From 0b956c90176edef6b5af9404f07d368277ae0b28 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 16 Jul 2018 12:10:22 -0400
Subject: [PATCH] Filebeat Module - Rework Certs

---
 salt/filebeat/init.sls | 16 ++++++++--------
 salt/ssl/init.sls      | 16 ++++++++++++++++
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 5dc537f6d..7574095dc 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -30,15 +30,15 @@ filebeatconfsync:
     - group: 0
     - template: jinja
 
-filebeatcrt:
-  file.managed:
-    - name: /opt/so/conf/filebeat/etc/pki/filebeat.crt
-    - source: salt://filebeat/files/filebeat.crt
+#filebeatcrt:
+#  file.managed:
+#    - name: /opt/so/conf/filebeat/etc/pki/filebeat.crt
+#    - source: salt://filebeat/files/filebeat.crt
 
-filebeatkey:
-  file.managed:
-    - name: /opt/so/conf/filebeat/etc/pki/filebeat.key
-    - source: salt://filebeat/files/filebeat.key
+#filebeatkey:
+#  file.managed:
+#    - name: /opt/so/conf/filebeat/etc/pki/filebeat.key
+#    - source: salt://filebeat/files/filebeat.key
 
 
 so-filebeat:
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 97f57d514..086ddb263 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -61,4 +61,20 @@ fbcrtlink:
         bits: 4096
         backup: True
 
+{% endif %}
+{% if grains['role'] == 'so-sensor' %}
+# Request a cert and drop it where it needs to go to be distributed
+/opt/so/conf/filebeat/etc/pki/filebeat.crt:
+  x509.certificate_managed:
+    - ca_server: {{ master }}
+    - signing_policy: filebeat
+    - public_key: /opt/so/conf/filebeat/etc/pki/filebeat.key
+    - CN: {{ master }}
+    - days_remaining: 3000
+    - backup: True
+    - managed_private_key:
+        name: /opt/so/conf/filebeat/etc/pki/filebeat.key
+        bits: 4096
+        backup: True
+
 {% endif %}
\ No newline at end of file