run fleet ssl state in fleet.config to ensure all required certs are created before so-elastic-fleet-setup runs

2026-01-29 11:23:35 +01:00 · 2026-01-28 15:23:38 -06:00
parent 36f8c490c8
commit ebeeb91297
3 changed files with 6 additions and 1 deletions
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -11,6 +11,7 @@

 include:
  - elasticfleet.artifact_registry
+  - elasticfleet.ssl

 # Add EA Group
 elasticfleetgroup:
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -15,7 +15,6 @@
 include:
  - ca
  - logstash.ssl
-  - elasticfleet.ssl
  - elasticfleet.config
  - elasticfleet.sostatus

--- a/salt/elasticfleet/tools/sbin_jinja/so-kafka-fleet-output-policy
+++ b/salt/elasticfleet/tools/sbin_jinja/so-kafka-fleet-output-policy
@@ -34,6 +34,11 @@ if [[ "$RETURN_CODE" != "0" ]]; then
  exit 1
 fi

+if [[ ! -f /etc/pki/elasticfleet-kafka.crt || ! -f /etc/pki/elasticfleet-kafka.key ]]; then
+  echo -e "\nKafka certificates not found, can't setup Elastic Fleet output policy for Kafka...\n"
+  exit 1
+fi
+
 KAFKACRT=$(openssl x509 -in /etc/pki/elasticfleet-kafka.crt)
 KAFKAKEY=$(openssl rsa -in  /etc/pki/elasticfleet-kafka.key)
 KAFKACA=$(openssl x509 -in  /etc/pki/tls/certs/intca.crt)