CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

apply ca state early in setup

Browse Source
This commit is contained in:
m0duspwnens
2023-10-18 15:02:22 -04:00
parent c3cde61202
commit 1999db0bb3
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
setup/so-setup
View File

@@ -714,12 +714,19 @@ if ! [[ -f $install_opt_file ]]; then
logCmd "salt-call state.apply common.packages" logCmd "salt-call state.apply common.packages"
logCmd "salt-call state.apply common" logCmd "salt-call state.apply common"
# apply the ca state to create the ca and put it in the mine early in the install
# this is done before the salt.master state puts the checkmine engine in place and starts
# checking for a valid ca in the mine for the manager
# the minion ip will already be in the mine from configure_minion function in so-functions
logCmd "salt-call state.apply ca"
# this will apply the salt.minion state first since salt.master includes salt.minion
logCmd "salt-call state.apply salt.master" logCmd "salt-call state.apply salt.master"
# wait here until we get a response from the salt-master since it may have just restarted # wait here until we get a response from the salt-master since it may have just restarted
# exit setup after 5-6 minutes of trying # exit setup after 5-6 minutes of trying
check_salt_master_status || fail "Can't access salt master or it is not ready" check_salt_master_status || fail "Can't access salt master or it is not ready"
# this will also call the ssl state since docker requires the intca
# the salt-minion service will need to be up on the manager to sign requests
logCmd "salt-call state.apply docker" logCmd "salt-call state.apply docker"
firewall_generate_templates firewall_generate_templates
set_initial_firewall_policy set_initial_firewall_policy