jruby ssl fun

salt/elasticsearch/files/scripts/so-catrust

@@ -22,7 +22,11 @@
 if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
     docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt
     docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/java/cacerts /opt/so/saltstack/local/salt/common/cacerts
+    docker cp so-elasticsearchca:/etc/pki/tls/certs/ca-bundle.crt /opt/so/saltstack/local/salt/common/ca-bundle.crt
     docker rm so-elasticsearchca
+    echo "" >> /opt/so/saltstack/local/salt/common/ca-bundle.crt
+    echo "sosca" >> /opt/so/saltstack/local/salt/common/ca-bundle.crt
+    echo /etc/pki/ca.crt >> /opt/so/saltstack/local/salt/common/ca-bundle.crt
 else
     exit 0
 fi

salt/firewall/portgroups.yaml

@@ -64,6 +64,7 @@ firewall:
       redis:
         tcp:
           - 6379
+          - 6380
       salt_manager:
         tcp:
           - 4505

salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja

@@ -3,11 +3,13 @@
 output {
 	redis {
 		host => '{{ MANAGER }}'
+		port => 6380
 		data_type => 'list'
 		key => 'logstash:unparsed'
 		congestion_interval => 1
 		congestion_threshold => 50000000
 		batch => true
 		batch_events => {{ BATCH }}
+		ssl => true
 	}
 }