CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

move cacertz and capemz to ssl state

Browse Source
This commit is contained in:
m0duspwnens
2023-05-09 12:16:18 -04:00
parent 9d6fb98e3b
commit 6909d3ed14
2 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/ca/init.sls
View File

@@ -58,22 +58,6 @@ cakeyperms:
- mode: 640
- group: 939
{% if grains.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
cacertz:
file.managed:
- name: /opt/so/conf/ca/cacerts
- source: salt://common/cacerts
- user: 939
- group: 939
capemz:
file.managed:
- name: /opt/so/conf/ca/tls-ca-bundle.pem
- source: salt://common/tls-ca-bundle.pem
- user: 939
- group: 939
{% endif %}
{% else %}
{{sls}}_state_not_allowed:

16
salt/ssl/init.sls
View File

@@ -35,6 +35,22 @@ include:
{% set ca_server = global_ca_server[0] %}
{% endif %}
{% if grains.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-searchnode'] %}
cacertz:
file.managed:
- name: /opt/so/conf/ca/cacerts
- source: salt://common/cacerts
- user: 939
- group: 939
capemz:
file.managed:
- name: /opt/so/conf/ca/tls-ca-bundle.pem
- source: salt://common/tls-ca-bundle.pem
- user: 939
- group: 939
{% endif %}
# Trust the CA
trusttheca:
x509.pem_managed: