diff --git a/salt/elasticagent/enabled.sls b/salt/elasticagent/enabled.sls index ee4b1d2be..4c00920ac 100644 --- a/salt/elasticagent/enabled.sls +++ b/salt/elasticagent/enabled.sls @@ -33,19 +33,22 @@ so-elastic-agent: {% endif %} - binds: - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro + - /etc/pki/tls/certs/intca.crt:/etc/pki/tls/certs/intca.crt:ro - /nsm:/nsm:ro {% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} - {{ BIND }} {% endfor %} {% endif %} - {% if DOCKER.containers['so-elastic-agent'].extra_env %} - environment: + - FLEET_CA=/etc/pki/tls/certs/intca.crt + {% if DOCKER.containers['so-elastic-agent'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %} - {{ XTRAENV }} {% endfor %} {% endif %} - + - watch: + - file: create-elastic-agent-config delete_so-elastic-agent_so-status.disabled: file.uncomment: diff --git a/salt/elasticagent/files/elastic-agent.yml.jinja b/salt/elasticagent/files/elastic-agent.yml.jinja index 45bac49b4..2d32a3b17 100644 --- a/salt/elasticagent/files/elastic-agent.yml.jinja +++ b/salt/elasticagent/files/elastic-agent.yml.jinja @@ -11,7 +11,7 @@ outputs: - 'https://{{ GLOBALS.hostname }}:9200' username: '{{ ES_USER }}' password: '{{ ES_PASS }}' - ssl.verification_mode: none + ssl.verification_mode: full output_permissions: {} agent: download: diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 0a4635004..57446a5c2 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -999,6 +999,14 @@ firewall: portgroups: - elasticsearch_node - elasticsearch_rest + managersearch: + portgroups: + - elasticsearch_node + - elasticsearch_rest + standalone: + portgroups: + - elasticsearch_node + - elasticsearch_rest dockernet: portgroups: - elasticsearch_node