From 4b14ecf1d92cfe9aece77bef989be5b974932c03 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Mon, 1 Jun 2020 16:36:32 -0400
Subject: [PATCH] Fleet standalone fixes

---
 salt/fleet/event_enable-fleet.sls  |  3 ++-
 salt/mysql/init.sls                |  3 ++-
 salt/nginx/etc/nginx.conf.so-fleet |  4 +++-
 salt/ssl/init.sls                  |  3 ++-
 setup/so-functions                 | 11 +++++++++++
 setup/so-setup                     |  7 ++++++-
 setup/so-whiptail                  |  2 +-
 7 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls
index 007f3690c..90bfec2d4 100644
--- a/salt/fleet/event_enable-fleet.sls
+++ b/salt/fleet/event_enable-fleet.sls
@@ -1,5 +1,6 @@
 {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret') %}
-{%- set MAINIP = salt['pillar.get']('node:mainip') -%}
+{% set MAININT = salt['pillar.get']('host:mainint') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 
 so/fleet:
   event.send:
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index f3ce61784..c96be214c 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -6,7 +6,8 @@
 {% set FLEETARCH = salt['grains.get']('role') %}
 
 {% if FLEETARCH == "so-fleet" %}
-  {% set MAINIP = salt['pillar.get']('node:mainip') %}
+  {% set MAININT = salt['pillar.get']('host:mainint') %}
+  {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% else %}
   {% set MAINIP = salt['pillar.get']('static:masterip') %}
 {% endif %}
diff --git a/salt/nginx/etc/nginx.conf.so-fleet b/salt/nginx/etc/nginx.conf.so-fleet
index 28372f448..7d6974532 100644
--- a/salt/nginx/etc/nginx.conf.so-fleet
+++ b/salt/nginx/etc/nginx.conf.so-fleet
@@ -1,4 +1,6 @@
-{%- set MAINIP = salt['pillar.get']('node:mainip', '') %}
+{% set MAININT = salt['pillar.get']('host:mainint') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 384c5bd5f..ca6417dec 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -1,9 +1,10 @@
 {% set master = salt['grains.get']('master') %}
 {% set masterip = salt['pillar.get']('static:masterip', '') %}
 {% set HOSTNAME = salt['grains.get']('host') %}
-{% set MAINIP = salt['pillar.get']('node:mainip') %}
 {% set global_ca_text = [] %}
 {% set global_ca_server = [] %}
+{% set MAININT = salt['pillar.get']('host:mainint') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 
 {% if grains.id.split('_')|last in ['master', 'eval', 'standalone'] %}
     {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
diff --git a/setup/so-functions b/setup/so-functions
index e487e5542..3aea34bac 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -810,6 +810,17 @@ get_minion_type() {
 	echo "$minion_type"
 }
 
+host_pillar() {
+
+	local pillar_file="$temp_install_dir"/pillar/minions/"$MINION_ID".sls
+
+	# Create the host pillar
+	printf '%s\n'\
+		"host:"\
+		"  mainint: $MNIC"\
+		"" > "$pillar_file"
+}
+
 install_cleanup() {
 	echo "Installer removing the following files:"
 	ls -lR "$temp_install_dir"
diff --git a/setup/so-setup b/setup/so-setup
index 5906eefec..313586800 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -128,6 +128,7 @@ elif [ "$install_type" = 'HEAVYNODE' ]; then
 	is_sensor=true
 elif [ "$install_type" = 'FLEET' ]; then
 	is_minion=true
+	is_fleet_standalone=true
 	OSQUERY=1
 elif [ "$install_type" = 'HELIXSENSOR' ]; then
 	is_helix=true
@@ -234,7 +235,7 @@ if [[ $is_master ]]; then
 	get_redirect
 fi
 
-if [[ $is_distmaster || ( $is_sensor || $is_node ) && ! $is_eval ]]; then
+if [[ $is_distmaster || ( $is_sensor || $is_node || $is_fleet_standalone ) && ! $is_eval ]]; then
 	whiptail_master_updates
 	if [[ $setup_type == 'network' && $MASTERUPDATES == 1 ]]; then
 		whiptail_master_updates_warning
@@ -326,6 +327,10 @@ if [[ $is_minion ]]; then
 	copy_ssh_key >> $setup_log 2>&1
 fi
 
+if [[ $is_fleet_standalone ]]; then
+	host_pillar >> $setup_log 2>&1
+fi
+
 # Begin install
 {
 	# Set initial percentage to 0
diff --git a/setup/so-whiptail b/setup/so-whiptail
index e9f691b55..06712ace3 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -170,7 +170,7 @@ whiptail_create_fleet_node_user() {
 	[ -n "$TESTING" ] && return
 
 	FLEETNODEUSER=$(whiptail --title "Security Onion Install" --inputbox \
-	"Please enter an email as the username for the Fleet admin user." 10 60 3>&1 1>&2 2>&3)
+	"Please enter an email for use as the username for the Fleet admin user." 10 60 3>&1 1>&2 2>&3)
 
 }