CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

generate_ca after salt-master and salt-minion states run

Browse Source
This commit is contained in:
m0duspwnens
2023-10-18 18:37:35 -04:00
parent a52ee063e5
commit 9eb682bc40
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-common
View File

@@ -153,7 +153,7 @@ check_salt_master_status() {
} }
check_salt_minion_status() { check_salt_minion_status() {
local timeout=$1 local timeout="${1:-5}"
echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1
salt "$MINION_ID" test.ping -t $timeout > /dev/null 2>&1 salt "$MINION_ID" test.ping -t $timeout > /dev/null 2>&1
local status=$? local status=$?

10
setup/so-functions
View File

@@ -2495,6 +2495,16 @@ wait_for_file() {
wait_for_salt_minion() { wait_for_salt_minion() {
retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || fail_setup retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || fail_setup
local attempt=0
# each attempts would take about 15 seconds
local maxAttempts=20
until check_salt_minion_status; do
attempt=$((attempt+1))
if [[ $attempt -gt $maxAttempts ]]; then
fail_setup
fi
sleep 10
done
} }
verify_setup() { verify_setup() {

9
setup/so-setup
View File

@@ -714,17 +714,14 @@ if ! [[ -f $install_opt_file ]]; then
logCmd "salt-call state.apply common.packages" logCmd "salt-call state.apply common.packages"
logCmd "salt-call state.apply common" logCmd "salt-call state.apply common"
# apply the ca state to create the ca and put it in the mine early in the install
# this is done before the salt.master state puts the checkmine engine in place and starts
# checking for a valid ca in the mine for the manager
# the minion ip will already be in the mine from configure_minion function in so-functions
generate_ca
# this will apply the salt.minion state first since salt.master includes salt.minion # this will apply the salt.minion state first since salt.master includes salt.minion
logCmd "salt-call state.apply salt.master" logCmd "salt-call state.apply salt.master"
# wait here until we get a response from the salt-master since it may have just restarted # wait here until we get a response from the salt-master since it may have just restarted
# exit setup after 5-6 minutes of trying # exit setup after 5-6 minutes of trying
check_salt_master_status || fail "Can't access salt master or it is not ready" check_salt_master_status || fail "Can't access salt master or it is not ready"
# apply the ca state to create the ca and put it in the mine early in the install
# the minion ip will already be in the mine from configure_minion function in so-functions
generate_ca
# this will also call the ssl state since docker requires the intca # this will also call the ssl state since docker requires the intca
# the salt-minion service will need to be up on the manager to sign requests # the salt-minion service will need to be up on the manager to sign requests
generate_ssl generate_ssl