mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
|
|
|
{# we only want this state to run it is CentOS #}
|
|
{% if GLOBALS.os == 'OEL' %}
|
|
|
|
{% set global_ca_text = [] %}
|
|
{% set global_ca_server = [] %}
|
|
{% set manager = GLOBALS.manager %}
|
|
{% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
|
|
{% for host in x509dict %}
|
|
{% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
|
|
{% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
|
|
{% do global_ca_server.append(host) %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% set trusttheca_text = global_ca_text[0] %}
|
|
{% set ca_server = global_ca_server[0] %}
|
|
|
|
trusted_ca:
|
|
x509.pem_managed:
|
|
- name: /etc/pki/ca-trust/source/anchors/ca.crt
|
|
- text: {{ trusttheca_text }}
|
|
|
|
update_ca_certs:
|
|
cmd.run:
|
|
- name: update-ca-trust
|
|
- onchanges:
|
|
- x509: trusted_ca
|
|
|
|
{% else %}
|
|
|
|
desktop_trusted-ca_os_fail:
|
|
test.fail_without_changes:
|
|
- comment: 'SO Desktop can only be installed on Oracle Linux'
|
|
|
|
{% endif %}
|