Fleet standalone fixes

salt/fleet/event_enable-fleet.sls

@@ -1,5 +1,6 @@
 {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret') %}
-{%- set MAINIP = salt['pillar.get']('node:mainip') -%}
+{% set MAININT = salt['pillar.get']('host:mainint') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 
 so/fleet:
   event.send:

salt/mysql/init.sls

@@ -6,7 +6,8 @@
 {% set FLEETARCH = salt['grains.get']('role') %}
 
 {% if FLEETARCH == "so-fleet" %}
-  {% set MAINIP = salt['pillar.get']('node:mainip') %}
+  {% set MAININT = salt['pillar.get']('host:mainint') %}
+  {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% else %}
   {% set MAINIP = salt['pillar.get']('static:masterip') %}
 {% endif %}

salt/nginx/etc/nginx.conf.so-fleet

@@ -1,4 +1,6 @@
-{%- set MAINIP = salt['pillar.get']('node:mainip', '') %}
+{% set MAININT = salt['pillar.get']('host:mainint') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/

salt/ssl/init.sls

@@ -1,9 +1,10 @@
 {% set master = salt['grains.get']('master') %}
 {% set masterip = salt['pillar.get']('static:masterip', '') %}
 {% set HOSTNAME = salt['grains.get']('host') %}
-{% set MAINIP = salt['pillar.get']('node:mainip') %}
 {% set global_ca_text = [] %}
 {% set global_ca_server = [] %}
+{% set MAININT = salt['pillar.get']('host:mainint') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 
 {% if grains.id.split('_')|last in ['master', 'eval', 'standalone'] %}
     {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}

setup/so-functions

@@ -810,6 +810,17 @@ get_minion_type() {
 	echo "$minion_type"
 }
 
+host_pillar() {
+
+	local pillar_file="$temp_install_dir"/pillar/minions/"$MINION_ID".sls
+
+	# Create the host pillar
+	printf '%s\n'\
+		"host:"\
+		"  mainint: $MNIC"\
+		"" > "$pillar_file"
+}
+
 install_cleanup() {
 	echo "Installer removing the following files:"
 	ls -lR "$temp_install_dir"

setup/so-setup

@@ -128,6 +128,7 @@ elif [ "$install_type" = 'HEAVYNODE' ]; then
 	is_sensor=true
 elif [ "$install_type" = 'FLEET' ]; then
 	is_minion=true
+	is_fleet_standalone=true
 	OSQUERY=1
 elif [ "$install_type" = 'HELIXSENSOR' ]; then
 	is_helix=true
@@ -234,7 +235,7 @@ if [[ $is_master ]]; then
 	get_redirect
 fi
 
-if [[ $is_distmaster || ( $is_sensor || $is_node ) && ! $is_eval ]]; then
+if [[ $is_distmaster || ( $is_sensor || $is_node || $is_fleet_standalone ) && ! $is_eval ]]; then
 	whiptail_master_updates
 	if [[ $setup_type == 'network' && $MASTERUPDATES == 1 ]]; then
 		whiptail_master_updates_warning
@@ -326,6 +327,10 @@ if [[ $is_minion ]]; then
 	copy_ssh_key >> $setup_log 2>&1
 fi
 
+if [[ $is_fleet_standalone ]]; then
+	host_pillar >> $setup_log 2>&1
+fi
+
 # Begin install
 {
 	# Set initial percentage to 0

setup/so-whiptail

@@ -170,7 +170,7 @@ whiptail_create_fleet_node_user() {
 	[ -n "$TESTING" ] && return
 
 	FLEETNODEUSER=$(whiptail --title "Security Onion Install" --inputbox \
-	"Please enter an email as the username for the Fleet admin user." 10 60 3>&1 1>&2 2>&3)
+	"Please enter an email for use as the username for the Fleet admin user." 10 60 3>&1 1>&2 2>&3)
 
 }