Merge branch 'development' of github.com:redBorder/cookbook-rb-manage…

…r into improvement/#19123_mcli_replicate
redBorder · Nov 12, 2024 · 034a663 · 034a663
2 parents b4abc7a + 4127d34
commit 034a663
Show file tree

Hide file tree

Showing 9 changed files with 137 additions and 25 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,60 @@
 cookbook-rb-manager CHANGELOG
 ===============
 
+## 4.4.6
+
+  - Miguel Álvarez
+    - [7930ce6] Make same check for logstatter and logstash to configure
+
+## 4.4.5
+
+  - Daniel Castro
+    - [77547bd] create sudoers file before redborder-monitor install
+
+## 4.4.4
+
+  - ptorresred
+    - [80dda4a] Redmine #19198: Change vault priority default filter
+
+## 4.4.3
+
+  - Juan Soto
+    - [da722bb] Create and pass split_intrusion variables to logstash config (#216)
+
+## 4.4.2
+
+  - jnavarrorb
+    - [72d2b00] Fix sensors info with all sensors (proxy childs too)
+    - [87628c7] Fix parent_id to real_parent_id
+    - [060f5d9] Fix open kafka port for all IPS
+    - [a9a3efe] check if redborder_parent_id is nil or sensor at redborder_parent_id is not a proxy
+
+## 4.4.1
+
+  - JuanSheba
+    - [8e22478] Add creation of the logrotate file with the template
+    - [77bbbfb] Create Template
+
+## 4.4.0
+
+  - Miguel Negrón
+    - [48ee415] Merge pull request #232 from redBorder/bugfix/#18169_rename_pmacctd_to_sfacctd_service
+
+## 4.3.0
+
+  - Miguel Negron
+    - [8c6f578] Add rb-workers to service list
+
+## 4.2.0
+
+  - manegron
+    - [90d4ca5] fix attribute
+
+## 4.1.0
+
+  - Miguel Negrón
+    - [cdc5848] Merge pull request #221 from redBorder/feature/#18816_Split_Filter_Incident_Priority
+
 ## 4.0.2
 
   - Miguel Negron

diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb
@@ -4,6 +4,8 @@
 default['redborder']['organizations'] = []
 default['redborder']['locations'] = %w(namespace namespace_uuid organization organization_uuid service_provider service_provider_uuid deployment deployment_uuid market market_uuid campus campus_uuid building building_uuid floor floor_uuid)
 default['redborder']['sso_enabled'] = '0'
+default['redborder']['repo'] = {}
+default['redborder']['repo']['version'] = nil
 
 # s3
 default['redborder']['uploaded_s3'] = false
@@ -29,6 +31,7 @@
 # webui
 default['redborder']['webui']['port'] = 8001
 default['redborder']['webui']['hosts'] = []
+default['redborder']['webui']['version'] = nil
 
 # memcached
 default['redborder']['memcached']['elasticache'] = false
@@ -98,9 +101,9 @@
 
 # geoip has been removed because is not a service
 default['redborder']['services_group']['full'] = %w(consul chef-server zookeeper memcached rsyslog kafka logstash s3
-                                                    postgresql redborder-postgresql nginx webui druid-broker
+                                                    postgresql redborder-postgresql nginx webui rb-workers druid-broker
                                                     druid-historical druid-realtime druid-coordinator f2k
-                                                    redborder-monitor pmacct redborder-dswatcher mongodb
+                                                    redborder-monitor sfacctd redborder-dswatcher mongodb
                                                     redborder-events-counter http2k redborder-mem2incident)
 
 default['redborder']['services_group']['custom'] = %w(consul)
@@ -111,7 +114,7 @@
 default['redborder']['services_group']['middlemanager'] = %w(consul druid-middlemanager)
 default['redborder']['services_group']['broker'] = %w(consul druid-broker)
 default['redborder']['services_group']['http2k'] = %w(consul http2k)
-default['redborder']['services_group']['webui'] = %w(consul nginx webui)
+default['redborder']['services_group']['webui'] = %w(consul nginx webui rb-workers)
 default['redborder']['services_group']['f2k'] = %w(consul f2k)
 default['redborder']['services_group']['s3'] = %w(consul nginx s3)
 default['redborder']['services_group']['postgresql'] = %w(consul postgresql redborder-postgresql)
@@ -136,13 +139,14 @@
 default['redborder']['services']['mongodb']                   = false
 default['redborder']['services']['n2klocd']                   = false
 default['redborder']['services']['nginx']                     = false
-default['redborder']['services']['pmacct']                    = false
+default['redborder']['services']['sfacct']                    = false
 default['redborder']['services']['postfix']                   = true
 default['redborder']['services']['postgresql']                = false
 default['redborder']['services']['radiusd']                   = false
 default['redborder']['services']['rb-aioutliers']             = false
 default['redborder']['services']['rb-arubacentral']           = false
 default['redborder']['services']['rb-logstatter']             = true
+default['redborder']['services']['rb-workers']                = false
 default['redborder']['services']['redborder-ai']              = false
 default['redborder']['services']['redborder-ale']             = false
 default['redborder']['services']['redborder-cep']             = false
@@ -178,13 +182,14 @@
 default['redborder']['systemdservices']['mongodb']                  = ['mongod']
 default['redborder']['systemdservices']['n2klocd']                  = ['n2klocd']
 default['redborder']['systemdservices']['nginx']                    = ['nginx']
-default['redborder']['systemdservices']['pmacct']                   = ['sfacctd']
+default['redborder']['systemdservices']['sfacctd']                  = ['sfacctd']
 default['redborder']['systemdservices']['postfix']                  = ['postfix']
 default['redborder']['systemdservices']['postgresql']               = ['postgresql']
 default['redborder']['systemdservices']['radiusd']                  = ['radiusd']
 default['redborder']['systemdservices']['rb-aioutliers']            = ['rb-aioutliers']
 default['redborder']['systemdservices']['rb-arubacentral']          = ['rb-arubacentral']
 default['redborder']['systemdservices']['rb-logstatter']            = ['rb-logstatter']
+default['redborder']['systemdservices']['rb-workers']               = ['rb-workers']
 default['redborder']['systemdservices']['redborder-ai']             = ['redborder-ai']
 default['redborder']['systemdservices']['redborder-ale']            = ['redborder-ale']
 default['redborder']['systemdservices']['redborder-cep']            = ['redborder-cep']
@@ -217,4 +222,7 @@
 
 # redborder-ai
 default['redborder']['redborder-ai']['cpus'] = '0'
-default['redborder']['incidents_priority_filter'] = 'high'
+
+# Priority Filter
+default['redborder']['intrusion_incidents_priority_filter'] = 'high'
+default['redborder']['vault_incidents_priority_filter'] = 'error'
diff --git a/resources/libraries/get_sensors_all_info.rb b/resources/libraries/get_sensors_all_info.rb
@@ -5,10 +5,13 @@ def get_sensors_all_info
       sensor_types = %w(ips-sensor ipsv2-sensor ipscp-sensor ipsg-sensor vault-sensor flow-sensor arubacentral-sensor mse-sensor meraki-sensor cisco-cloudproxy proxy-sensor scanner-sensor mse-sensor meraki-sensor ale-sensor cep-sensor device-sensor)
 
       sensor_types.each do |s_type|
-        sensors = search(:node, "role:#{s_type} AND -redborder_parent_id:*?").sort  # get sensor where parent_id is nil
+        sensors = search(:node, "role:#{s_type}").sort  # get all s_type's sensor
 
         sensors_info[s_type] = []
-        sensors.each { |s| sensors_info[s_type] << s }
+
+        sensors.each do |sensor|
+          sensors_info[s_type] << sensor
+        end
       end
 
       sensors_info

diff --git a/resources/libraries/get_sensors_info.rb b/resources/libraries/get_sensors_info.rb
@@ -7,8 +7,8 @@ def get_sensors_info
                         ips-sensor ipsv2-sensor ipscp-sensor ipsg-sensor)
       locations = node['redborder']['locations']
       sensor_types.each do |s_type|
-        # get sensor where parent_id is nil
-        sensors = search(:node, "role:#{s_type} AND -redborder_parent_id:*?").sort
+        # get all s_type's sensor
+        sensors = search(:node, "role:#{s_type}").sort
         sensors_info[s_type] = {}
         sensors.each do |s|
           info = {}
@@ -27,6 +27,7 @@ def get_sensors_info
 
             info['locations'][loc] = s['redborder'][loc]
           end
+
           sensors_info[s_type][s.name] = info
         end
       end

diff --git a/resources/libraries/open_kafka_port.rb b/resources/libraries/open_kafka_port.rb
@@ -2,7 +2,7 @@ module RbManager
   module Helpers
     def get_ip_of_manager_ips
       # IPS in manager mode has the role ips-sensor
-      sensors = search(:node, 'role:ips-sensor AND -redborder_parent_id:*?').sort
+      sensors = search(:node, 'role:ips-sensor').sort
       sensors.map { |s| { ipaddress: s['ipaddress'] } }
     end
 

diff --git a/resources/metadata.rb b/resources/metadata.rb
@@ -5,7 +5,7 @@
 maintainer_email '[email protected]'
 license          'AGPL-3.0'
 description      'Installs/Configures redborder manager'
-version          '4.0.2'
+version          '4.4.6'
 
 depends 'rb-common'
 depends 'chef-server'

diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb
@@ -34,6 +34,15 @@
   end
 end
 
+# Sudoers
+template '/etc/sudoers.d/redborder-manager' do
+  source 'redborder-manager.erb'
+  owner 'root'
+  group 'root'
+  mode '0440'
+  retries 2
+end
+
 consul_config 'Configure Consul Server' do
   cdomain node['redborder']['cdomain']
   dns_local_ip node['consul']['dns_local_ip']
@@ -314,6 +323,8 @@
     memory_kb node['redborder']['memory_services']['webui']['memory']
     cdomain node['redborder']['cdomain']
     port node['redborder']['webui']['port']
+    webui_version node['redborder']['webui']['version']
+    redborder_version node['redborder']['repo']['version']
     action [:add, :register, :configure_rsa]
   else
     action [:remove, :deregister]
@@ -368,10 +379,20 @@
   end
 end
 
-pmacct_config 'Configure pmacct' do
-  if manager_services['pmacct']
+if manager_services['sfacctd'] &&
+   node.run_state['virtual_ips'] &&
+   node.run_state['virtual_ips']['external'] &&
+   node.run_state['virtual_ips']['external']['sfacctd'] &&
+   node.run_state['virtual_ips']['external']['sfacctd']['ip']
+
+  sfacctd_ip = '0.0.0.0'
+end
+
+pmacct_config 'Configure pmacct (sfacctd)' do
+  if manager_services['sfacctd']
     sensors node.run_state['sensors_info']['flow-sensor']
     kafka_hosts node['redborder']['managers_per_services']['kafka']
+    sfacctd_ip sfacctd_ip || node['ipaddress']
     action [:add, :register]
   else
     action [:remove, :deregister]
@@ -389,6 +410,14 @@
   end
 end
 
+if manager_services['logstash']
+  begin
+    split_intrusion = data_bag_item('rBglobal', 'splitintrusion')['logstash']
+  rescue
+    split_intrusion = false
+  end
+end
+
 logstash_config 'Configure logstash' do
   if manager_services['logstash'] && node.run_state['pipelines'] && !node.run_state['pipelines'].empty?
     cdomain node['redborder']['cdomain']
@@ -398,9 +427,11 @@
     proxy_nodes node.run_state['sensors_info_all']['proxy-sensor']
     scanner_nodes node.run_state['sensors_info_all']['scanner-sensor']
     device_nodes node.run_state['sensors_info_all']['device-sensor']
-    incidents_priority_filter node['redborder']['incidents_priority_filter']
+    intrusion_incidents_priority_filter node['redborder']['intrusion_incidents_priority_filter']
+    vault_incidents_priority_filter node['redborder']['vault_incidents_priority_filter']
     logstash_pipelines node.run_state['pipelines']
     split_traffic_logstash split_traffic
+    split_intrusion_logstash split_intrusion
     action [:add, :register]
   else
     action [:remove, :deregister]
@@ -469,7 +500,7 @@
 end
 
 rblogstatter_config 'Configure redborder-logstatter' do
-  if manager_services['rb-logstatter']
+  if manager_services['rb-logstatter'] && manager_services['logstash'] && node.run_state['pipelines'] && !node.run_state['pipelines'].empty?
     action :add
   else
     action :remove
@@ -644,15 +675,6 @@
   end
 end
 
-# Sudoers
-template '/etc/sudoers.d/redborder-manager' do
-  source 'redborder-manager.erb'
-  owner 'root'
-  group 'root'
-  mode '0440'
-  retries 2
-end
-
 # Pending Changes..
 # pending_changes==0 -> has changes to apply at next chef-client run
 #  pending_changes==1 -> chef-client has to run once

diff --git a/resources/recipes/prepare_system.rb b/resources/recipes/prepare_system.rb
@@ -50,6 +50,14 @@
             options: node['chef-client']['options'])
 end
 
+template '/etc/logrotate.d/logstash' do
+  source 'logstash_log-rotate.erb'
+  owner 'root'
+  group 'root'
+  mode 0644
+  retries 2
+end
+
 service 'chef-client' do
   if node['redborder']['services']['chef-client'] && node.run_state['cluster_installed']
     action [:enable, :start]

diff --git a/resources/templates/default/logstash_log-rotate.erb b/resources/templates/default/logstash_log-rotate.erb
@@ -0,0 +1,16 @@
+###############################################################################
+# Generated by Chef for <%= node[:hostname] %>
+###############################################################################
+
+/var/log/logstash/*.log {
+    size=20M
+    missingok
+    rotate 5
+    compress
+    delaycompress
+    notifempty
+    copytruncate
+    postrotate
+        rm -f /var/log/logstash/*.gz > /dev/null
+    endscript
+}