Skip to content
Snippets Groups Projects
Commit c3a9086e authored by Temur Maisuradze's avatar Temur Maisuradze
Browse files

Merge branch 'opensearch' into 'master'

Migrate from ODFE to OpenSearch

See merge request !5
parents 9b5cda32 d1bd7371
Branches
No related tags found
1 merge request!5Migrate from ODFE to OpenSearch
File moved
...@@ -10,19 +10,19 @@ ...@@ -10,19 +10,19 @@
- name: Start soctools cluster - name: Start soctools cluster
import_playbook: startsoctools.yml import_playbook: startsoctools.yml
when: "'start' in ansible_run_tags or 'config' in ansible_run_tags or 'start-thehive' in ansible_run_tags or 'start-keycloak' in ansible_run_tags or 'start-cortex' in ansible_run_tags or 'start-haproxy' in ansible_run_tags or 'start-cassandra' in ansible_run_tags or 'start-filebeat' in ansible_run_tags or 'start-misp' in ansible_run_tags or 'start-mysql' in ansible_run_tags or 'start-nifi' in ansible_run_tags or 'start-odfees' in ansible_run_tags or 'start-odfekibana' in ansible_run_tags" when: "'start' in ansible_run_tags or 'config' in ansible_run_tags or 'start-thehive' in ansible_run_tags or 'start-keycloak' in ansible_run_tags or 'start-cortex' in ansible_run_tags or 'start-haproxy' in ansible_run_tags or 'start-cassandra' in ansible_run_tags or 'start-filebeat' in ansible_run_tags or 'start-misp' in ansible_run_tags or 'start-mysql' in ansible_run_tags or 'start-nifi' in ansible_run_tags or 'start-opensearches' in ansible_run_tags or 'start-opensearch-dashboards' in ansible_run_tags"
- name: Stop soctools cluster - name: Stop soctools cluster
import_playbook: stopsoctools.yml import_playbook: stopsoctools.yml
when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-odfees' in ansible_run_tags or 'stop-odfekibana' in ansible_run_tags" when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-opensearches' in ansible_run_tags or 'stop-opensearch-dashboards' in ansible_run_tags"
- name: Update soctools cluster configs - name: Update soctools cluster configs
import_playbook: update-config-soctools.yml import_playbook: update-config-soctools.yml
when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config-acl' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-odfees-config' in ansible_run_tags or 'update-odfekibana-config' in ansible_run_tags" when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config-acl' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-opensearches-config' in ansible_run_tags or 'update-opensearch-dashboards-config' in ansible_run_tags"
- name: restart soctools cluster servics - name: restart soctools cluster servics
import_playbook: restart-soctools.yml import_playbook: restart-soctools.yml
when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags" when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-opensearches' in ansible_run_tags or 'restart-opensearch-dashboards' in ansible_run_tags"
- name: create thehive users - name: create thehive users
import_playbook: create-thehive-users.yml import_playbook: create-thehive-users.yml
......
...@@ -40,13 +40,13 @@ ...@@ -40,13 +40,13 @@
roles: roles:
- cortex - cortex
- name: Start OpenDistro for Elasticsearch - name: Start Opensearch
hosts: odfeescontainers hosts: opensearchescontainers
roles: roles:
- odfees - opensearches
- name: Start OpenDistro Kibana for Elasticsearch - name: Start Opensearch dashboards
hosts: odfekibanacontainers hosts: opensearchdashboardscontainers
roles: roles:
- odfekibana - opensearch-dashboards
...@@ -45,12 +45,12 @@ ...@@ -45,12 +45,12 @@
roles: roles:
- cortex - cortex
- name: Stop OpenDistro for Elasticsearch - name: Stop Opensearch
hosts: odfeescontainers hosts: opensearchescontainers
roles: roles:
- odfees - opensearches
- name: Stop OpenDistro Kibana for Elasticsearch - name: Stop Opensearch
hosts: odfekibanacontainers hosts: opensearchdashboardscontainers
roles: roles:
- odfekibana - opensearch-dashboards
...@@ -25,15 +25,15 @@ ...@@ -25,15 +25,15 @@
roles: roles:
- nifi - nifi
- name: Update Configs for OpenDistro for Elasticsearch - name: Update Configs for Opensearch
hosts: odfeescontainers hosts: opensearchescontainers
roles: roles:
- odfees - opensearches
- name: Update Configs for OpenDistro Kibana for Elasticsearch - name: Update Configs for Opensearch Kibana
hosts: odfekibanacontainers hosts: opensearchdashboardscontainers
roles: roles:
- odfekibana - opensearch-dashboards
- name: Update Configs for MISP - name: Update Configs for MISP
hosts: mispcontainers hosts: mispcontainers
......
...@@ -23,7 +23,7 @@ for v in et.findall(".//variable"): ...@@ -23,7 +23,7 @@ for v in et.findall(".//variable"):
elif a['name']=="elastic_username": elif a['name']=="elastic_username":
a['value']="{{ elastic_username }}" a['value']="{{ elastic_username }}"
elif a['name']=="elastic_password": elif a['name']=="elastic_password":
a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}"
for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"): for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"):
v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}" v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
......
#!/usr/bin/env python #!/usr/bin/env python
# Get exported objects from OpenSearch dashobards (menu - Stack management - Saved objects - Export all)
# and convert them to a template to be put into:
# roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2
import argparse,re import argparse,re
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument("graphsfile", help="input kibana_graphs.ndjson file") parser.add_argument("graphsfile", help="input *.ndjson file")
parser.add_argument("templatefile", help="output template file") parser.add_argument("templatefile", help="output template file")
args = parser.parse_args() args = parser.parse_args()
...@@ -11,8 +14,8 @@ r=open(args.graphsfile,"r") ...@@ -11,8 +14,8 @@ r=open(args.graphsfile,"r")
w=open(args.templatefile,"w") w=open(args.templatefile,"w")
for line in r: for line in r:
line=re.sub(r'(^.*thehive_button.*url\\":[^"].")[^\\"]*(.*apikey\\":[^"]*")[^\\"]*(.*owner\\":[^"]*")[^\\"]*(.*$)',"\g<1>https://{{soctoolsproxy}}:9000\g<2>{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\g<3>{{THEHIVE_KIBANA_USER.username}}\g<4>",line) #line=re.sub(r'(^.*thehive_button.*url\\":[^"].")[^\\"]*(.*apikey\\":[^"]*")[^\\"]*(.*owner\\":[^"]*")[^\\"]*(.*$)',"\g<1>https://{{soctoolsproxy}}:9000\g<2>{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\g<3>{{THEHIVE_KIBANA_USER.username}}\g<4>",line)
line=re.sub(r"(^.*)https:\/\/[^\/]*(.*destination\.ip_misp\.keyword.*$)","\g<1>{{misp_url}}\g<2>",line) line=re.sub(r"https://[^:]*:","https://{{soctoolsproxy}}:",line)
w.write(line) w.write(line)
r.close() r.close()
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment