From 74ca8450d18723a2708a7d274ffe11e7747d5ce3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Fri, 2 Nov 2018 09:43:53 -0400
Subject: [PATCH] Utility Module - Fix the search for eval

---
 salt/top.sls             |  2 +-
 salt/utility/bin/eval.sh | 30 ++++++++++++++++++++++++++++++
 salt/utility/init.sls    |  8 ++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 salt/utility/bin/eval.sh

diff --git a/salt/top.sls b/salt/top.sls
index ba7ab520f..23878e70e 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -19,10 +19,10 @@ base:
     - elasticsearch
     - logstash
     - kibana
-    - utility
     - pcap
     - suricata
     - bro
+    - utility
 
 
   'G@role:so-master':
diff --git a/salt/utility/bin/eval.sh b/salt/utility/bin/eval.sh
new file mode 100644
index 000000000..effbdfd33
--- /dev/null
+++ b/salt/utility/bin/eval.sh
@@ -0,0 +1,30 @@
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- set MASTER = grains['master'] %}
+# Wait for ElasticSearch to come up, so that we can query for version infromation
+echo -n "Waiting for ElasticSearch..."
+COUNT=0
+ELASTICSEARCH_CONNECTED="no"
+while [[ "$COUNT" -le 30 ]]; do
+  curl --output /dev/null --silent --head --fail http://{{ ES }}:9200
+  if [ $? -eq 0 ]; then
+    ELASTICSEARCH_CONNECTED="yes"
+    echo "connected!"
+    break
+  else
+    ((COUNT+=1))
+    sleep 1
+    echo -n "."
+  fi
+done
+if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
+  echo
+  echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
+  echo
+
+  exit
+fi
+
+echo "Applying cross cluster search config..."
+    curl -s -XPUT http://{{ ES }}:9200/_cluster/settings \
+         -H 'Content-Type: application/json' \
+         -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MASTER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}"
diff --git a/salt/utility/init.sls b/salt/utility/init.sls
index 5cb628d50..845da59c7 100644
--- a/salt/utility/init.sls
+++ b/salt/utility/init.sls
@@ -11,3 +11,11 @@ crossclusterson:
 
 {% endif %}
 {% endif %}
+{% if grains['role'] == 'so-eval' %}
+fixsearch:
+  cmd.script:
+    - shell: /bin/bash
+    - runas: socore
+    - source: salt://utility/bin/eval.sh
+    - template: jinja
+{% endif %}