From 291ac7d361f375793e3aed069a6d540cd021e612 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 10 Jan 2022 10:36:42 -0500
Subject: [PATCH] 
 https://github.com/Security-Onion-Solutions/securityonion/issues/6811

---
 salt/common/init.sls           | 9 +++++++++
 salt/manager/elasticsearch.sls | 8 ++++++++
 salt/manager/init.sls          | 9 +--------
 3 files changed, 18 insertions(+), 8 deletions(-)
 create mode 100644 salt/manager/elasticsearch.sls

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 17cea3480..8824a2df9 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -4,6 +4,11 @@
 {% set role = grains.id.split('_') | last %}
 {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
 
+{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+include:
+  - manager.elasticsearch # needed for elastic_curl_config state
+{% endif %}
+
 # Remove variables.txt from /tmp - This is temp
 rmvariablesfile:
   file.absent:
@@ -189,6 +194,10 @@ elastic_curl_config:
     - mode: 600
     - show_changes: False
     - makedirs: True
+{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+    - require:
+      - file: elastic_curl_config_distributed
+{% endif %}
 
 # Sync some Utilities
 utilsyncscripts:
diff --git a/salt/manager/elasticsearch.sls b/salt/manager/elasticsearch.sls
new file mode 100644
index 000000000..63f2dccdc
--- /dev/null
+++ b/salt/manager/elasticsearch.sls
@@ -0,0 +1,8 @@
+
+elastic_curl_config_distributed:
+  file.managed:
+    - name: /opt/so/saltstack/local/salt/elasticsearch/curl.config
+    - source: salt://elasticsearch/files/curl.config.template
+    - template: jinja
+    - mode: 600
+    - show_changes: False
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 990eda3d3..3604f3cf6 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -25,6 +25,7 @@ include:
   - kibana.secrets
   - salt.minion
   - kratos
+  - manager.elasticsearch
 
 socore_own_saltstack:
   file.directory:
@@ -110,14 +111,6 @@ strelka_yara_update:
     - hour: '7'
     - minute: '1'
 
-elastic_curl_config_distributed:
-  file.managed:
-    - name: /opt/so/saltstack/local/salt/elasticsearch/curl.config
-    - source: salt://elasticsearch/files/curl.config.template
-    - template: jinja
-    - mode: 600
-    - show_changes: False
-
 # Must run before elasticsearch docker container is started!
 syncesusers:
   cmd.run: