From 9eb682bc40fca2463275e43e2db37a7a52978216 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 18 Oct 2023 18:37:35 -0400
Subject: [PATCH] generate_ca after salt-master and salt-minion states run

---
 salt/common/tools/sbin/so-common |  2 +-
 setup/so-functions               | 10 ++++++++++
 setup/so-setup                   |  9 +++------
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index c19d51a42..be001f0d7 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -153,7 +153,7 @@ check_salt_master_status() {
 }
 
 check_salt_minion_status() {
-	local timeout=$1
+	local timeout="${1:-5}"
 	echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1
 	salt "$MINION_ID" test.ping -t $timeout > /dev/null 2>&1
 	local status=$?
diff --git a/setup/so-functions b/setup/so-functions
index 68fd01550..7ead07ca7 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2495,6 +2495,16 @@ wait_for_file() {
 
 wait_for_salt_minion() {
 	retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || fail_setup
+	local attempt=0
+	# each attempts would take about 15 seconds
+	local maxAttempts=20
+	until check_salt_minion_status; do
+		attempt=$((attempt+1))
+		if [[ $attempt -gt $maxAttempts ]]; then
+			fail_setup
+		fi
+		sleep 10
+	done
 }
 
 verify_setup() {
diff --git a/setup/so-setup b/setup/so-setup
index 73ef29f4b..543ac0156 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -714,17 +714,14 @@ if ! [[ -f $install_opt_file ]]; then
 
 		logCmd "salt-call state.apply common.packages"
 		logCmd "salt-call state.apply common"
-		# apply the ca state to create the ca and put it in the mine early in the install
-		# this is done before the salt.master state puts the checkmine engine in place and starts
-		# checking for a valid ca in the mine for the manager
-		# the minion ip will already be in the mine from configure_minion function in so-functions
-		generate_ca
 		# this will apply the salt.minion state first since salt.master includes salt.minion
 		logCmd "salt-call state.apply salt.master"
 		# wait here until we get a response from the salt-master since it may have just restarted
 		# exit setup after 5-6 minutes of trying
 		check_salt_master_status || fail  "Can't access salt master or it is not ready"
-
+		# apply the ca state to create the ca and put it in the mine early in the install
+		# the minion ip will already be in the mine from configure_minion function in so-functions
+		generate_ca
 		# this will also call the ssl state since docker requires the intca
 		# the salt-minion service will need to be up on the manager to sign requests
 		generate_ssl