remove role logic

salt/ca/remove.sls

@@ -1,5 +1,3 @@
-{% if grains.role in ['so-helix', 'so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import' ] %}
-
 pki_private_key:
   file.absent:
     - name: /etc/pki/ca.key
@@ -8,15 +6,6 @@ pki_public_ca_crt:
   file.absent:
     - name: /etc/pki/ca.crt
 
-{% else %}
-
-not_a_ca:
-  test.succeed_without_changes:
-    - name: no_ca
-    - comment: "Not a CA, so no CA to remove."
-
-{% endif %}
-
 remove_ca-certificates.crt:
   file.absent:
     - name: /etc/ssl/certs/ca-certificates.crt

salt/ssl/remove.sls

@@ -1,23 +1,7 @@
-# Trust the CA
 trusttheca:
   file.absent:
     - name: /etc/ssl/certs/intca.crt
 
-removefbcertdir:
-  file.absent:
-    - name: /etc/pki/filebeat.crt 
-    - onlyif: "[ -d /etc/pki/filebeat.crt ]"
-
-removefbp8dir:
-  file.absent:
-    - name: /etc/pki/filebeat.p8 
-    - onlyif: "[ -d /etc/pki/filebeat.p8 ]"
-
-removeesp12dir:
-  file.absent:
-    - name: /etc/pki/elasticsearch.p12
-    - onlyif: "[ -d /etc/pki/elasticsearch.p12 ]"
-    
 influxdb_key:
   file.absent:
     - name: /etc/pki/influxdb.key
@@ -26,7 +10,6 @@ influxdb_crt:
   file.absent:
     - name: /etc/pki/influxdb.crt
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
 redis_key:
   file.absent:
     - name: /etc/pki/redis.key
@@ -34,9 +17,7 @@ redis_key:
 redis_crt:
   file.absent:
     - name: /etc/pki/redis.crt
-{% endif %}
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
 etc_filebeat_key:
   file.absent:
     - name: /etc/pki/filebeat.key
@@ -45,7 +26,6 @@ etc_filebeat_crt:
   file.absent:
     - name: /etc/pki/filebeat.crt
 
-  {% if grains.role not in ['so-heavynode', 'so-receiver'] %}
 filebeatdir:
   file.absent:
     - name: /opt/so/saltstack/local/salt/filebeat/files
@@ -58,9 +38,6 @@ registry_crt:
   file.absent:
     - name: /etc/pki/registry.crt
 
-  {% endif %}
-
-  {% if grains.role not in ['so-receiver'] %}
 /etc/pki/elasticsearch.key:
   file.absent: []
 
@@ -79,8 +56,6 @@ managerssl_crt:
   file.absent:
     - name: /etc/pki/managerssl.crt
 
-  {% endif %}
-
 fleet_key:
   file.absent:
     - name: /etc/pki/fleet.key
@@ -89,17 +64,9 @@ fleet_crt:
   file.absent:
     - name: /etc/pki/fleet.crt
 
-{% endif %}
-
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import', 'so-receiver'] %}
-   
 fbcertdir:
   file.absent:
     - name: /opt/so/conf/filebeat/etc/pki
-    
-{% endif %}
-
-{% if grains['role'] == 'so-fleet' %}
 
 managerssl_key:
   file.absent:
@@ -117,10 +84,6 @@ fleet_crt:
   file.absent:
     - name: /etc/pki/fleet.crt
 
-{% endif %}
-
-{% if grains['role'] == 'so-node' %}
-
 /etc/pki/elasticsearch.key:
   file.absent: []
 
@@ -130,5 +93,3 @@ fleet_crt:
 remove_elastic.p12:
   file.absent:
     - name: /etc/pki/elasticsearch.p12
-
-{%- endif %}

setup/so-functions

@@ -2091,8 +2091,8 @@ reinstall_init() {
 			done
 		done
 
-		logCmd "salt-call state.apply ca.remove -linfo --local"
-		logCmd "salt-call state.apply ssl.remove -linfo --local"
+		logCmd "salt-call state.apply ca.remove -linfo --local --file-root=../salt"
+		logCmd "salt-call state.apply ssl.remove -linfo --local --file-root=../salt"
 
 		# Remove all salt configs
 		rm -rf /etc/salt/engines/* /etc/salt/grains /etc/salt/master /etc/salt/master.d/* /etc/salt/minion /etc/salt/minion.d/* /etc/salt/pki/* /etc/salt/proxy /etc/salt/proxy.d/* /var/cache/salt/