From 15347d1209cbaf85140c4724cb3fca16035d2728 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Tue, 15 Dec 2020 15:08:33 -0500
Subject: [PATCH] [fix] More condition changes for Helix

---
 salt/logstash/init.sls |  2 ++
 salt/ssl/init.sls      |  2 +-
 salt/top.sls           |  2 --
 setup/so-setup         | 13 +++++++++----
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index e23e4eef2..d332f737a 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -45,8 +45,10 @@
 {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %}
 {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
 
+{% if grains['role'] != 'so-helix' %}
 include:
   - elasticsearch
+{% endif %}
 
 # Create the logstash group
 logstashgroup:
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 49e87f784..221c58c93 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -12,7 +12,7 @@
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
-{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
+{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import', 'helixsensor'] %}
     {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
diff --git a/salt/top.sls b/salt/top.sls
index c98123c7e..b6913895d 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -61,9 +61,7 @@ base:
     - suricata
     - zeek
     - redis
-    {%- if LOGSTASH %}
     - logstash
-    {%- endif %}
     {%- if FILEBEAT %}
     - filebeat
     {%- endif %}
diff --git a/setup/so-setup b/setup/so-setup
index f29162852..7b8621aa9 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -526,10 +526,13 @@ set_redirect >> $setup_log 2>&1
 		{
 			generate_passwords;
 			secrets_pillar;
-			add_socore_user_manager;
 		} >> $setup_log 2>&1	
 	fi
 
+	if [[ $is_manager || $is_import || $is_helix ]]; then
+		add_socore_user_manager >> $setup_log 2>&1
+	fi
+
 	if [[ $is_manager && ! $is_eval ]]; then
 		add_soremote_user_manager >> $setup_log 2>&1
 	fi
@@ -680,8 +683,10 @@ set_redirect >> $setup_log 2>&1
 	set_progress_str 63 "$(print_salt_state_apply 'common')"
 	salt-call state.apply -l info common >> $setup_log 2>&1
 
-	set_progress_str 64 "$(print_salt_state_apply 'nginx')"
-	salt-call state.apply -l info nginx >> $setup_log 2>&1
+	if [[ ! $is_helix ]]; then
+		set_progress_str 64 "$(print_salt_state_apply 'nginx')"
+		salt-call state.apply -l info nginx >> $setup_log 2>&1
+	fi
 
 	if [[ $is_manager || $is_node || $is_import ]]; then
 		set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
@@ -782,7 +787,7 @@ set_redirect >> $setup_log 2>&1
 		fi
 	fi
 
-	if [[ $is_manager || $is_helix || $is_import ]]; then		
+	if [[ $is_manager || $is_import ]]; then		
 		set_progress_str 82 "$(print_salt_state_apply 'utility')"
 		salt-call state.apply -l info utility >> $setup_log 2>&1
 	fi