dont need the unless for ssl since using x509v2 now

2025-12-07 17:52:46 +01:00 · 2023-06-28 15:06:13 -04:00
parent eeaf077baf
commit 34db6fb823
1 changed files with 0 additions and 50 deletions
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -76,12 +76,6 @@ influxdb_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/influxdb.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -121,12 +115,6 @@ redis_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/redis.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -169,12 +157,6 @@ etc_elasticfleet_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticfleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -250,12 +232,6 @@ etc_elasticfleetlogstash_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -359,12 +335,6 @@ etc_filebeat_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -436,10 +406,6 @@ registry_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/registry.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry:
        attempts: 5
@@ -478,12 +444,6 @@ regkeyperms:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -545,12 +505,6 @@ conf_filebeat_crt:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /opt/so/conf/filebeat/etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
    - timeout: 30
    - retry:
        attempts: 5
@@ -605,10 +559,6 @@ chownfilebeatp8:
    - days_remaining: 0
    - days_valid: 820
    - backup: True
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry:
        attempts: 5