From 1999db0bb3d593df97a1267e398813d4fabcd084 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 18 Oct 2023 15:02:22 -0400
Subject: [PATCH] apply ca state early in setup

---
 setup/so-setup | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index 4db24aa1a..052111591 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -714,12 +714,19 @@ if ! [[ -f $install_opt_file ]]; then
 
 		logCmd "salt-call state.apply common.packages"
 		logCmd "salt-call state.apply common"
+		# apply the ca state to create the ca and put it in the mine early in the install
+		# this is done before the salt.master state puts the checkmine engine in place and starts
+		# checking for a valid ca in the mine for the manager
+		# the minion ip will already be in the mine from configure_minion function in so-functions
+		logCmd "salt-call state.apply ca"
+		# this will apply the salt.minion state first since salt.master includes salt.minion
 		logCmd "salt-call state.apply salt.master"
-
 		# wait here until we get a response from the salt-master since it may have just restarted
 		# exit setup after 5-6 minutes of trying
 		check_salt_master_status || fail  "Can't access salt master or it is not ready"
 
+		# this will also call the ssl state since docker requires the intca
+		# the salt-minion service will need to be up on the manager to sign requests
 		logCmd "salt-call state.apply docker"
 		firewall_generate_templates
 		set_initial_firewall_policy