jruby ssl fun

2025-12-06 09:12:45 +01:00 · 2020-08-07 23:28:58 -04:00
parent 62a6f29c96
commit 5525e235d1
5 changed files with 2019 additions and 176 deletions
--- a/salt/elasticsearch/files/scripts/so-catrust
+++ b/salt/elasticsearch/files/scripts/so-catrust
@@ -22,7 +22,11 @@
 if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
    docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt
    docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/java/cacerts /opt/so/saltstack/local/salt/common/cacerts
+    docker cp so-elasticsearchca:/etc/pki/tls/certs/ca-bundle.crt /opt/so/saltstack/local/salt/common/ca-bundle.crt
    docker rm so-elasticsearchca
+    echo "" >> /opt/so/saltstack/local/salt/common/ca-bundle.crt
+    echo "sosca" >> /opt/so/saltstack/local/salt/common/ca-bundle.crt
+    echo /etc/pki/ca.crt >> /opt/so/saltstack/local/salt/common/ca-bundle.crt
 else
    exit 0
 fi
--- a/salt/firewall/portgroups.yaml
+++ b/salt/firewall/portgroups.yaml
@@ -64,6 +64,7 @@ firewall:
      redis:
        tcp:
          - 6379
+          - 6380
      salt_manager:
        tcp:
          - 4505
--- a/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
@@ -3,11 +3,13 @@
 output {
 	redis {
 		host => '{{ MANAGER }}'
+		port => 6380
 		data_type => 'list'
 		key => 'logstash:unparsed'
 		congestion_interval => 1
 		congestion_threshold => 50000000
 		batch => true
 		batch_events => {{ BATCH }}
+		ssl => true
 	}
 }
--- a/salt/redis/etc/redis.conf
+++ b/salt/redis/etc/redis.conf
--- a/salt/redis/etc/redis.conf.5
+++ b/salt/redis/etc/redis.conf.5