From a31d61e151513f546079a7986e8a0ac8468e5976 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 14 Dec 2021 16:43:04 -0500
Subject: [PATCH] handle ca for redis

---
 salt/redis/init.sls | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index d52c49d5b..6b893fbf8 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -66,7 +66,11 @@ so-redis:
       - /opt/so/conf/redis/working:/redis:rw
       - /etc/pki/redis.crt:/certs/redis.crt:ro
       - /etc/pki/redis.key:/certs/redis.key:ro
+  {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - /etc/pki/ca.crt:/certs/ca.crt:ro
+  {% else %}
+      - /etc/ssl/certs/intca.crt:/certs/ca.crt:ro
+  {% endif %}
     - entrypoint: "redis-server /usr/local/etc/redis/redis.conf"
     - watch:
       - file: /opt/so/conf/redis/etc
@@ -74,7 +78,11 @@ so-redis:
       - file: redisconf
       - x509: redis_crt
       - x509: redis_key
+  {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - x509: pki_public_ca_crt
+  {% else %}
+      - x509: trusttheca
+  {% endif %}
 
 append_so-redis_so-status.conf:
   file.append: