From e4e3b199fc97a0ea11aa02e6caf616e1ee8dd93d Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 22 Jun 2021 08:05:08 -0400
Subject: [PATCH 1/3] retry on so-dockerregistry

---
 salt/registry/init.sls | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/registry/init.sls b/salt/registry/init.sls
index 1cec55fd2..b59465fb7 100644
--- a/salt/registry/init.sls
+++ b/salt/registry/init.sls
@@ -43,6 +43,10 @@ so-dockerregistry:
       - /nsm/docker-registry/docker:/var/lib/registry/docker:rw
       - /etc/pki/registry.crt:/etc/pki/registry.crt:ro
       - /etc/pki/registry.key:/etc/pki/registry.key:ro
+    - timeout: 180
+    - retry:
+        attempts: 5
+        interval: 30
 
 append_so-dockerregistry_so-status.conf:
   file.append:
@@ -55,4 +59,4 @@ append_so-dockerregistry_so-status.conf:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}

From dcc9af946ad09b6c583ac8c929e68cd46d0beee2 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 21 Jun 2021 21:52:02 -0400
Subject: [PATCH 2/3] Avoid logging when sync is unnecessary due to cronjob log
 output spam

---
 salt/common/tools/sbin/so-user | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index 62ba737b1..f0c064d03 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -241,7 +241,7 @@ function syncAll() {
     staleCount=$(echo "select count(*) from identity_credentials where updated_at >= Datetime('now', '-${usersFileAgeSecs} seconds');" \
       | sqlite3 "$databasePath")
     if [[ "$staleCount" == "0" ]]; then
-      fail "Users are already in sync. Run 'FORCE_SYNC=1 $0 sync' to force a full sync anyway."
+      return 1
     fi
   fi
   syncElastic

From 8ddc99e91f7f5f53e3147865ecff0a733c032e94 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 22 Jun 2021 08:07:41 -0400
Subject: [PATCH 3/3] Allow for adjusting SOC session timeout

---
 salt/soc/files/kratos/kratos.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/soc/files/kratos/kratos.yaml b/salt/soc/files/kratos/kratos.yaml
index 80340af4f..b1174af58 100644
--- a/salt/soc/files/kratos/kratos.yaml
+++ b/salt/soc/files/kratos/kratos.yaml
@@ -1,5 +1,9 @@
 {%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
 {%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
+{%- set SESSIONTIMEOUT = salt['pillar.get']('kratos:sessiontimeout', '24h') -%}
+
+session:
+  lifespan: {{ SESSIONTIMEOUT }}
 
 selfservice:
   methods: