Generate new Kafka truststore

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-20 16:03:06 +01:00 · 2024-07-10 11:29:09 -04:00
parent dadb0db8f3
commit d791b23838
12 changed files with 125 additions and 38 deletions
--- a/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
@@ -1,4 +1,5 @@
 {%- set kafka_password = salt['pillar.get']('kafka:password') %}
+{%- set kafka_trustpass = salt['pillar.get']('kafka:trustpass') %}
 {%- set kafka_brokers = salt['pillar.get']('kafka:nodes', {}) %}
 {%- set brokers = [] %}

@@ -22,8 +23,8 @@ input {
        ssl_keystore_location => '/usr/share/logstash/kafka-logstash.p12'
        ssl_keystore_password => '{{ kafka_password }}'
        ssl_keystore_type => 'PKCS12'
-        ssl_truststore_location => '/etc/pki/ca-trust/extracted/java/cacerts'
-        ssl_truststore_password => 'changeit'
+        ssl_truststore_location => '/etc/pki/kafka-truststore.jks'
+        ssl_truststore_password => '{{ kafka_trustpass }}'
        decorate_events => true
        tags => [ "elastic-agent", "input-{{ GLOBALS.hostname}}", "kafka" ]
    }