Merge remote-tracking branch 'remotes/origin/dev' into fix/so-status-import-node

salt/common/tools/sbin/so-image-common

@@ -84,11 +84,13 @@ container_list() {
     TRUSTED_CONTAINERS=(
       "so-filebeat"
       "so-idstools"
+      "so-elasticsearch"
       "so-logstash"
       "so-nginx"
       "so-redis"
       "so-steno"
       "so-suricata"
+      "so-soc"
       "so-telegraf"
       "so-zeek" 
     )

salt/elasticsearch/files/scripts/so-catrust

@@ -18,6 +18,10 @@
 {%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {%- set MANAGER = salt['grains.get']('master') %}
 . /usr/sbin/so-common
+
+# Exit on errors, since all lines must succeed
+set -e
+
 # Check to see if we have extracted the ca cert.
 if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
     docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt

salt/telegraf/init.sls

@@ -48,6 +48,7 @@ so-telegraf:
       - HOST_ETC=/host/etc
       - HOST_SYS=/host/sys
       - HOST_MOUNT_PREFIX=/host
+      - GODEBUG=x509ignoreCN=0
     - network_mode: host
     - binds:
       - /opt/so/log/telegraf:/var/log/telegraf:rw
@@ -84,4 +85,4 @@ telegraf_state_not_allowed:
   test.fail_without_changes:
     - name: telegraf_state_not_allowed
 
-{% endif %}
+{% endif %}