From 0e19594c97142b8e4436791d1cebd9d2afddb56f Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 9 Nov 2020 15:25:11 -0500
Subject: [PATCH] enable fleet in global pillars before running fleet state
 during setup
 https://github.com/Security-Onion-Solutions/securityonion/issues/1857

---
 salt/fleet/event_enable-fleet.sls |  2 +-
 salt/reactor/fleet.sls            | 11 ++++++-----
 setup/so-setup                    |  7 ++-----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls
index d09749a55..28542ba6c 100644
--- a/salt/fleet/event_enable-fleet.sls
+++ b/salt/fleet/event_enable-fleet.sls
@@ -1,4 +1,4 @@
-{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
+{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default', '') %}
 {% set MAININT = salt['pillar.get']('host:mainint') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index a32fb5cfd..a4226b027 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -31,16 +31,17 @@ def run():
         print(line) 
 
       # Update the enroll secret in the secrets pillar
-      for line in fileinput.input(SECRETSFILE, inplace=True):
-        line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
-        print(line)      
+      if ESECRET != "":
+        for line in fileinput.input(SECRETSFILE, inplace=True):
+          line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
+          print(line)
 
-        # Update the Fleet host in the static pillar
+      # Update the Fleet host in the static pillar
       for line in fileinput.input(STATICFILE, inplace=True):
         line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip())
         print(line)  
 
-        # Update the Fleet IP in the static pillar
+      # Update the Fleet IP in the static pillar
       for line in fileinput.input(STATICFILE, inplace=True):
         line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip())
         print(line)   
diff --git a/setup/so-setup b/setup/so-setup
index cf180000f..c8f401656 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -684,12 +684,9 @@ fi
 	fi
 	
 	if [[ "$OSQUERY" = 1 ]]; then
-		if [[ "$PLAYBOOK" != 1 ]]; then
-		set_progress_str 74 "$(print_salt_state_apply 'mysql')"
-		salt-call state.apply -l info mysql >> $setup_log 2>&1
-		fi
 
 		set_progress_str 75 "$(print_salt_state_apply 'fleet')"
+		salt-call state.apply fleet.event_enable-fleet # enable fleet in the global pillar
 		salt-call state.apply -l info fleet >> $setup_log 2>&1
 
 		set_progress_str 76 "$(print_salt_state_apply 'redis')"
@@ -701,7 +698,7 @@ fi
 			salt-call state.apply -l info fleet.event_update-custom-hostname pillar="$pillar_override" >> $setup_log 2>&1
 		fi
 	
-		set_progress_str 74 "$(print_salt_state_apply 'so-fleet-setup')"	
+		set_progress_str 77 "$(print_salt_state_apply 'so-fleet-setup')"
 		so-fleet-setup "$FLEETNODEUSER" "$FLEETNODEPASSWD1" >> $setup_log 2>&1
 
 	fi