: "supervisorctl start odfe" - -- name: Wait for ElasticSearch - remote_user: root - wait_for: - host: "{{groups['odfeescontainers'][0]}}" - port: 9200 - state: started - delay: 5 - -- name: Configure OpenDistro security - remote_user: elasticsearch - command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster" - when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname" - -- name: Set Autostart for supervisord's services - remote_user: root - replace: - path: /etc/supervisord.conf - regexp: '^autostart=false$' - replace: 'autostart=true' - diff --git a/roles/odfees/tasks/start.yml b/roles/odfees/tasks/start.yml deleted file mode 100644 index 953b53fdb88a6c8044581d374c3ba7620969faf8..0000000000000000000000000000000000000000 --- a/roles/odfees/tasks/start.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Start OpenDistro for Elasticsearch - remote_user: root - command: "supervisorctl start odfe" - -- name: Wait for ElasticSearch - remote_user: root - wait_for: - host: "{{groups['odfeescontainers'][0]}}" - port: 9200 - state: started - delay: 5 - diff --git a/roles/odfees/tasks/stop.yml b/roles/odfees/tasks/stop.yml deleted file mode 100644 index 1302cc8bf86e04950e347eb12436b0a6cc0aac0f..0000000000000000000000000000000000000000 --- a/roles/odfees/tasks/stop.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: Stop OpenDistro for Elasticsearch - remote_user: root - command: "supervisorctl stop odfe" - diff --git a/roles/odfees/tasks/update-config.yml b/roles/odfees/tasks/update-config.yml deleted file mode 100644 index a40d487df503d8edc00dd641352d61d3f892042e..0000000000000000000000000000000000000000 --- a/roles/odfees/tasks/update-config.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -- name: Configure sysconfig - remote_user: elasticsearch - template: - src: sysconfig_elasticsearch.j2 - dest: sysconfig_elasticsearch - -- name: Copy sysconfig to /etc - remote_user: elasticsearch - command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch" - -- name: Configure odfe properties - remote_user: elasticsearch - template: - src: "config/{{item}}.j2" - dest: "config/{{item}}" - with_items: - - elasticsearch.yml - - jvm.options - - log4j2.properties - -- name: Configure opendistro_security properties - remote_user: elasticsearch - template: - src: "securityconfig/{{item}}.j2" - dest: "plugins/opendistro_security/securityconfig/{{item}}" - with_items: - - internal_users.yml - - config.yml - - roles_mapping.yml - diff --git a/roles/odfees/templates/config/elasticsearch.yml.j2 b/roles/odfees/templates/config/elasticsearch.yml.j2 deleted file mode 100644 index 5e8e18fc2999f2622cca3b0c229265a379c49b44..0000000000000000000000000000000000000000 --- a/roles/odfees/templates/config/elasticsearch.yml.j2 +++ /dev/null @@ -1,67 +0,0 @@ -cluster.name: "soctools-cluster" -#network.host: 0.0.0.0 -network.host: {{ inventory_hostname }} -discovery.seed_hosts: -{% for odfees in groups['odfeescontainers'] %} - - {{ odfees }} -{% endfor %} -#discovery.type: single-node -transport.port: 9300 - -path.logs: /usr/share/elasticsearch/logs -# # minimum_master_nodes need to be explicitly set when bound on a public IP -# # set to 1 to allow single node clusters -# # Details: https://github.com/elastic/elasticsearch/pull/17288 -#discovery.zen.minimum_master_nodes: 1 - -# # Breaking change in 7.0 -# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes -cluster.initial_master_nodes: -{% for odfees in groups['odfeescontainers'] %} - - {{ odfees }} -{% endfor %} - -# - elasticsearch1 -# - docker-test-node-1 -######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## -# WARNING: revise all the lines below before you go into production -# opendistro_security.ssl.transport.pemcert_filepath: esnode.pem -# opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem - -opendistro_security.ssl.transport.keystore_type: pkcs12 -opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12 -opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}" -#opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.truststore_type: jks -opendistro_security.ssl.transport.truststore_filepath: cacerts.jks -opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}" -opendistro_security.ssl.transport.enforce_hostname_verification: false - -opendistro_security.ssl.http.enabled: true -# opendistro_security.ssl.http.pemcert_filepath: esnode.pem -# opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem -opendistro_security.ssl.http.keystore_type: pkcs12 -opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12 -opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}" -opendistro_security.ssl.http.truststore_type: jks -opendistro_security.ssl.http.truststore_filepath: cacerts.jks -opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}" -#opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -#opendistro_security.ssl.http.clientauth_mode: optional -opendistro_security.allow_unsafe_democertificates: false -opendistro_security.allow_default_init_securityindex: false -opendistro_security.authcz.admin_dn: - - "{{soctools_users[0].DN}}" - -opendistro_security.nodes_dn: -{% for odfees in groups['odfeescontainers'] %} - - "CN={{ odfees }}" -{% endfor %} - -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -node.max_local_storage_nodes: 3 -######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/roles/odfees/templates/config/jvm.options.j2 b/roles/odfees/templates/config/jvm.options.j2 deleted file mode 100644 index d2a22392210eadbdf65de97c77fd427799753c6a..0000000000000000000000000000000000000000 --- a/roles/odfees/templates/config/jvm.options.j2 +++ /dev/null @@ -1,119 +0,0 @@ -## JVM configuration - -################################################################ -## IMPORTANT: JVM heap size -################################################################ -## -## You should always set the min and max JVM heap -## size to the same value. For example, to set -## the heap to 4 GB, set: -## -## -Xms4g -## -Xmx4g -## -## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html -## for more information -## -################################################################ - -# Xms represents the initial size of total heap space -# Xmx represents the maximum size of total heap space - --Xms{{odfe_javamem}} --Xmx{{odfe_javamem}} - -################################################################ -## Expert settings -################################################################ -## -## All settings below this section are considered -## expert settings. Don't tamper with them unless -## you understand what you are doing -## -################################################################ - -## GC configuration --XX:+UseConcMarkSweepGC --XX:CMSInitiatingOccupancyFraction=75 --XX:+UseCMSInitiatingOccupancyOnly - -## G1GC Configuration -# NOTE: G1GC is only supported on JDK version 10 or later. -# To use G1GC uncomment the lines below. -# 10-:-XX:-UseConcMarkSweepGC -# 10-:-XX:-UseCMSInitiatingOccupancyOnly -# 10-:-XX:+UseG1GC -# 10-:-XX:InitiatingHeapOccupancyPercent=75 - -## DNS cache policy -# cache ttl in seconds for positive DNS lookups noting that this overrides the -# JDK security property networkaddress.cache.ttl; set to -1 to cache forever --Des.networkaddress.cache.ttl=60 -# cache ttl in seconds for negative DNS lookups noting that this overrides the -# JDK security property networkaddress.cache.negative ttl; set to -1 to cache -# forever --Des.networkaddress.cache.negative.ttl=10 - -## optimizations - -# pre-touch memory pages used by the JVM during initialization --XX:+AlwaysPreTouch - -## basic - -# explicitly set the stack size --Xss1m - -# set to headless, just in case --Djava.awt.headless=true - -# ensure UTF-8 encoding by default (e.g. filenames) --Dfile.encoding=UTF-8 - -# use our provided JNA always versus the system one --Djna.nosys=true - -# turn off a JDK optimization that throws away stack traces for common -# exceptions because stack traces are important for debugging --XX:-OmitStackTraceInFastThrow - -# flags to configure Netty --Dio.netty.noUnsafe=true --Dio.netty.noKeySetOptimization=true --Dio.netty.recycler.maxCapacityPerThread=0 - -# log4j 2 --Dlog4j.shutdownHookEnabled=false --Dlog4j2.disable.jmx=true - --Djava.io.tmpdir=${ES_TMPDIR} - -## heap dumps - -# generate a heap dump when an allocation from the Java heap fails -# heap dumps are created in the working directory of the JVM --XX:+HeapDumpOnOutOfMemoryError - -# specify an alternative path for heap dumps; ensure the directory exists and -# has sufficient space --XX:HeapDumpPath=data - -# specify an alternative path for JVM fatal error logs --XX:ErrorFile=logs/hs_err_pid%p.log - -## JDK 8 GC logging - -8:-XX:+PrintGCDetails -8:-XX:+PrintGCDateStamps -8:-XX:+PrintTenuringDistribution -8:-XX:+PrintGCApplicationStoppedTime -8:-Xloggc:logs/gc.log -8:-XX:+UseGCLogFileRotation -8:-XX:NumberOfGCLogFiles=32 -8:-XX:GCLogFileSize=64m - -# JDK 9+ GC logging -9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise -# time/date parsing will break in an incompatible way for some date patterns and locals -9-:-Djava.locale.providers=COMPAT diff --git a/roles/odfees/templates/config/log4j2.properties.j2 b/roles/odfees/templates/config/log4j2.properties.j2 deleted file mode 100644 index ee01d9a1406720d46fe983efacf16cc8d52c3729..0000000000000000000000000000000000000000 --- a/roles/odfees/templates/config/log4j2.properties.j2 +++ /dev/null @@ -1,31 +0,0 @@ -status = error - -appender.console.type = Console -appender.console.name = console -appender.console.layout.type = PatternLayout -appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n - -appender.rolling.type = RollingFile -appender.rolling.name = rolling -appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json -appender.rolling.layout.type = ESJsonLayout -appender.rolling.layout.type_name = server -appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz -appender.rolling.policies.type = Policies -appender.rolling.policies.time.type = TimeBasedTriggeringPolicy -appender.rolling.policies.time.interval = 1 -appender.rolling.policies.time.modulate = true -appender.rolling.policies.size.type = SizeBasedTriggeringPolicy -appender.rolling.policies.size.size = 20MB -appender.rolling.strategy.type = DefaultRolloverStrategy -appender.rolling.strategy.fileIndex = nomax -appender.rolling.strategy.action.type = Delete -appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} -appender.rolling.strategy.action.condition.type = IfFileName -appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* -appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize -appender.rolling.strategy.action.condition.nested_condition.exceeds = 100MB - -rootLogger.level = info -#rootLogger.appenderRef.console.ref = console -rootLogger.appenderRef.rolling.ref = rolling diff --git a/roles/odfees/templates/sysconfig_elasticsearch.j2 b/roles/odfees/templates/sysconfig_elasticsearch.j2 deleted file mode 100644 index 60b69e2bcf1ca61478e7b94015344c15455ebc47..0000000000000000000000000000000000000000 --- a/roles/odfees/templates/sysconfig_elasticsearch.j2 +++ /dev/null @@ -1,51 +0,0 @@ -################################ -# Elasticsearch -################################ - -# Elasticsearch home directory -ES_HOME=/usr/share/elasticsearch - -# Elasticsearch Java path -#JAVA_HOME= - -# Elasticsearch configuration directory -ES_PATH_CONF=/usr/share/elasticsearch/config - -# Elasticsearch PID directory -#PID_DIR=/var/run/elasticsearch - -# Additional Java OPTS -#ES_JAVA_OPTS= - -# Configure restart on package upgrade (true, every other setting will lead to not restarting) -#RESTART_ON_UPGRADE=true - -################################ -# Elasticsearch service -################################ - -# SysV init.d -# -# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process -ES_STARTUP_SLEEP_TIME=5 - -################################ -# System properties -################################ - -# Specifies the maximum file descriptor number that can be opened by this process -# When using Systemd, this setting is ignored and the LimitNOFILE defined in -# /usr/lib/systemd/system/elasticsearch.service takes precedence -#MAX_OPEN_FILES=65535 - -# The maximum number of bytes of memory that may be locked into RAM -# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option -# in elasticsearch.yml. -# When using systemd, LimitMEMLOCK must be set in a unit file such as -# /etc/systemd/system/elasticsearch.service.d/override.conf. -#MAX_LOCKED_MEMORY=unlimited - -# Maximum number of VMA (Virtual Memory Areas) a process can own -# When using Systemd, this setting is ignored and the 'vm.max_map_count' -# property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf -#MAX_MAP_COUNT=262144 diff --git a/roles/odfekibana/files/.empty b/roles/odfekibana/files/.empty deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/roles/odfekibana/tasks/stop.yml b/roles/odfekibana/tasks/stop.yml deleted file mode 100644 index 2ab354a31339c1ee47c5d287277b9e25c6afa377..0000000000000000000000000000000000000000 --- a/roles/odfekibana/tasks/stop.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- name: Stop OpenDistro Kibana for Elasticsearch - remote_user: root - command: "supervisorctl stop kibana" diff --git a/roles/odfekibana/tasks/update-config.yml b/roles/odfekibana/tasks/update-config.yml deleted file mode 100644 index d258885ceac6fd12f7d69accb97745835da9eec5..0000000000000000000000000000000000000000 --- a/roles/odfekibana/tasks/update-config.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- - -- name: Configure odfe kibana properties - remote_user: kibana - template: - src: "{{item}}.j2" - dest: "config/{{item}}" - with_items: - - kibana.yml - -- name: Configure odfe kibana start script - remote_user: kibana - template: - src: "{{item}}.j2" - dest: "{{item}}" - mode: 0750 - with_items: - - startkibana.sh - -- name: Generate configuration for thehive_button plugin - remote_user: kibana - template: - src: files/env.js.j2 - dest: "/usr/share/kibana/plugins/thehive_button/public/env.js" - owner: kibana - group: kibana - - -- name: Copy kibana_graphs.ndjson to container - remote_user: kibana - template: - src: "kibana_graphs.ndjson.j2" - dest: /tmp/kibana_graphs.ndjson - diff --git a/roles/odfekibana/templates/kibana.yml.j2 b/roles/odfekibana/templates/kibana.yml.j2 deleted file mode 100644 index 506b10c06880643c831526fa684d30e98a3efa62..0000000000000000000000000000000000000000 --- a/roles/odfekibana/templates/kibana.yml.j2 +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"). -# You may not use this file except in compliance with the License. -# A copy of the License is located at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# or in the "license" file accompanying this file. This file is distributed -# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -# express or implied. See the License for the specific language governing -# permissions and limitations under the License. - -# Description: -# Default Kibana configuration from kibana-docker. - -#logging.verbose: true -cpu.cgroup.path.override: / -cpuacct.cgroup.path.override: / -pid.file: {{inventory_hostname}}.pid - -server.name: {{inventory_hostname}} -server.host: "{{inventory_hostname}}" -#elasticsearch.hosts: https://localhost:9200 -elasticsearch.hosts: https://{{groups['odfeescontainers'][0]}}:9200 -elasticsearch.ssl.verificationMode: none -elasticsearch.username: kibanaserver -elasticsearch.password: kibanaserver -elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] - -opendistro_security.multitenancy.enabled: false -#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] -opendistro_security.readonly_mode.roles: ["kibana_read_only"] - -#new in 7.6 -#newsfeed.enabled: false -#telemetry.optIn: false -#telemetry.enabled: false - -opendistro_security.auth.type: "openid" -opendistro_security.openid.connect_url: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration" -opendistro_security.openid.client_id: "soctools-kibana" -opendistro_security.openid.client_secret: "{{kibanasecret.value}}" -opendistro_security.openid.root_ca: "/usr/share/kibana/config/ca.crt" -opendistro_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601" - -opendistro_security.cookie.secure: true -opendistro_security.cookie.password: "{{lookup("password", "{{playbook_dir}}/secrets/passwords/kibana_cookiepassword length=32")}}" - -server.ssl.enabled: true -server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key -server.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt -#server.ssl.keystore.path: /usr/share/kibana/config/{{inventory_hostname}}.p12 -#server.ssl.keystore.password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}} -#server.ssl.certificateAuthorities: -#server.ssl.truststore.path: jks (p12?) -#server.ssl.truststore.password: - - -#elasticsearch.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt -#elasticsearch.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key -#elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/{{ca_cn}}.crt - -opendistro_security.allow_client_certificates: true diff --git a/roles/odfekibana/templates/startkibana.sh.j2 b/roles/odfekibana/templates/startkibana.sh.j2 deleted file mode 100644 index 74039208775785dc27dd1349cf2debc0889a9dc5..0000000000000000000000000000000000000000 --- a/roles/odfekibana/templates/startkibana.sh.j2 +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -x -#exec /usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml --verbose > kblog 2>&1 & -/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml > kblog 2>&1 & -# disown - - diff --git a/roles/odfees/defaults/main.yml b/roles/opensearch-dashboards/defaults/main.yml similarity index 100% rename from roles/odfees/defaults/main.yml rename to roles/opensearch-dashboards/defaults/main.yml diff --git a/roles/build/files/odfekibana/.empty b/roles/opensearch-dashboards/files/.empty similarity index 100% rename from roles/build/files/odfekibana/.empty rename to roles/opensearch-dashboards/files/.empty diff --git a/roles/odfekibana/files/env.js.j2 b/roles/opensearch-dashboards/files/env.js.j2 similarity index 100% rename from roles/odfekibana/files/env.js.j2 rename to roles/opensearch-dashboards/files/env.js.j2 diff --git a/roles/odfekibana/files/tenant.json b/roles/opensearch-dashboards/files/tenant.json similarity index 100% rename from roles/odfekibana/files/tenant.json rename to roles/opensearch-dashboards/files/tenant.json diff --git a/roles/odfees/handlers/main.yml b/roles/opensearch-dashboards/handlers/main.yml similarity index 100% rename from roles/odfees/handlers/main.yml rename to roles/opensearch-dashboards/handlers/main.yml diff --git a/roles/odfees/meta/main.yml b/roles/opensearch-dashboards/meta/main.yml similarity index 100% rename from roles/odfees/meta/main.yml rename to roles/opensearch-dashboards/meta/main.yml diff --git a/roles/odfekibana/tasks/init.yml b/roles/opensearch-dashboards/tasks/init.yml similarity index 57% rename from roles/odfekibana/tasks/init.yml rename to roles/opensearch-dashboards/tasks/init.yml index 718d7ce33e20099716a62ec0cb833c91e6d970b5..4de794e62c261ca0a3584c6e12dcaa4c9d35543c 100644 --- a/roles/odfekibana/tasks/init.yml +++ b/roles/opensearch-dashboards/tasks/init.yml @@ -1,22 +1,11 @@ --- -- name: Download kibana plugins - get_url: - url: "https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/kibana-plugins/-/archive/{{ kibana_plugins_version }}/kibana-plugins-{{kibana_plugins_version}}.tar.gz" - dest: /tmp/kibana_plugins.tar.gz - -- name: Gunzip kibana plugins - unarchive: - src: "/tmp/kibana_plugins.tar.gz" - dest: /tmp - remote_src: yes - -- name: Install the Hive Button plugin - copy: - src: "/tmp/kibana-plugins-{{kibana_plugins_version}}/thehive_button" - dest: "/usr/share/kibana/plugins" - owner: kibana - remote_src: yes +#- name: Install the Hive Button plugin +# copy: +# src: "/tmp/kibana-plugins-{{kibana_plugins_version}}/thehive_button" +# dest: "/usr/share/kibana/plugins" +# owner: kibana +# remote_src: yes - name: Copy cacert to ca-trust dir remote_user: root @@ -28,8 +17,8 @@ remote_user: root command: "update-ca-trust" -- name: Copy certificates in odfe kibana conf dir - remote_user: kibana +- name: Copy certificates in Opensearch Dashboards conf dir + remote_user: dashboards copy: src: "{{ item }}" dest: "config/" @@ -43,50 +32,41 @@ - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12" - name: Get openid authkey - remote_user: kibana + remote_user: dashboards set_fact: kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}" -- name: Configure odfe kibana properties - remote_user: kibana +- name: Configure Opensearch Dashboards properties + remote_user: dashboards template: src: "{{item}}.j2" dest: "config/{{item}}" with_items: - - kibana.yml - -- name: Configure odfe kibana start script - remote_user: kibana - template: - src: "{{item}}.j2" - dest: "{{item}}" - mode: 0750 - with_items: - - startkibana.sh + - opensearch_dashboards.yml -- name: Generate configuration for thehive_button plugin - remote_user: kibana - template: - src: files/env.js.j2 - dest: "/usr/share/kibana/plugins/thehive_button/public/env.js" - owner: kibana - group: kibana +#- name: Generate configuration for thehive_button plugin +# remote_user: dashboards +# template: +# src: files/env.js.j2 +# dest: "/opt/opensearch-dashboards/plugins/thehive_button/public/env.js" +# owner: dashboards +# group: dashboards -- name: Start Kibana +- name: Start Opensearch Dashboards remote_user: root - shell: "supervisorctl start kibana" + shell: "supervisorctl start opensearch-dashboards" -- name: Wait for Kibana - remote_user: kibana +- name: Wait for Opensearch Dashboards + remote_user: dashboards wait_for: - host: "{{groups['odfekibanacontainers'][0]}}" + host: "{{groups['opensearchdashboardscontainers'][0]}}" port: 5601 state: started delay: 5 -- name: Check Kibana health - remote_user: kibana +- name: Check Opensearch Dashboards health + remote_user: dashboards shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ | egrep status....overall....state...green' register: result @@ -95,32 +75,32 @@ delay: 2 ignore_errors: yes -- name: Copy kibana_graphs.ndjson to container - remote_user: kibana +- name: Copy opensearch-dashboards_graphs.ndjson to container + remote_user: dashboards template: - src: "kibana_graphs.ndjson.j2" - dest: /tmp/kibana_graphs.ndjson + src: "opensearch-dashboards_graphs.ndjson.j2" + dest: /tmp/opensearch-dashboards_graphs.ndjson -- name: Import graphs to kibana - remote_user: kibana +- name: Import graphs to Opensearch Dashboards + remote_user: dashboards shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \ -b /tmp/cookie.txt -c /tmp/cookie.txt \ - -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ + -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \ -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \ - -F "file=@/tmp/kibana_graphs.ndjson"' + -F "file=@/tmp/opensearch-dashboards_graphs.ndjson"' ignore_errors: True - name: Copy role modification json to container - remote_user: kibana + remote_user: dashboards template: src: "role.json.j2" dest: /tmp/role.json - name: Grant admin permissions to users - remote_user: kibana + remote_user: dashboards shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \ -b /tmp/cookie.txt -c /tmp/cookie.txt \ - -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \ + -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \ -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ -d @/tmp/role.json' diff --git a/roles/odfekibana/tasks/main.yml b/roles/opensearch-dashboards/tasks/main.yml similarity index 62% rename from roles/odfekibana/tasks/main.yml rename to roles/opensearch-dashboards/tasks/main.yml index 429925b89da09f01c8de81db6edcdbeb6be5d407..eafe658cec617e9730e8b5047a423aa31c9a2247 100644 --- a/roles/odfekibana/tasks/main.yml +++ b/roles/opensearch-dashboards/tasks/main.yml @@ -6,17 +6,17 @@ - include: start.yml tags: - start - - start-odfekibana + - start-opensearch-dashboards - init - include: stop.yml tags: - stop - - stop-odfekibana + - stop-opensearch-dashboards - include: update-config.yml tags: - update-config - - update-odfekibana-config + - update-opensearch-dashboards-config - include: restart.yml tags: - restart - - restart-odfekibana + - restart-opensearch-dashboards diff --git a/roles/odfekibana/tasks/restart.yml b/roles/opensearch-dashboards/tasks/restart.yml similarity index 65% rename from roles/odfekibana/tasks/restart.yml rename to roles/opensearch-dashboards/tasks/restart.yml index cadeb7e282e7d8718218791bdb6c81869810006b..71b16bc97713afea12414093732e73fc51cc83f2 100644 --- a/roles/odfekibana/tasks/restart.yml +++ b/roles/opensearch-dashboards/tasks/restart.yml @@ -2,18 +2,18 @@ - name: Restart Kibana remote_user: root - shell: "supervisorctl restart kibana" + shell: "supervisorctl restart opensearch-dashboards" - name: Wait for Kibana - remote_user: kibana + remote_user: dashboards wait_for: - host: "{{groups['odfekibanacontainers'][0]}}" + host: "{{groups['opensearchdashboardscontainers'][0]}}" port: 5601 state: started delay: 5 -- name: Check Kibana health - remote_user: kibana +- name: Check Opensearch Dashboards health + remote_user: dashboards shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ | egrep status....overall....state...green' register: result diff --git a/roles/odfekibana/tasks/start.yml b/roles/opensearch-dashboards/tasks/start.yml similarity index 54% rename from roles/odfekibana/tasks/start.yml rename to roles/opensearch-dashboards/tasks/start.yml index b22cd0de212ad38926b46e7c1d845f8581b9147a..dfe139faeca8f2bf74f5cdee1d0554bc4001b6ed 100644 --- a/roles/odfekibana/tasks/start.yml +++ b/roles/opensearch-dashboards/tasks/start.yml @@ -1,19 +1,19 @@ --- -- name: Start Kibana +- name: Start Opensearch Dashboards remote_user: root - shell: "supervisorctl start kibana" + shell: "supervisorctl start opensearch-dashboards" -- name: Wait for Kibana - remote_user: kibana +- name: Wait for Opensearch Dashboards + remote_user: dashboards wait_for: - host: "{{groups['odfekibanacontainers'][0]}}" + host: "{{groups['opensearchdashboardscontainers'][0]}}" port: 5601 state: started delay: 5 -- name: Check Kibana health - remote_user: kibana +- name: Check Opensearch Dashboards health + remote_user: dashboards shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ | egrep status....overall....state...green' register: result diff --git a/roles/opensearch-dashboards/tasks/stop.yml b/roles/opensearch-dashboards/tasks/stop.yml new file mode 100644 index 0000000000000000000000000000000000000000..9b837b47c4507e6e4652827d2b53ede7f4bb4169 --- /dev/null +++ b/roles/opensearch-dashboards/tasks/stop.yml @@ -0,0 +1,5 @@ +--- + +- name: Stop Opensearch Dashboards + remote_user: root + command: "supervisorctl stop opensearch-dashboards" diff --git a/roles/opensearch-dashboards/tasks/update-config.yml b/roles/opensearch-dashboards/tasks/update-config.yml new file mode 100644 index 0000000000000000000000000000000000000000..0b394088fe6979a977156343b77d120f580002b7 --- /dev/null +++ b/roles/opensearch-dashboards/tasks/update-config.yml @@ -0,0 +1,25 @@ +--- + +- name: Configure Opensearch Dashboards properties + remote_user: dashboards + template: + src: "{{item}}.j2" + dest: "config/{{item}}" + with_items: + - opensearch_dashboards.yml + +- name: Generate configuration for thehive_button plugin + remote_user: dashboards + template: + src: files/env.js.j2 + dest: "/opt/opensearch-dashboards/plugins/thehive_button/public/env.js" + owner: dashboards + group: dashboards + + +- name: Copy opensearch-dashboards_graphs.ndjson to container + remote_user: dashboards + template: + src: "opensearch-dashboards_graphs.ndjson.j2" + dest: /tmp/opensearch-dashboards_graphs.ndjson + diff --git a/roles/odfekibana/templates/kibana_graphs.ndjson.j2 b/roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2 similarity index 100% rename from roles/odfekibana/templates/kibana_graphs.ndjson.j2 rename to roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2 diff --git a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 new file mode 100644 index 0000000000000000000000000000000000000000..7b389ad6b12c482dbad760c9d47d6d0a0dfb1829 --- /dev/null +++ b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 @@ -0,0 +1,201 @@ +--- +# Copyright OpenSearch Contributors +# SPDX-License-Identifier: Apache-2.0 + +# Description: +# Default configuration for OpenSearch Dashboards + +# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use. +# server.port: 5601 + +# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +# server.host: "localhost" +server.host: "{{inventory_hostname}}" + +# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +# server.basePath: "" + +# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +# server.maxPayloadBytes: 1048576 + +# The OpenSearch Dashboards server's name. This is used for display purposes. +# server.name: "your-hostname" +server.name: {{inventory_hostname}} + +# The URLs of the OpenSearch instances to use for all your queries. +# opensearch.hosts: ["http://localhost:9200"] +opensearch.hosts: ["https://{{groups['opensearchescontainers'][0]}}:9200","https://{{groups['opensearchescontainers'][1]}}:9200"] + +# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and +# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist. +# opensearchDashboards.index: ".opensearch_dashboards" + +# The default application to load. +# opensearchDashboards.defaultAppId: "home" + +# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck. +# This settings should be used for large clusters or for clusters with ingest heavy nodes. +# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes. +# +# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting +# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up +# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id: +# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here +# opensearch.optimizedHealthcheckId: "cluster_id" + +# If your OpenSearch is protected with basic authentication, these settings provide +# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards +# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which +# is proxied through the OpenSearch Dashboards server. +# opensearch.username: "opensearch_dashboards_system" +# opensearch.password: "pass" +opensearch.username: kibanaserver +opensearch.password: kibanaserver + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser. +# server.ssl.enabled: false +# server.ssl.certificate: /path/to/your/server.crt +# server.ssl.key: /path/to/your/server.key +server.ssl.enabled: true +server.ssl.key: /opt/opensearch-dashboards/config/{{inventory_hostname}}.key +server.ssl.certificate: /opt/opensearch-dashboards/config/{{inventory_hostname}}.crt + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when +# xpack.security.http.ssl.client_authentication in OpenSearch is set to required. +# opensearch.ssl.certificate: /path/to/your/client.crt +# opensearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your OpenSearch instance. +# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +# opensearch.ssl.verificationMode: full +opensearch.ssl.verificationMode: none + +# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of +# the opensearch.requestTimeout setting. +# opensearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or OpenSearch. This value +# must be a positive integer. +# opensearch.requestTimeout: 30000 + +# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side +# headers, set this value to [] (an empty list). +# opensearch.requestHeadersWhitelist: [ authorization ] +opensearch.requestHeadersWhitelist: [authorization, securitytenant] + +# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration. +# opensearch.customHeaders: {} + +# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable. +# opensearch.shardTimeout: 30000 + +# Logs queries sent to OpenSearch. Requires logging.verbose set to true. +# opensearch.logQueries: false + +# Specifies the path where OpenSearch Dashboards creates the process ID file. +# pid.file: /var/run/opensearchDashboards.pid +pid.file: {{inventory_hostname}}.pid + +# Enables you to specify a file where OpenSearch Dashboards stores log output. +# logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +# logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +# logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +# logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +# ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +# i18n.locale: "en" + +# Set the allowlist to check input graphite Url. Allowlist is the default check list. +# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite'] + +# Set the blocklist to check input graphite Url. Blocklist is an IP list. +# Below is an example for reference +# vis_type_timeline.graphiteBlockedIPs: [ +# //Loopback +# '127.0.0.0/8', +# '::1/128', +# //Link-local Address for IPv6 +# 'fe80::/10', +# //Private IP address for IPv4 +# '10.0.0.0/8', +# '172.16.0.0/12', +# '192.168.0.0/16', +# //Unique local address (ULA) +# 'fc00::/7', +# //Reserved IP address +# '0.0.0.0/8', +# '100.64.0.0/10', +# '192.0.0.0/24', +# '192.0.2.0/24', +# '198.18.0.0/15', +# '192.88.99.0/24', +# '198.51.100.0/24', +# '203.0.113.0/24', +# '224.0.0.0/4', +# '240.0.0.0/4', +# '255.255.255.255/32', +# '::/128', +# '2001:db8::/32', +# 'ff00::/8', +# ] +# vis_type_timeline.graphiteBlockedIPs: [] + +# opensearchDashboards.branding: +# logo: +# defaultUrl: "" +# darkModeUrl: "" +# mark: +# defaultUrl: "" +# darkModeUrl: "" +# loadingLogo: +# defaultUrl: "" +# darkModeUrl: "" +# faviconUrl: "" +# applicationTitle: "" + +# Set the value of this setting to true to capture region blocked warnings and errors +# for your map rendering services. +# map.showRegionBlockedWarning: false% + +opensearch_security.multitenancy.enabled: false +#opensearch_security.multitenancy.tenants.preferred: [Private, Global] +opensearch_security.readonly_mode.roles: [kibana_read_only] +# Use this setting if you are running opensearch-dashboards without https +opensearch_security.cookie.secure: true +opensearch_security.cookie.password: "{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearch-dashboards_cookiepassword length=32")}}" + +opensearch_security.auth.type: "openid" +opensearch_security.openid.connect_url: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration" +opensearch_security.openid.client_id: "soctools-opensearch-dashboards" +opensearch_security.openid.client_secret: "{{kibanasecret.value}}" +opensearch_security.openid.root_ca: "/opt/opensearch-dashboards/config/ca.crt" +opensearch_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601" + +opensearch_security.allow_client_certificates: true diff --git a/roles/odfekibana/templates/role.json.j2 b/roles/opensearch-dashboards/templates/role.json.j2 similarity index 100% rename from roles/odfekibana/templates/role.json.j2 rename to roles/opensearch-dashboards/templates/role.json.j2 diff --git a/roles/odfees/vars/main.yml b/roles/opensearch-dashboards/vars/main.yml similarity index 100% rename from roles/odfees/vars/main.yml rename to roles/opensearch-dashboards/vars/main.yml diff --git a/roles/odfekibana/defaults/main.yml b/roles/opensearches/defaults/main.yml similarity index 100% rename from roles/odfekibana/defaults/main.yml rename to roles/opensearches/defaults/main.yml diff --git a/roles/odfees/files/.empty b/roles/opensearches/files/.empty similarity index 100% rename from roles/odfees/files/.empty rename to roles/opensearches/files/.empty diff --git a/roles/odfekibana/handlers/main.yml b/roles/opensearches/handlers/main.yml similarity index 100% rename from roles/odfekibana/handlers/main.yml rename to roles/opensearches/handlers/main.yml diff --git a/roles/odfekibana/meta/main.yml b/roles/opensearches/meta/main.yml similarity index 100% rename from roles/odfekibana/meta/main.yml rename to roles/opensearches/meta/main.yml diff --git a/roles/opensearches/tasks/init.yml b/roles/opensearches/tasks/init.yml new file mode 100644 index 0000000000000000000000000000000000000000..a43335eabf971246ed8a74b865fbdf109199f568 --- /dev/null +++ b/roles/opensearches/tasks/init.yml @@ -0,0 +1,90 @@ +--- + +- name: Copy cacert to ca-trust dir + remote_user: root + copy: + src: "{{playbook_dir}}/secrets/CA/ca.crt" + dest: /etc/pki/ca-trust/source/anchors/ca.crt + +- name: Install cacert to root truststore + remote_user: root + command: "update-ca-trust" + +- name: Copy certificates in opensearch conf dir + remote_user: opensearch + copy: + src: "{{ item }}" + dest: "config/" + mode: 0600 + with_items: + - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12" + - "{{playbook_dir}}/secrets/CA/cacerts.jks" + - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12" + +- name: Configure opensearch properties + remote_user: opensearch + template: + src: "config/{{item}}.j2" + dest: "config/opensearch-security/{{item}}" + with_items: + - opensearch.yml + - jvm.options + - log4j2.properties + +- name: Change password for admin + remote_user: opensearch + command: "OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk bash ./plugins/opensearch-security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}" + register: adminhash + +- set_fact: + adminhashpwd: "{{ adminhash.stdout }}" + #adminhashpwd: "{{ hostvars[groups['opensearchescontainers'][0]]['adminhash.stdout'] }}" + remote_user: opensearch + +- name: Change password for cortex + remote_user: opensearch + # when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname" + command: "OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_opensearch')}}" + register: cortexhash + # when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname" + +- set_fact: + cortexhashpwd: "{{ cortexhash.stdout }}" + #adminhashpwd: "{{ hostvars[groups['opensearchescontainers'][0]]['adminhash.stdout'] }}" + remote_user: opensearch + +- name: Configure opensearch_security properties + remote_user: opensearch + template: + src: "securityconfig/{{item}}.j2" + dest: "plugins/opendistro_security/securityconfig/{{item}}" + with_items: + - internal_users.yml + - config.yml + - roles_mapping.yml + + +- name: Start opensearch + remote_user: root + command: "supervisorctl start opensearch" + +- name: Wait for OpenSearch + remote_user: root + wait_for: + host: "{{groups['opensearchescontainers'][0]}}" + port: 9200 + state: started + delay: 5 + +#- name: Configure Opensearch security +# remote_user: opensearch +# command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['opensearchescontainers'][0]}} -cd /usr/share/opensearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/opensearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/opensearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster" +# when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname" + +- name: Set Autostart for supervisord's services + remote_user: root + replace: + path: /etc/supervisord.conf + regexp: '^autostart=false$' + replace: 'autostart=true' + diff --git a/roles/odfees/tasks/main.yml b/roles/opensearches/tasks/main.yml similarity index 100% rename from roles/odfees/tasks/main.yml rename to roles/opensearches/tasks/main.yml diff --git a/roles/odfees/tasks/restart.yml b/roles/opensearches/tasks/restart.yml similarity index 65% rename from roles/odfees/tasks/restart.yml rename to roles/opensearches/tasks/restart.yml index 130f200cb0e139f54001e92ebb0bff025e803136..2d807326d01e9ace244af6d421632492ad505cc4 100644 --- a/roles/odfees/tasks/restart.yml +++ b/roles/opensearches/tasks/restart.yml @@ -2,12 +2,12 @@ - name: Restart OpenDistro for Elasticsearch remote_user: root - command: "supervisorctl restart odfe" + command: "supervisorctl restart opensearch" - name: Wait for ElasticSearch remote_user: root wait_for: - host: "{{groups['odfeescontainers'][0]}}" + host: "{{groups['opensearchescontainers'][0]}}" port: 9200 state: started delay: 5 diff --git a/roles/opensearches/tasks/start.yml b/roles/opensearches/tasks/start.yml new file mode 100644 index 0000000000000000000000000000000000000000..78f5e901d3edee18758108ceb567152d86dbbe35 --- /dev/null +++ b/roles/opensearches/tasks/start.yml @@ -0,0 +1,14 @@ +--- + +- name: Start OpenDistro for Opensearch + remote_user: root + command: "supervisorctl start opensearch" + +- name: Wait for OpenSearch + remote_user: root + wait_for: + host: "{{groups['opensearchescontainers'][0]}}" + port: 9200 + state: started + delay: 5 + diff --git a/roles/opensearches/tasks/stop.yml b/roles/opensearches/tasks/stop.yml new file mode 100644 index 0000000000000000000000000000000000000000..ef215d3c810bfbb1609efe9c38748718e590ec36 --- /dev/null +++ b/roles/opensearches/tasks/stop.yml @@ -0,0 +1,6 @@ +--- + +- name: Stop OpenDistro for Opensearch + remote_user: root + command: "supervisorctl stop opensearch" + diff --git a/roles/opensearches/tasks/update-config.yml b/roles/opensearches/tasks/update-config.yml new file mode 100644 index 0000000000000000000000000000000000000000..3d4e50310de4464eaa73f031d86d8e80d77aef48 --- /dev/null +++ b/roles/opensearches/tasks/update-config.yml @@ -0,0 +1,22 @@ +--- + +- name: Configure opensearch properties + remote_user: opensearch + template: + src: "config/{{item}}.j2" + dest: "config/{{item}}" + with_items: + - opensearch.yml + - jvm.options + - log4j2.properties + +- name: Configure opensearch_security properties + remote_user: opensearch + template: + src: "securityconfig/{{item}}.j2" + dest: "config/opensearch-security/{{item}}" + with_items: + - internal_users.yml + - config.yml + - roles_mapping.yml + diff --git a/roles/opensearches/templates/config/elasticsearch.yml.j2 b/roles/opensearches/templates/config/elasticsearch.yml.j2 new file mode 100644 index 0000000000000000000000000000000000000000..1b487fb8f8abad32933fb687017d87e87a3aa150 --- /dev/null +++ b/roles/opensearches/templates/config/elasticsearch.yml.j2 @@ -0,0 +1,56 @@ +cluster.name: "soctools-cluster" +path.logs: /opt/opensearch/logs +network.host: {{ inventory_hostname }} +http.port: 9200 +transport.port: 9300 + +discovery.seed_hosts: +{% for opensearches in groups['opensearchescontainers'] %} + - {{ opensearches }} +{% endfor %} + +cluster.initial_master_nodes: +{% for opensearches in groups['opensearchescontainers'] %} + - {{ opensearches }} +{% endfor %} + +cluster.initial_cluster_manager_nodes: +{% for opensearches in groups['opensearchescontainers'] %} + - {{ opensearches }} +{% endfor %} + +plugins.security.ssl.transport.keystore_type: pkcs12 +plugins.security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12 +plugins.security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}" + +plugins.security.ssl.transport.truststore_type: jks +plugins.security.ssl.transport.truststore_filepath: cacerts.jks +plugins.security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}" +plugins.security.ssl.transport.enforce_hostname_verification: false + +plugins.security.ssl.http.enabled: true +plugins.security.ssl.http.keystore_type: pkcs12 +plugins.security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12 +plugins.security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}" +plugins.security.ssl.http.truststore_type: jks +plugins.security.ssl.http.truststore_filepath: cacerts.jks +plugins.security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}" + +plugins.security.allow_unsafe_democertificates: true +plugins.security.allow_default_init_securityindex: true + +plugins.security.authcz.admin_dn: + - "{{soctools_users[0].DN}}" + +plugins.security.nodes_dn: +{% for opensearches in groups['opensearchescontainers'] %} + - "CN={{ opensearches }}" +{% endfor %} + +plugins.security.audit.type: internal_opensearch +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] +node.max_local_storage_nodes: 3 diff --git a/roles/opensearches/templates/config/jvm.options.j2 b/roles/opensearches/templates/config/jvm.options.j2 new file mode 100644 index 0000000000000000000000000000000000000000..4e8d95ab5ab8b4885c08d6e0f5f8a9873b9bfe51 --- /dev/null +++ b/roles/opensearches/templates/config/jvm.options.j2 @@ -0,0 +1,86 @@ +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://opensearch.org/docs/opensearch/install/important-settings/ +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms{{openserach_javamem}} +-Xmx{{openserach_javamem}} + +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +8-10:-XX:+UseConcMarkSweepGC +8-10:-XX:CMSInitiatingOccupancyFraction=75 +8-10:-XX:+UseCMSInitiatingOccupancyOnly + +## G1GC Configuration +# NOTE: G1 GC is only supported on JDK version 10 or later +# to use G1GC, uncomment the next two lines and update the version on the +# following three lines to your version of the JDK +# 10:-XX:-UseConcMarkSweepGC +# 10:-XX:-UseCMSInitiatingOccupancyOnly +11-:-XX:+UseG1GC +11-:-XX:G1ReservePercent=25 +11-:-XX:InitiatingHeapOccupancyPercent=30 + +## JVM temporary directory +-Djava.io.tmpdir=${OPENSEARCH_TMPDIR} + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +# specify an alternative path for heap dumps; ensure the directory exists and +# has sufficient space +-XX:HeapDumpPath=data + +# specify an alternative path for JVM fatal error logs +-XX:ErrorFile=logs/hs_err_pid%p.log + +## JDK 8 GC logging +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:logs/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m + +# JDK 9+ GC logging +9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m + +# Explicitly allow security manager (https://bugs.openjdk.java.net/browse/JDK-8270380) +18-:-Djava.security.manager=allow + +## OpenSearch Performance Analyzer +-Dclk.tck=100 +-Djdk.attach.allowAttachSelf=true +-Djava.security.policy=/opt/opensearch-2.3.0/config/opensearch-performance-analyzer/opensearch_security.policy +--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED diff --git a/roles/opensearches/templates/config/log4j2.properties.j2 b/roles/opensearches/templates/config/log4j2.properties.j2 new file mode 100644 index 0000000000000000000000000000000000000000..bb27aaf2e22e6fba3536773d285f4ac0c78b67fa --- /dev/null +++ b/roles/opensearches/templates/config/log4j2.properties.j2 @@ -0,0 +1,234 @@ +# +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. +# +# Modifications Copyright OpenSearch Contributors. See +# GitHub history for details. +# + +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +######## Server JSON ############################ +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_server.json +appender.rolling.filePermissions = rw-r----- +appender.rolling.layout.type = OpenSearchJsonLayout +appender.rolling.layout.type_name = server + +appender.rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true +appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling.policies.size.size = 128MB +appender.rolling.strategy.type = DefaultRolloverStrategy +appender.rolling.strategy.fileIndex = nomax +appender.rolling.strategy.action.type = Delete +appender.rolling.strategy.action.basepath = ${sys:opensearch.logs.base_path} +appender.rolling.strategy.action.condition.type = IfFileName +appender.rolling.strategy.action.condition.glob = ${sys:opensearch.logs.cluster_name}-* +appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ +######## Server - old style pattern ########### +appender.rolling_old.type = RollingFile +appender.rolling_old.name = rolling_old +appender.rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}.log +appender.rolling_old.filePermissions = rw-r----- +appender.rolling_old.layout.type = PatternLayout +appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz +appender.rolling_old.policies.type = Policies +appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling_old.policies.time.interval = 1 +appender.rolling_old.policies.time.modulate = true +appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling_old.policies.size.size = 128MB +appender.rolling_old.strategy.type = DefaultRolloverStrategy +appender.rolling_old.strategy.fileIndex = nomax +appender.rolling_old.strategy.action.type = Delete +appender.rolling_old.strategy.action.basepath = ${sys:opensearch.logs.base_path} +appender.rolling_old.strategy.action.condition.type = IfFileName +appender.rolling_old.strategy.action.condition.glob = ${sys:opensearch.logs.cluster_name}-* +appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling +rootLogger.appenderRef.rolling_old.ref = rolling_old + +######## Deprecation JSON ####################### +appender.deprecation_rolling.type = RollingFile +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_deprecation.json +appender.deprecation_rolling.filePermissions = rw-r----- +appender.deprecation_rolling.layout.type = OpenSearchJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation +appender.deprecation_rolling.layout.opensearchmessagefields=x-opaque-id +appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter + +appender.deprecation_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_deprecation-%i.json.gz +appender.deprecation_rolling.policies.type = Policies +appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.deprecation_rolling.policies.size.size = 1GB +appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +appender.deprecation_rolling.strategy.max = 4 + +appender.header_warning.type = HeaderWarningAppender +appender.header_warning.name = header_warning +################################################# +######## Deprecation - old style pattern ####### +appender.deprecation_rolling_old.type = RollingFile +appender.deprecation_rolling_old.name = deprecation_rolling_old +appender.deprecation_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_deprecation.log +appender.deprecation_rolling_old.filePermissions = rw-r----- +appender.deprecation_rolling_old.layout.type = PatternLayout +appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.deprecation_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _deprecation-%i.log.gz +appender.deprecation_rolling_old.policies.type = Policies +appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.deprecation_rolling_old.policies.size.size = 1GB +appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy +appender.deprecation_rolling_old.strategy.max = 4 +################################################# +logger.deprecation.name = org.opensearch.deprecation +logger.deprecation.level = deprecation +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old +logger.deprecation.appenderRef.header_warning.ref = header_warning +logger.deprecation.additivity = false + +######## Search slowlog JSON #################### +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs\ + .cluster_name}_index_search_slowlog.json +appender.index_search_slowlog_rolling.filePermissions = rw-r----- +appender.index_search_slowlog_rolling.layout.type = OpenSearchJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog +appender.index_search_slowlog_rolling.layout.opensearchmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id + +appender.index_search_slowlog_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs\ + .cluster_name}_index_search_slowlog-%i.json.gz +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.size.size = 1GB +appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_search_slowlog_rolling.strategy.max = 4 +################################################# +######## Search slowlog - old style pattern #### +appender.index_search_slowlog_rolling_old.type = RollingFile +appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old +appender.index_search_slowlog_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _index_search_slowlog.log +appender.index_search_slowlog_rolling_old.filePermissions = rw-r----- +appender.index_search_slowlog_rolling_old.layout.type = PatternLayout +appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.index_search_slowlog_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _index_search_slowlog-%i.log.gz +appender.index_search_slowlog_rolling_old.policies.type = Policies +appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.index_search_slowlog_rolling_old.policies.size.size = 1GB +appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy +appender.index_search_slowlog_rolling_old.strategy.max = 4 +################################################# +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old +logger.index_search_slowlog_rolling.additivity = false + +######## Indexing slowlog JSON ################## +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _index_indexing_slowlog.json +appender.index_indexing_slowlog_rolling.filePermissions = rw-r----- +appender.index_indexing_slowlog_rolling.layout.type = OpenSearchJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog +appender.index_indexing_slowlog_rolling.layout.opensearchmessagefields=message,took,took_millis,doc_type,id,routing,source + +appender.index_indexing_slowlog_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _index_indexing_slowlog-%i.json.gz +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.size.size = 1GB +appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_indexing_slowlog_rolling.strategy.max = 4 +################################################# +######## Indexing slowlog - old style pattern ## +appender.index_indexing_slowlog_rolling_old.type = RollingFile +appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old +appender.index_indexing_slowlog_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _index_indexing_slowlog.log +appender.index_indexing_slowlog_rolling_old.filePermissions = rw-r----- +appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout +appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\ + _index_indexing_slowlog-%i.log.gz +appender.index_indexing_slowlog_rolling_old.policies.type = Policies +appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB +appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy +appender.index_indexing_slowlog_rolling_old.strategy.max = 4 +################################################# + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old +logger.index_indexing_slowlog.additivity = false + +######## Task details log JSON #################### +appender.task_detailslog_rolling.type = RollingFile +appender.task_detailslog_rolling.name = task_detailslog_rolling +appender.task_detailslog_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog.json +appender.task_detailslog_rolling.filePermissions = rw-r----- +appender.task_detailslog_rolling.layout.type = OpenSearchJsonLayout +appender.task_detailslog_rolling.layout.type_name = task_detailslog +appender.task_detailslog_rolling.layout.opensearchmessagefields=taskId,type,action,description,start_time_millis,resource_stats,metadata + +appender.task_detailslog_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog-%i.json.gz +appender.task_detailslog_rolling.policies.type = Policies +appender.task_detailslog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.task_detailslog_rolling.policies.size.size = 1GB +appender.task_detailslog_rolling.strategy.type = DefaultRolloverStrategy +appender.task_detailslog_rolling.strategy.max = 4 +################################################# +######## Task details log - old style pattern #### +appender.task_detailslog_rolling_old.type = RollingFile +appender.task_detailslog_rolling_old.name = task_detailslog_rolling_old +appender.task_detailslog_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog.log +appender.task_detailslog_rolling_old.filePermissions = rw-r----- +appender.task_detailslog_rolling_old.layout.type = PatternLayout +appender.task_detailslog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.task_detailslog_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog-%i.log.gz +appender.task_detailslog_rolling_old.policies.type = Policies +appender.task_detailslog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.task_detailslog_rolling_old.policies.size.size = 1GB +appender.task_detailslog_rolling_old.strategy.type = DefaultRolloverStrategy +appender.task_detailslog_rolling_old.strategy.max = 4 +################################################# +logger.task_detailslog_rolling.name = task.detailslog +logger.task_detailslog_rolling.level = trace +logger.task_detailslog_rolling.appenderRef.task_detailslog_rolling.ref = task_detailslog_rolling +logger.task_detailslog_rolling.appenderRef.task_detailslog_rolling_old.ref = task_detailslog_rolling_old +logger.task_detailslog_rolling.additivity = false diff --git a/roles/odfees/templates/securityconfig/action_groups.yml b/roles/opensearches/templates/securityconfig/action_groups.yml similarity index 100% rename from roles/odfees/templates/securityconfig/action_groups.yml rename to roles/opensearches/templates/securityconfig/action_groups.yml diff --git a/roles/odfees/templates/securityconfig/config.yml.j2 b/roles/opensearches/templates/securityconfig/config.yml.j2 similarity index 98% rename from roles/odfees/templates/securityconfig/config.yml.j2 rename to roles/opensearches/templates/securityconfig/config.yml.j2 index 49368676333bb6153b32e988dcd9bd60764426b2..f4449c962c961b554359ff27938c2bf8d9f50b1f 100644 --- a/roles/odfees/templates/securityconfig/config.yml.j2 +++ b/roles/opensearches/templates/securityconfig/config.yml.j2 @@ -1,6 +1,6 @@ --- -# This is the main Open Distro Security configuration file where authentication +# This is the main OpenSearch Security configuration file where authentication # and authorization is defined. # # You need to configure at least one authentication domain in the authc of this file. @@ -114,12 +114,12 @@ config: type: openid challenge: false config: - subject_key: {{openid_subjkey}} + subject_key: {{openid_subjkey}} roles_key: roles openid_connect_url: https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration enable_ssl: true verify_hostnames: false - pemtrustedcas_filepath: "/usr/share/elasticsearch/config/{{ca_cn}}.crt" + pemtrustedcas_filepath: "/opt/opensearch/config/{{ca_cn}}.crt" authentication_backend: type: noop proxy_auth_domain: diff --git a/roles/odfees/templates/securityconfig/elasticsearch.yml.example b/roles/opensearches/templates/securityconfig/elasticsearch.yml.example similarity index 100% rename from roles/odfees/templates/securityconfig/elasticsearch.yml.example rename to roles/opensearches/templates/securityconfig/elasticsearch.yml.example diff --git a/roles/odfees/templates/securityconfig/internal_users.yml.j2 b/roles/opensearches/templates/securityconfig/internal_users.yml.j2 similarity index 66% rename from roles/odfees/templates/securityconfig/internal_users.yml.j2 rename to roles/opensearches/templates/securityconfig/internal_users.yml.j2 index 8b16954ae73b49503bbf0f03e6c7b53f2bfa9675..2d35e93a638062e86c563065916d99373b901517 100644 --- a/roles/odfees/templates/securityconfig/internal_users.yml.j2 +++ b/roles/opensearches/templates/securityconfig/internal_users.yml.j2 @@ -23,13 +23,20 @@ cortex: backend_roles: - "admin" # - "own_index" -# - "readall" - description: "Cortex user" +# # - "readall" +# description: "Cortex user" + +anomalyadmin: + hash: "$2y$12$TRwAAJgnNo67w3rVUz4FIeLx9Dy/llB79zf9I15CKJ9vkM4ZzAd3." + reserved: false + opendistro_security_roles: + - "anomaly_full_access" + description: "Demo anomaly admin user, using internal role" kibanaserver: hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." reserved: true - description: "Demo kibanaserver user" + description: "Demo OpenSearch Dashboards user" kibanaro: hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" @@ -41,25 +48,25 @@ kibanaro: attribute1: "value1" attribute2: "value2" attribute3: "value3" - description: "Demo kibanaro user" + description: "Demo OpenSearch Dashboards read only user, using external role mapping" logstash: hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" reserved: false backend_roles: - "logstash" - description: "Demo logstash user" + description: "Demo logstash user, using external role mapping" readall: hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" reserved: false backend_roles: - "readall" - description: "Demo readall user" + description: "Demo readall user, using external role mapping" snapshotrestore: hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" reserved: false backend_roles: - "snapshotrestore" - description: "Demo snapshotrestore user" + description: "Demo snapshotrestore user, using external role mapping" diff --git a/roles/odfees/templates/securityconfig/roles.yml b/roles/opensearches/templates/securityconfig/roles.yml similarity index 100% rename from roles/odfees/templates/securityconfig/roles.yml rename to roles/opensearches/templates/securityconfig/roles.yml diff --git a/roles/odfees/templates/securityconfig/roles_mapping.yml.j2 b/roles/opensearches/templates/securityconfig/roles_mapping.yml.j2 similarity index 83% rename from roles/odfees/templates/securityconfig/roles_mapping.yml.j2 rename to roles/opensearches/templates/securityconfig/roles_mapping.yml.j2 index e044f14621d63c43a135c56ce3cd6883939ebc8e..dd80b581a4a35c7365ac287e5e9257db4b62d04b 100644 --- a/roles/odfees/templates/securityconfig/roles_mapping.yml.j2 +++ b/roles/opensearches/templates/securityconfig/roles_mapping.yml.j2 @@ -1,6 +1,6 @@ --- -# In this file users, backendroles and hosts can be mapped to Open Distro Security roles. -# Permissions for Opendistro roles are configured in roles.yml +# In this file users, backendroles and hosts can be mapped to Security roles. +# Permissions for OpenSearch roles are configured in roles.yml _meta: type: "rolesmapping" diff --git a/roles/odfees/templates/securityconfig/tenants.yml b/roles/opensearches/templates/securityconfig/tenants.yml similarity index 100% rename from roles/odfees/templates/securityconfig/tenants.yml rename to roles/opensearches/templates/securityconfig/tenants.yml diff --git a/roles/odfekibana/vars/main.yml b/roles/opensearches/vars/main.yml similarity index 100% rename from roles/odfekibana/vars/main.yml rename to roles/opensearches/vars/main.yml diff --git a/soctools.yml b/soctools.yml index 4636ad1cde4f44f262b00adbdd3bbc03afb35a4d..f8391c1ff4409a51c1f265a3ac3f1a48630902a0 100644 --- a/soctools.yml +++ b/soctools.yml @@ -10,19 +10,19 @@ - name: Start soctools cluster import_playbook: startsoctools.yml - when: "'start' in ansible_run_tags or 'config' in ansible_run_tags or 'start-thehive' in ansible_run_tags or 'start-keycloak' in ansible_run_tags or 'start-cortex' in ansible_run_tags or 'start-haproxy' in ansible_run_tags or 'start-cassandra' in ansible_run_tags or 'start-filebeat' in ansible_run_tags or 'start-misp' in ansible_run_tags or 'start-mysql' in ansible_run_tags or 'start-nifi' in ansible_run_tags or 'start-odfees' in ansible_run_tags or 'start-odfekibana' in ansible_run_tags" + when: "'start' in ansible_run_tags or 'config' in ansible_run_tags or 'start-thehive' in ansible_run_tags or 'start-keycloak' in ansible_run_tags or 'start-cortex' in ansible_run_tags or 'start-haproxy' in ansible_run_tags or 'start-cassandra' in ansible_run_tags or 'start-filebeat' in ansible_run_tags or 'start-misp' in ansible_run_tags or 'start-mysql' in ansible_run_tags or 'start-nifi' in ansible_run_tags or 'start-opensearches' in ansible_run_tags or 'start-opensearch-dashboards' in ansible_run_tags" - name: Stop soctools cluster import_playbook: stopsoctools.yml - when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-odfees' in ansible_run_tags or 'stop-odfekibana' in ansible_run_tags" + when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-opensearches' in ansible_run_tags or 'stop-opensearch-dashboards' in ansible_run_tags" - name: Update soctools cluster configs import_playbook: update-config-soctools.yml - when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config-acl' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-odfees-config' in ansible_run_tags or 'update-odfekibana-config' in ansible_run_tags" + when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config-acl' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-opensearches-config' in ansible_run_tags or 'update-opensearch-dashboards-config' in ansible_run_tags" - name: restart soctools cluster servics import_playbook: restart-soctools.yml - when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags" + when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-opensearches' in ansible_run_tags or 'restart-opensearch-dashboards' in ansible_run_tags" - name: create thehive users import_playbook: create-thehive-users.yml diff --git a/startsoctools.yml b/startsoctools.yml index 2549876244bc4783a447f474c7a2a13a2a6c0313..a0cc41a02357d71ca487104e15e926c2bf427df6 100644 --- a/startsoctools.yml +++ b/startsoctools.yml @@ -40,13 +40,13 @@ roles: - cortex -- name: Start OpenDistro for Elasticsearch - hosts: odfeescontainers +- name: Start Opensearch + hosts: opensearchescontainers roles: - - odfees + - opensearches -- name: Start OpenDistro Kibana for Elasticsearch - hosts: odfekibanacontainers +- name: Start Opensearch Kibana + hosts: opensearchdashboardscontainers roles: - - odfekibana + - opensearch-dashboards diff --git a/stopsoctools.yml b/stopsoctools.yml index 8d28f6ed69ef08c23a008b8c36c653f811ec5783..e50ada3c82bc02ffb7b9ec0aea2916d679e4899f 100644 --- a/stopsoctools.yml +++ b/stopsoctools.yml @@ -45,12 +45,12 @@ roles: - cortex -- name: Stop OpenDistro for Elasticsearch - hosts: odfeescontainers +- name: Stop Opensearch + hosts: opensearchescontainers roles: - - odfees + - opensearches -- name: Stop OpenDistro Kibana for Elasticsearch - hosts: odfekibanacontainers +- name: Stop Opensearch + hosts: opensearchdashboardscontainers roles: - - odfekibana + - opensearch-dashboards diff --git a/update-config-soctools.yml b/update-config-soctools.yml index 138f664fee2eb1a9d882a7ebf0b8f9e390bb1e72..742adee110d2637265b1bca12cd21bc9aed8f28f 100644 --- a/update-config-soctools.yml +++ b/update-config-soctools.yml @@ -25,15 +25,15 @@ roles: - nifi -- name: Update Configs for OpenDistro for Elasticsearch - hosts: odfeescontainers +- name: Update Configs for Opensearch + hosts: opensearchescontainers roles: - - odfees + - opensearches -- name: Update Configs for OpenDistro Kibana for Elasticsearch - hosts: odfekibanacontainers +- name: Update Configs for Opensearch Kibana + hosts: opensearchdashboardscontainers roles: - - odfekibana + - opensearch-dashboards - name: Update Configs for MISP hosts: mispcontainers diff --git a/utils/flow2template.py b/utils/flow2template.py index b2018328c6ccf5d7c53bf75645c3f44122cc4ba2..3a6f1fe83f34afcd67d67c84de0fd3ab06e3ca39 100755 --- a/utils/flow2template.py +++ b/utils/flow2template.py @@ -23,7 +23,7 @@ for v in et.findall(".//variable"): elif a['name']=="elastic_username": a['value']="{{ elastic_username }}" elif a['name']=="elastic_password": - a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" + a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}" for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"): v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"