diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp index d00b39fc..d7d710da 100644 --- a/manifests/dashboard.pp +++ b/manifests/dashboard.pp @@ -31,6 +31,7 @@ }, ], + $manage_certs = true, $use_system_ca = false, ) { @@ -50,32 +51,34 @@ name => $dashboard_package, } - exec { "ensure full path of ${dashboard_path_certs}": - path => '/usr/bin:/bin', - command => "mkdir -p ${dashboard_path_certs}", - creates => $dashboard_path_certs, - require => Package['wazuh-dashboard'], - } - -> file { $dashboard_path_certs: - ensure => directory, - owner => $dashboard_fileuser, - group => $dashboard_filegroup, - mode => '0500', - } + if $manage_certs { + exec { "ensure full path of ${dashboard_path_certs}": + path => '/usr/bin:/bin', + command => "mkdir -p ${dashboard_path_certs}", + creates => $dashboard_path_certs, + require => Package['wazuh-dashboard'], + } + -> file { $dashboard_path_certs: + ensure => directory, + owner => $dashboard_fileuser, + group => $dashboard_filegroup, + mode => '0500', + } - [ - 'dashboard.pem', - 'dashboard-key.pem', - 'root-ca.pem', - ].each |String $certfile| { - file { "${dashboard_path_certs}/${certfile}": - ensure => file, - owner => $dashboard_fileuser, - group => $dashboard_filegroup, - mode => '0400', - replace => true, - recurse => remote, - source => "puppet:///modules/archive/${certfile}", + [ + 'dashboard.pem', + 'dashboard-key.pem', + 'root-ca.pem', + ].each |String $certfile| { + file { "${dashboard_path_certs}/${certfile}": + ensure => file, + owner => $dashboard_fileuser, + group => $dashboard_filegroup, + mode => '0400', + replace => true, + recurse => remote, + source => "puppet:///modules/archive/${certfile}", + } } } diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index dbfc3d70..822a765d 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -20,6 +20,7 @@ $filebeat_filegroup = 'root', $filebeat_path_certs = '/etc/filebeat/certs', + $manage_certs = true, $use_system_ca = false, ) { @@ -75,33 +76,35 @@ require => Package['filebeat'], } - exec { "ensure full path of ${filebeat_path_certs}": - path => '/usr/bin:/bin', - command => "mkdir -p ${filebeat_path_certs}", - creates => $filebeat_path_certs, - require => Package['filebeat'], - } - -> file { $filebeat_path_certs: - ensure => directory, - owner => $filebeat_fileuser, - group => $filebeat_filegroup, - mode => '0500', - } + if $manage_certs { + exec { "ensure full path of ${filebeat_path_certs}": + path => '/usr/bin:/bin', + command => "mkdir -p ${filebeat_path_certs}", + creates => $filebeat_path_certs, + require => Package['filebeat'], + } + -> file { $filebeat_path_certs: + ensure => directory, + owner => $filebeat_fileuser, + group => $filebeat_filegroup, + mode => '0500', + } - $_certfiles = { - "manager-${wazuh_node_name}.pem" => 'filebeat.pem', - "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', - 'root-ca.pem' => 'root-ca.pem', - } - $_certfiles.each |String $certfile_source, String $certfile_target| { - file { "${filebeat_path_certs}/${certfile_target}": - ensure => file, - owner => $filebeat_fileuser, - group => $filebeat_filegroup, - mode => '0400', - replace => true, - recurse => remote, - source => "puppet:///modules/archive/${certfile_source}", + $_certfiles = { + "manager-${wazuh_node_name}.pem" => 'filebeat.pem', + "manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem', + 'root-ca.pem' => 'root-ca.pem', + } + $_certfiles.each |String $certfile_source, String $certfile_target| { + file { "${filebeat_path_certs}/${certfile_target}": + ensure => file, + owner => $filebeat_fileuser, + group => $filebeat_filegroup, + mode => '0400', + replace => true, + recurse => remote, + source => "puppet:///modules/archive/${certfile_source}", + } } } diff --git a/manifests/indexer.pp b/manifests/indexer.pp index b7a6be3e..2663a912 100644 --- a/manifests/indexer.pp +++ b/manifests/indexer.pp @@ -23,6 +23,7 @@ $indexer_discovery_hosts = [], # Empty array for single-node configuration $indexer_cluster_initial_master_nodes = ['node-1'], $indexer_cluster_CN = ['node-1'], + $manage_certs = true, # JVM options $jvm_options_memory = '1g', @@ -44,39 +45,39 @@ name => $indexer_package, } - exec { "ensure full path of ${indexer_path_certs}": - path => '/usr/bin:/bin', - command => "mkdir -p ${indexer_path_certs}", - creates => $indexer_path_certs, - require => Package['wazuh-indexer'], - } - -> file { $indexer_path_certs: - ensure => directory, - owner => $indexer_fileuser, - group => $indexer_filegroup, - mode => '0500', - } + if $manage_certs { + exec { "ensure full path of ${indexer_path_certs}": + path => '/usr/bin:/bin', + command => "mkdir -p ${indexer_path_certs}", + creates => $indexer_path_certs, + require => Package['wazuh-indexer'], + } + -> file { $indexer_path_certs: + ensure => directory, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0500', + } - [ - "indexer-$indexer_node_name.pem", - "indexer-$indexer_node_name-key.pem", - 'root-ca.pem', - 'admin.pem', - 'admin-key.pem', - ].each |String $certfile| { - file { "${indexer_path_certs}/${certfile}": - ensure => file, - owner => $indexer_fileuser, - group => $indexer_filegroup, - mode => '0400', - replace => true, - recurse => remote, - source => "puppet:///modules/archive/${certfile}", + [ + "indexer-$indexer_node_name.pem", + "indexer-$indexer_node_name-key.pem", + 'root-ca.pem', + 'admin.pem', + 'admin-key.pem', + ].each |String $certfile| { + file { "${indexer_path_certs}/${certfile}": + ensure => file, + owner => $indexer_fileuser, + group => $indexer_filegroup, + mode => '0400', + replace => true, + recurse => remote, + source => "puppet:///modules/archive/${certfile}", + } } } - - file { 'configuration file': path => '/etc/wazuh-indexer/opensearch.yml', content => template('wazuh/wazuh_indexer_yml.erb'),