From 1234cbd04bfc285717b2578b28ff61acbdc75b0a Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Tue, 20 Jan 2026 09:30:32 -0500 Subject: [PATCH 1/4] allow logstash.ssl on so-eval --- salt/allowed_states.map.jinja | 3 ++- salt/logstash/ssl.sls | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index f887d9dfc..07725ef2f 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -73,7 +73,8 @@ 'so-eval': ( manager_states + sensor_states + - elastic_stack_states | reject('equalto', 'logstash') | list + elastic_stack_states | reject('equalto', 'logstash') | list + + ['logstash.ssl'] ), 'so-heavynode': ( sensor_states + diff --git a/salt/logstash/ssl.sls b/salt/logstash/ssl.sls index cb987221a..935088e30 100644 --- a/salt/logstash/ssl.sls +++ b/salt/logstash/ssl.sls @@ -4,7 +4,7 @@ # Elastic License 2.0. {% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls.split('.')[0] in allowed_states %} +{% if sls in allowed_states or sls.split('.')[0] in allowed_states %} {% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %} {% from 'ca/map.jinja' import CA %} From f6e95c17a0d5f86e8fe55f7e70c6a5086387c0da Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Tue, 20 Jan 2026 11:55:57 -0500 Subject: [PATCH 2/4] need to create_ca_pillar for 210 not 220 --- salt/manager/tools/sbin/soup | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index de2bec441..c01a267bf 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -680,11 +680,6 @@ post_to_2.4.210() { POSTVERSION=2.4.210 } -post_to_2.4.220() { - echo "Nothing to apply" - POSTVERSION=2.4.220 -} - repo_sync() { echo "Sync the local repo." su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync." @@ -968,14 +963,9 @@ up_to_2.4.201() { up_to_2.4.210() { # Elastic Update for this release, so download Elastic Agent files determine_elastic_agent_upgrade - - INSTALLEDVERSION=2.4.210 -} - -up_to_2.4.220() { create_ca_pillar - INSTALLEDVERSION=2.4.220 + INSTALLEDVERSION=2.4.210 } add_hydra_pillars() { From f6bde3eb0445db1c1e2db6b1217461b9472b2275 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Tue, 20 Jan 2026 11:56:31 -0500 Subject: [PATCH 3/4] remove double logging --- salt/common/tools/sbin/so-common | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 93a34fdf1..9e98204a1 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -560,29 +560,32 @@ wait_for_salt_minion() { local logfile="${4:-'/dev/stdout'}" local elapsed=0 - echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting for salt-minion '$minion' to be ready..." | tee -a "$logfile" + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting for salt-minion '$minion' to be ready..." while [ $elapsed -lt $max_wait ]; do # Check if service is running + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Check if salt-minion service is running" if ! systemctl is-active --quiet salt-minion; then - echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion service not running (elapsed: ${elapsed}s)" | tee -a "$logfile" + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion service not running (elapsed: ${elapsed}s)" sleep $interval elapsed=$((elapsed + interval)) continue fi - + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion service is running" + # Check if minion responds to ping + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Check if $minion responds to ping" if salt "$minion" test.ping --timeout=3 --out=json 2>> "$logfile" | grep -q "true"; then - echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion '$minion' is connected and ready!" | tee -a "$logfile" + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion '$minion' is connected and ready!" return 0 fi - echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting... (${elapsed}s / ${max_wait}s)" | tee -a "$logfile" + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting... (${elapsed}s / ${max_wait}s)" sleep $interval elapsed=$((elapsed + interval)) done - echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - ERROR: salt-minion '$minion' not ready after $max_wait seconds" | tee -a "$logfile" + echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - ERROR: salt-minion '$minion' not ready after $max_wait seconds" return 1 } From 627f0c2bccec6d88bb143cd9f9269591c939f5b8 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Tue, 20 Jan 2026 11:58:31 -0500 Subject: [PATCH 4/4] allow logstash.ssl state for so-import --- salt/allowed_states.map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 07725ef2f..959902241 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -86,7 +86,7 @@ 'so-import': ( manager_states + sensor_states | reject('equalto', 'strelka') | reject('equalto', 'healthcheck') | list + - ['elasticsearch', 'elasticsearch.auth', 'kibana', 'kibana.secrets', 'strelka.manager'] + ['elasticsearch', 'elasticsearch.auth', 'kibana', 'kibana.secrets', 'logstash.ssl', 'strelka.manager'] ), 'so-manager': ( manager_states +