From a43fb293fc6dba64dbc08beece3ed093c147aa30 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 26 Jan 2022 10:26:52 -0500 Subject: [PATCH] remove role logic --- salt/ca/remove.sls | 11 ----------- salt/ssl/remove.sls | 39 --------------------------------------- setup/so-functions | 4 ++-- 3 files changed, 2 insertions(+), 52 deletions(-) diff --git a/salt/ca/remove.sls b/salt/ca/remove.sls index aad7b4d4f..0fd8cbd9f 100644 --- a/salt/ca/remove.sls +++ b/salt/ca/remove.sls @@ -1,5 +1,3 @@ -{% if grains.role in ['so-helix', 'so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import' ] %} - pki_private_key: file.absent: - name: /etc/pki/ca.key @@ -8,15 +6,6 @@ pki_public_ca_crt: file.absent: - name: /etc/pki/ca.crt -{% else %} - -not_a_ca: - test.succeed_without_changes: - - name: no_ca - - comment: "Not a CA, so no CA to remove." - -{% endif %} - remove_ca-certificates.crt: file.absent: - name: /etc/ssl/certs/ca-certificates.crt diff --git a/salt/ssl/remove.sls b/salt/ssl/remove.sls index 87e10a4ed..1e84ac5cd 100644 --- a/salt/ssl/remove.sls +++ b/salt/ssl/remove.sls @@ -1,23 +1,7 @@ -# Trust the CA trusttheca: file.absent: - name: /etc/ssl/certs/intca.crt -removefbcertdir: - file.absent: - - name: /etc/pki/filebeat.crt - - onlyif: "[ -d /etc/pki/filebeat.crt ]" - -removefbp8dir: - file.absent: - - name: /etc/pki/filebeat.p8 - - onlyif: "[ -d /etc/pki/filebeat.p8 ]" - -removeesp12dir: - file.absent: - - name: /etc/pki/elasticsearch.p12 - - onlyif: "[ -d /etc/pki/elasticsearch.p12 ]" - influxdb_key: file.absent: - name: /etc/pki/influxdb.key @@ -26,7 +10,6 @@ influxdb_crt: file.absent: - name: /etc/pki/influxdb.crt -{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %} redis_key: file.absent: - name: /etc/pki/redis.key @@ -34,9 +17,7 @@ redis_key: redis_crt: file.absent: - name: /etc/pki/redis.crt -{% endif %} -{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} etc_filebeat_key: file.absent: - name: /etc/pki/filebeat.key @@ -45,7 +26,6 @@ etc_filebeat_crt: file.absent: - name: /etc/pki/filebeat.crt - {% if grains.role not in ['so-heavynode', 'so-receiver'] %} filebeatdir: file.absent: - name: /opt/so/saltstack/local/salt/filebeat/files @@ -58,9 +38,6 @@ registry_crt: file.absent: - name: /etc/pki/registry.crt - {% endif %} - - {% if grains.role not in ['so-receiver'] %} /etc/pki/elasticsearch.key: file.absent: [] @@ -79,8 +56,6 @@ managerssl_crt: file.absent: - name: /etc/pki/managerssl.crt - {% endif %} - fleet_key: file.absent: - name: /etc/pki/fleet.key @@ -89,17 +64,9 @@ fleet_crt: file.absent: - name: /etc/pki/fleet.crt -{% endif %} - -{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import', 'so-receiver'] %} - fbcertdir: file.absent: - name: /opt/so/conf/filebeat/etc/pki - -{% endif %} - -{% if grains['role'] == 'so-fleet' %} managerssl_key: file.absent: @@ -117,10 +84,6 @@ fleet_crt: file.absent: - name: /etc/pki/fleet.crt -{% endif %} - -{% if grains['role'] == 'so-node' %} - /etc/pki/elasticsearch.key: file.absent: [] @@ -130,5 +93,3 @@ fleet_crt: remove_elastic.p12: file.absent: - name: /etc/pki/elasticsearch.p12 - -{%- endif %} diff --git a/setup/so-functions b/setup/so-functions index 8b0bf8119..996620336 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2091,8 +2091,8 @@ reinstall_init() { done done - logCmd "salt-call state.apply ca.remove -linfo --local" - logCmd "salt-call state.apply ssl.remove -linfo --local" + logCmd "salt-call state.apply ca.remove -linfo --local --file-root=../salt" + logCmd "salt-call state.apply ssl.remove -linfo --local --file-root=../salt" # Remove all salt configs rm -rf /etc/salt/engines/* /etc/salt/grains /etc/salt/master /etc/salt/master.d/* /etc/salt/minion /etc/salt/minion.d/* /etc/salt/pki/* /etc/salt/proxy /etc/salt/proxy.d/* /var/cache/salt/