ssl things for so-receiver

2025-12-06 09:12:45 +01:00 · 2021-12-08 09:08:46 -05:00
parent c80059efb0
commit 1ef63f3a23
2 changed files with 6 additions and 2 deletions
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -46,7 +46,9 @@

 include:
  - ssl
+{% if grains.role not in ['so-receiver'] %}
  - elasticsearch
+{% endif %}

 # Create the logstash group
 logstashgroup:
@@ -210,8 +212,10 @@ so-logstash:
  {% else %}
      - x509: pki_public_ca_crt
  {% endif %}
+  {% if grains.role not in ['so-receiver'] %}
      - file: cacertz
      - file: capemz
+  {% endif %}

 append_so-logstash_so-status.conf:
  file.append:
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -115,7 +115,7 @@ influxkeyperms:
    - mode: 640
    - group: 939

-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
 # Create a cert for Redis encryption
 redis_key:
  x509.private_key_managed:
@@ -484,7 +484,7 @@ fleetkeyperms:
    - group: 939

 {% endif %}
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import', 'so-receiver'] %}
   
 fbcertdir:
  file.directory: