CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 16:03:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

restart docker if ca changes. cleanup dirs at key/crt location

Browse Source
This commit is contained in:
Josh Patterson
2025-12-12 22:19:59 -05:00
parent 9878d9d37e
commit c0845e1612
2 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/ca/trustca.sls
View File

@@ -18,8 +18,9 @@ trusttheca:
file.managed:
- name: /etc/pki/tls/certs/intca.crt
- source: salt://ca/files/ca.crt
- listen_in:
- watch_in:
- service: docker_running
- show_changes: False
{% if GLOBALS.os_family == 'Debian' %}
symlinkca:

30
salt/registry/ssl.sls
View File

@@ -8,19 +8,38 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'ca/map.jinja' import CA %}
include:
- ca
# Delete directory if it exists at the key path
registry_key_cleanup:
file.absent:
- name: /etc/pki/registry.key
- onlyif:
- test -d /etc/pki/registry.key
registry_key:
x509.private_key_managed:
- name: /etc/pki/registry.key
- keysize: 4096
- backup: True
- new: True
- require:
- file: registry_key_cleanup
{% if salt['file.file_exists']('/etc/pki/registry.key') -%}
- prereq:
- x509: /etc/pki/registry.crt
{%- endif %}
- retry:
attempts: 5
interval: 30
attempts: 15
interval: 10
# Delete directory if it exists at the crt path
registry_crt_cleanup:
file.absent:
- name: /etc/pki/registry.crt
- onlyif:
- test -d /etc/pki/registry.crt
# Create a cert for the docker registry
registry_crt:
@@ -34,10 +53,13 @@ registry_crt:
- days_remaining: 7
- days_valid: 820
- backup: True
- require:
- file: registry_crt_cleanup
- timeout: 30
- retry:
attempts: 5
interval: 30
attempts: 15
interval: 10
regkeyperms:
file.managed: