false positive

ensure docker cp command follows container symlinks
deprecated kibana config
2026-01-17 05:31:34 +01:00 · 2026-01-15 15:25:28 -06:00 · 2026-01-15 15:18:18 -06:00 · 2026-01-15 15:17:22 -06:00 · 2026-01-15 14:43:57 -06:00
3 changed files with 6 additions and 4 deletions
--- a/salt/common/tools/sbin/so-log-check
+++ b/salt/common/tools/sbin/so-log-check
@@ -130,6 +130,7 @@ if [[ $EXCLUDE_STARTUP_ERRORS == 'Y' ]]; then
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|process_cluster_event_timeout_exception" # logstash waiting for elasticsearch to start
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|not configured for GeoIP"     # SO does not bundle the maxminddb with Zeek
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|HTTP 404: Not Found"          # Salt loops until Kratos returns 200, during startup Kratos may not be ready
+    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|Cancelling deferred write event maybeFenceReplicas because the event queue is now closed" # Kafka controller log during shutdown/restart
 fi

 if [[ $EXCLUDE_FALSE_POSITIVE_ERRORS == 'Y' ]]; then
@@ -160,6 +161,7 @@ if [[ $EXCLUDE_FALSE_POSITIVE_ERRORS == 'Y' ]]; then
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|adding ingest pipeline"       # false positive (elasticsearch ingest pipeline names contain 'error') 
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|updating index template"      # false positive (elasticsearch index or template names contain 'error') 
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|updating component template"  # false positive (elasticsearch index or template names contain 'error') 
+    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|upgrading component template"  # false positive (elasticsearch index or template names contain 'error')
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|upgrading composable template" # false positive (elasticsearch composable template names contain 'error')
 fi

--- a/salt/elasticsearch/tools/sbin_jinja/so-catrust
+++ b/salt/elasticsearch/tools/sbin_jinja/so-catrust
@@ -14,8 +14,9 @@ set -e
 # Check to see if we have extracted the ca cert.
 if [ ! -f /opt/so/saltstack/local/salt/elasticsearch/cacerts ]; then
    docker run -v /etc/pki/ca.crt:/etc/ssl/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elasticsearch:$ELASTIC_AGENT_TARBALL_VERSION -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts -alias SOSCA -import -file /etc/ssl/ca.crt -storepass changeit -noprompt
-    docker cp so-elasticsearchca:/usr/share/elasticsearch/jdk/lib/security/cacerts /opt/so/saltstack/local/salt/elasticsearch/cacerts
-    docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
+    # Make sure symbolic links are followed when copying from container
+    docker cp -L so-elasticsearchca:/usr/share/elasticsearch/jdk/lib/security/cacerts /opt/so/saltstack/local/salt/elasticsearch/cacerts
+    docker cp -L so-elasticsearchca:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
    docker rm so-elasticsearchca
    echo "" >> /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
    echo "sosca" >> /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
--- a/salt/kibana/defaults.yaml
+++ b/salt/kibana/defaults.yaml
@@ -25,11 +25,10 @@ kibana:
      discardCorruptObjects: "8.18.8"
    telemetry:
      enabled: False
-    security:
-      showInsecureClusterWarning: False
    xpack:
      security:
        secureCookies: true
+        showInsecureClusterWarning: false
      reporting:
        kibanaServer:
          hostname: localhost
Author	SHA1	Message	Date
reyesj2	d430ed6727	false positive	2026-01-15 15:25:28 -06:00
reyesj2	596bc178df	ensure docker cp command follows container symlinks	2026-01-15 15:18:18 -06:00
reyesj2	0cd3d7b5a8	deprecated kibana config	2026-01-15 15:17:22 -06:00
reyesj2	349d77ffdf	exclude kafka restart error	2026-01-15 14:43:57 -06:00