add --certs flag to update certs. Used with --force, to ensure certs are updated even if hosts update isn't needed

2026-04-25 22:17:49 +02:00 · 2025-11-25 16:16:19 -06:00
parent 5a8ea57a1b
commit edf3c9464f
2 changed files with 66 additions and 10 deletions
@@ -32,6 +32,16 @@ so-elastic-fleet-auto-configure-logstash-outputs:
    - retry:
        attempts: 4
        interval: 30
+
+{# Separate from above in order to catch elasticfleet-logstash.crt changes and force update to fleet output policy #}
+so-elastic-fleet-auto-configure-logstash-outputs-force:
+  cmd.run:
+    - name: /usr/sbin/so-elastic-fleet-outputs-update --force --certs
+    - retry:
+        attempts: 4
+        interval: 30
+    - onchanges:
+        - x509: etc_elasticfleet_logstash_crt
 {% endif %}

 # If enabled, automatically update Fleet Server URLs & ES Connection