From 652a0d0592bfa8517c11876e1e63c05cee5bbf37 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Thu, 24 May 2018 11:23:05 -0400
Subject: [PATCH] Setup - Add peer config to the master config

---
 files/master      | 4 ++++
 salt/ca/init.sls  | 2 +-
 salt/ssl/init.sls | 4 ++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/files/master b/files/master
index 2f55d1837..25252da0c 100644
--- a/files/master
+++ b/files/master
@@ -53,3 +53,7 @@ file_roots:
 pillar_roots:
   base:
     - /opt/so/saltstack/pillar
+
+peer:
+  .*:
+    - x509.sign_remote_certificate
diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index fa7a7e15e..1f3b405ef 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -15,7 +15,7 @@ pki_private_key:
         - passphrase:
         - cipher: aes_256_cbc
         - backup: True
-        
+
 /etc/pki/ca.crt:
   x509.certificate_managed:
     - signing_private_key: /etc/pki/ca.key
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 0d42d7eb2..5476815e8 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -4,12 +4,12 @@
 
 /usr/local/share/ca-certificates/intca.crt:
   x509.pem_managed:
-    - text: {{ salt['mine.get']('ca', 'x509.get_pem_entries')['ca']['/etc/pki/ca.crt']|replace('\n', '') }}
+    - text: {{ salt['mine.get']('master', 'x509.get_pem_entries')['ca']['/etc/pki/ca.crt']|replace('\n', '') }}
 
 # Request a cert and drop it where it needs to go to be distributed
 /etc/pki/filebeat.crt:
   x509.certificate_managed:
-    - ca_server: ca
+    - ca_server: ca.example.com
     - signing_policy: filebeat
     - public_key: /etc/pki/filebeat.key
     - CN: security.onion