Add possibility to use system CA

wazuh · Feb 10, 2023 · 9f22d83 · 9f22d83
1 parent 5f4fc7a
commit 9f22d83
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 0 deletions.
diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp
@@ -43,6 +43,7 @@
 
   $manage_certs = true,
   $manage_repos = false, # Change to true when manager is not present.
+  $use_system_ca = false,
 ) {
   if $manage_repos {
     include wazuh::repo

diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
@@ -20,6 +20,7 @@
   $filebeat_path_certs = '/etc/filebeat/certs',
 
   $manage_certs = true,
+  $use_system_ca = false,
 ) {
   include wazuh::repo_elastic_oss
 

diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb
@@ -17,8 +17,10 @@ output.elasticsearch:
   username: <%= @filebeat_oss_elastic_user %>
   password: <%= @filebeat_oss_elastic_password %>
   protocol: https
+<% if not @use_system_ca -%>
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
+<% end -%>
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
   ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
 

diff --git a/templates/wazuh_dashboard_yml.erb b/templates/wazuh_dashboard_yml.erb
@@ -20,5 +20,7 @@ opensearch_security.openid.verify_hostnames: <%= @opensearch_security_openid_ver
 server.ssl.enabled: true
 server.ssl.key: "<%= @dashboard_path_certs %>/dashboard-key.pem"
 server.ssl.certificate: "<%= @dashboard_path_certs %>/dashboard.pem"
+<% if not @use_system_ca -%>
 opensearch.ssl.certificateAuthorities: ["<%= @dashboard_path_certs %>/root-ca.pem"]
+<% end -%>
 uiSettings.overrides.defaultRoute: /app/wazuh