Make https default for all things

salt/elasticsearch/files/elasticsearch.yml

@@ -31,7 +31,6 @@ xpack.security.transport.ssl.verification_mode: none
 xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
 xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
 xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
-{%- if grains['role'] in ['so-node','so-heavynode'] %}
 xpack.security.http.ssl.enabled: true
 xpack.security.http.ssl.client_authentication: none
 xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
@@ -42,7 +41,6 @@ xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config
 #    username: anonymous_user
 #    roles: superuser
 #    authz_exception: true
-{%- endif %}
 node.name: {{ grains.host }}
 script.max_compilations_rate: 1000/1m
 {%- if TRUECLUSTER is sameas true %}

salt/elasticsearch/files/sotls.yml

@@ -1,17 +0,0 @@
-keystore.path: /usr/share/elasticsearch/config/sokeys
-keystore.password: changeit 
-keystore.algorithm: SunX509
-truststore.path: /etc/pki/java/cacerts
-truststore.password: changeit
-truststore.algorithm: PKIX
-protocols:
-- TLSv1.2
-ciphers:
-- TLS_RSA_WITH_AES_128_CBC_SHA256
-- TLS_RSA_WITH_AES_256_GCM_SHA384
-transport.encrypted: true
-{%- if grains['role'] in ['so-node','so-heavynode'] %}
-http.encrypted: true
-{%- else %}
-http.encrypted: false
-{%- endif %}