CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

ensure /etc/pki is created and simplify ca logic for non manager in ssl state

Browse Source
This commit is contained in:
m0duspwnens
2021-12-28 10:41:57 -05:00
parent 0072ae253b
commit f2adcf4ca5
3 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/ssl/init.sls
View File

@@ -16,20 +16,16 @@
{% endif %}
{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import', 'helixsensor'] %}
{% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
{% set ca_server = grains.id %}
include:
- ca
{% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
{% set ca_server = grains.id %}
{% else %}
{% set x509dict = salt['mine.get']('*', 'x509.get_pem_entries') %}
{% for host in x509dict %}
{% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %}
{% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
{% do global_ca_server.append(host) %}
{% endif %}
{% endfor %}
{% set trusttheca_text = global_ca_text[0] %}
{% set ca_server = global_ca_server[0] %}
include:
- ca.dirs
{% set x509dict = salt['mine.get'](manager, 'x509.get_pem_entries') %}
{% set trusttheca_text = x509dict[manager].get('/etc/pki/ca.crt')|replace('\n', '') %}
{% set ca_server = manager %}
{% endif %}
# Trust the CA