Switch to java key store

2025-12-07 17:52:46 +01:00 · 2021-01-21 12:29:45 -05:00
parent bb523c44e6
commit 9759990233
1 changed files with 14 additions and 6 deletions
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -29,15 +29,23 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98%
 #xpack.security.http.ssl.enabled: false
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: none
-xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
+xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
+xpack.security.transport.ssl.keystore.password: changeit
+xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts
+xpack.security.transport.ssl.truststore.password: changeit
+#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+#xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
 {%- if grains['role'] in ['so-node','so-heavynode'] %}
 xpack.security.http.ssl.enabled: true
-xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
 xpack.security.http.ssl.client_authentication: none
+xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
+xpack.security.http.ssl.keystore.password: changeit
+xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts
+xpack.security.http.ssl.truststore.password: changeit
+#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
 {%- endif %}
 #xpack.security.authc:
 #  anonymous: