Fix filebeat certs

2025-12-06 17:22:49 +01:00 · 2020-08-19 13:35:58 -04:00
parent bf84822d36
commit 6edf1c14f8
1 changed files with 14 additions and 2 deletions
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -368,7 +368,18 @@ fleetkeyperms:
    - group: 939

 {% endif %}
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
+
+removefbcertdir:
+  file.absent:
+    - name: /etc/pki/filebeat.crt 
+    - onlyif: "[ -d /etc/pki/filebeat.crt ]"
+
+removefbcertdir:
+  file.absent:
+    - name: /etc/pki/filebeat.p8 
+    - onlyif: "[ -d /etc/pki/filebeat.p8 ]"
+      

 fbcertdir:
  file.directory:
@@ -505,7 +516,7 @@ fleetkeyperms:

 {% endif %}

-{% if grains['role'] in ['so-node', 'so-heavynode'] %}
+{% if grains['role'] in ['so-searchnode', 'so-heavynode'] %}
 # Create a cert for elasticsearch
 /etc/pki/elasticsearch.key:
  x509.private_key_managed:
@@ -551,4 +562,5 @@ elastickeyperms:
    - name: /etc/pki/elasticsearch.key
    - mode: 640
    - group: 930
+
 {%- endif %}