log01 / rsyslog: install the ca cert and use it in the file

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-05-04 11:36:32 -07:00 · 2023-05-04 11:36:32 -07:00 · afb783d989
commit afb783d989
parent 3907db1bc2
2 changed files with 9 additions and 1 deletions
--- a/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org
+++ b/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org
@ -219,4 +219,4 @@ local6.*					?m_audit;MergeFormat
 $DefaultNetstreamDriver gtls # use gtls netstream driver
 $ActionSendStreamDriverMode 1 # require TLS for the connection
 $ActionSendStreamDriverAuthMode anon # server is NOT authenticated
-$DefaultNetstreamDriverCAFile {{private}}/files/splunk-certs/2022-IT-Root-CA.pem
+$DefaultNetstreamDriverCAFile /etc/pki/tls/certs/2022-IT-Root-CA.pem
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -230,6 +230,14 @@
  notify:
  - flush journald tmpfiles to persistent store

+- name: install rh ca for splunk
+  copy: src={{private}}/files/splunk-certs/2022-IT-Root-CA.pem dest=/etc/pki/tls/certs/2022-IT-Root-CA.pem
+  tags:
+  - rsyslogd
+  - config
+  - base
+  when: inventory_hostname.startswith('log01')
+
 - name: ensure packages required for rsyslog are installed
  package: name={{ item }} state=present
  with_items: