From 6edf1c14f8bc6f97c6a7ce01f4c2d73b5e33a6bc Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 19 Aug 2020 13:35:58 -0400
Subject: [PATCH] Fix filebeat certs

---
 salt/ssl/init.sls | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 393d3a2b7..a2c1d6e39 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -368,7 +368,18 @@ fleetkeyperms:
     - group: 939
 
 {% endif %}
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
+
+removefbcertdir:
+  file.absent:
+    - name: /etc/pki/filebeat.crt 
+    - onlyif: "[ -d /etc/pki/filebeat.crt ]"
+
+removefbcertdir:
+  file.absent:
+    - name: /etc/pki/filebeat.p8 
+    - onlyif: "[ -d /etc/pki/filebeat.p8 ]"
+      
 
 fbcertdir:
   file.directory:
@@ -505,7 +516,7 @@ fleetkeyperms:
 
 {% endif %}
 
-{% if grains['role'] in ['so-node', 'so-heavynode'] %}
+{% if grains['role'] in ['so-searchnode', 'so-heavynode'] %}
 # Create a cert for elasticsearch
 /etc/pki/elasticsearch.key:
   x509.private_key_managed:
@@ -551,4 +562,5 @@ elastickeyperms:
     - name: /etc/pki/elasticsearch.key
     - mode: 640
     - group: 930
+
 {%- endif %}