From f5a1bd40747dff47bcfbd61fdfb9c5696bb76162 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 9 Nov 2020 16:25:28 -0500
Subject: [PATCH] only try to get enrollsecret if fleet is already enabled
 https://github.com/Security-Onion-Solutions/securityonion/issues/1857

---
 salt/fleet/event_enable-fleet.sls | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls
index 28542ba6c..83e5af4c3 100644
--- a/salt/fleet/event_enable-fleet.sls
+++ b/salt/fleet/event_enable-fleet.sls
@@ -1,4 +1,10 @@
-{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default', '') %}
+{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
+{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
+{% if FLEETNODE or FLEETMANAGER %}
+  {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
+{% else %}}
+  {% set ENROLLSECRET = '' %}
+{% endif %}
 {% set MAININT = salt['pillar.get']('host:mainint') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}