CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

sync cacerts

Browse Source
This commit is contained in:
Mike Reeves
2020-08-07 22:39:29 -04:00
parent 952234446f
commit 0d66e32305
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
salt/elasticsearch/init.sls
View File

@@ -40,6 +40,7 @@ vm.max_map_count:
- value: 262144 - value: 262144
{% if ismanager %} {% if ismanager %}
# We have to add the Manager CA to the CA list
cascriptsync: cascriptsync:
file.managed: file.managed:
- name: /usr/sbin/so-catrust - name: /usr/sbin/so-catrust
@@ -51,6 +52,21 @@ cascriptsync:
{% endif %} {% endif %}
# Move our new CA over so Elastic and Logstash can use SSL with the internal CA
catrustdir:
file.directory:
- name: /opt/so/conf/ca
- user: 939
- group: 939
- makedirs: True
cacertz:
file.managed:
- name: /opt/so/conf/ca/cacerts
- source: salt://common/cacerts
- user: 939
- group: 939
# Add ES Group # Add ES Group
elasticsearchgroup: elasticsearchgroup:
group.present: group.present:
@@ -163,6 +179,10 @@ so-elasticsearch:
- /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
- /nsm/elasticsearch:/usr/share/elasticsearch/data:rw - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
- /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
- /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
- watch:
- file: cacertz
so-elasticsearch-pipelines-file: so-elasticsearch-pipelines-file:
file.managed: file.managed: