diff --git a/salt/kafka/config.sls b/salt/kafka/config.sls index b1a31d23f..5cf6f8201 100644 --- a/salt/kafka/config.sls +++ b/salt/kafka/config.sls @@ -54,20 +54,6 @@ kafka_data_dir: - group: 960 - makedirs: True -kafka_generate_keystore: - cmd.run: - - name: "/usr/sbin/so-kafka-generate-keystore" - - onchanges: - - x509: /etc/pki/kafka.key - -kafka_keystore_perms: - file.managed: - - replace: False - - name: /etc/pki/kafka.jks - - mode: 640 - - user: 960 - - group: 939 - {% for sc in ['server', 'client'] %} kafka_kraft_{{sc}}_properties: file.managed: diff --git a/salt/kafka/defaults.yaml b/salt/kafka/defaults.yaml index 8dcd70b98..1cf7b73f1 100644 --- a/salt/kafka/defaults.yaml +++ b/salt/kafka/defaults.yaml @@ -25,19 +25,19 @@ kafka: socket_x_receive_x_buffer_x_bytes: 102400 socket_x_request_x_max_x_bytes: 104857600 socket_x_send_x_buffer_x_bytes: 102400 - ssl_x_keystore_x_location: /etc/pki/kafka.jks + ssl_x_keystore_x_location: /etc/pki/kafka.p12 + ssl_x_keystore_x_type: PKCS12 ssl_x_keystore_x_password: changeit - ssl_x_keystore_x_type: JKS ssl_x_truststore_x_location: /etc/pki/java/sos/cacerts ssl_x_truststore_x_password: changeit - transaction_x_state_x_log_x_min_x_isr: 1 + transaction_x_state_x_log_x_min_x_isr: 1n transaction_x_state_x_log_x_replication_x_factor: 1 client: security_x_protocol: SSL ssl_x_truststore_x_location: /etc/pki/java/sos/cacerts ssl_x_truststore_x_password: changeit - ssl_x_keystore_x_location: /etc/pki/kafka.jks - ssl_x_keystore_x_type: JKS + ssl_x_keystore_x_location: /etc/pki/kafka.p12 + ssl_x_keystore_x_type: PKCS12 ssl_x_keystore_x_password: changeit controller: controller_x_listener_x_names: CONTROLLER diff --git a/salt/kafka/enabled.sls b/salt/kafka/enabled.sls index 78e0d87d9..9275eca91 100644 --- a/salt/kafka/enabled.sls +++ b/salt/kafka/enabled.sls @@ -40,11 +40,13 @@ so-kafka: - {{ BINDING }} {% endfor %} - binds: - - /etc/pki/kafka.jks:/etc/pki/kafka.jks + - /etc/pki/kafka.p12:/etc/pki/kafka.p12 - /opt/so/conf/ca/cacerts:/etc/pki/java/sos/cacerts - /nsm/kafka/data/:/nsm/kafka/data/:rw - /opt/so/conf/kafka/server.properties:/kafka/config/kraft/server.properties + {% if GLOBALS.is_manager %} - /opt/so/conf/kafka/client.properties:/kafka/config/kraft/client.properties + {% endif %} - watch: {% for sc in ['server', 'client'] %} - file: kafka_kraft_{{sc}}_properties diff --git a/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore b/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore deleted file mode 100644 index 8ae9d6db2..000000000 --- a/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -. /usr/sbin/so-common - -# Generate a new keystore -docker run -v /etc/pki/kafka.p12:/etc/pki/kafka.p12 --name so-kafka-keystore --user root --entrypoint keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }} -importkeystore -srckeystore /etc/pki/kafka.p12 -srcstoretype PKCS12 -srcstorepass changeit -destkeystore /etc/pki/kafka.jks -deststoretype JKS -deststorepass changeit -noprompt -docker cp so-kafka-keystore:/etc/pki/kafka.jks /etc/pki/kafka.jks -docker rm so-kafka-keystore \ No newline at end of file