From 5ee6f38980b26bbac3466fb11d609804c7ee198a Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 4 Jun 2018 11:11:17 -0400
Subject: [PATCH] Master Module - Add certs for Docker Registry

---
 salt/master/files/registry/config.yml | 3 +++
 salt/ssl/init.sls                     | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/salt/master/files/registry/config.yml b/salt/master/files/registry/config.yml
index dab819df7..4233e0bff 100644
--- a/salt/master/files/registry/config.yml
+++ b/salt/master/files/registry/config.yml
@@ -11,6 +11,9 @@ http:
   addr: :5000
   headers:
     X-Content-Type-Options: [nosniff]
+  tls:
+    certificate: /etc/pki/registry.crt
+    key: /etc/pki/registry.key
 health:
   storagedriver:
     enabled: true
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 2b717e588..d7799d286 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -7,6 +7,7 @@
   x509.pem_managed:
     - text:  {{ salt['mine.get'](master, 'x509.get_pem_entries')[master]['/etc/pki/ca.crt']|replace('\n', '') }}
 
+{% if grains['role'] == 'so-master' %}
 # Request a cert and drop it where it needs to go to be distributed
 /etc/pki/filebeat.crt:
   x509.certificate_managed:
@@ -35,4 +36,6 @@
     - managed_private_key:
         name: /etc/pki/registry.key
         bits: 4096
-        backup: True
\ No newline at end of file
+        backup: True
+
+{% endif %}
\ No newline at end of file