Josh Patterson 89e6a746c8 so-salt-minion-wait: wait for the restart job before reading MainPID
Live testing on a standalone node found the previous commit still reported
ready on the OUTGOING daemon. Reproduced by running the production sequence:

  systemctl restart --no-block salt-minion   # what service.restart issues
  /usr/sbin/so-salt-minion-wait              # what cmd.run then runs

  so-salt-minion-wait: gating on pid-tagged ready line ... plus master sockets
  salt-minion (pid 2750297) ready after 3s   # 2750297 is the OLD child

salt restarts this unit with --no-block -- _no_block_default() in
salt/modules/systemd_service.py returns True when the unit is the salt-minion
service -- so service.restart returns as soon as the job is enqueued. Measured
on the host, systemd does not swap MainPID until ~7.3s later. Throughout that
window the old daemon is still running, still holds its master sockets, and
its own ready line is already in the log, so every gate passes on the instance
that is about to be torn down. INITIAL_SLEEP=3 expired inside that window.

Wait for systemd's job queue for the unit to drain before resolving MainPID.
That is deterministic rather than a timing guess: the job exists from the
moment --no-block returns until the new instance signals READY, and MainPID is
new by the time it clears. Measured transition:

  t=0.0s   job pending, child=OLD, sockets up, ready line present
  t=7.9s   job drained, child=NEW, sockets up, ready line ABSENT
  t=10.7s  ready line for NEW child appears   <- script returns here

The same run also confirms empirically why the log line is required in
addition to the sockets: for 2.8s the new child has both master connections
while _post_master_init() is still loading modules and compiling pillar, so a
socket-only gate would return that much too early.

Correct the comment claim from the previous commit. The --no-block restart is
real; it lives in salt's systemd_service module, not in this repo, which is
why searching the repo for it turned up nothing.
2026-07-10 09:35:21 -04:00
2023-12-19 18:58:17 +00:00
2024-04-11 15:32:00 -04:00
2026-05-28 09:34:17 -04:00
2025-06-27 11:00:35 -04:00
2026-04-01 10:47:59 -04:00
2026-05-28 09:34:17 -04:00
2026-05-28 10:24:47 -04:00
2020-11-17 09:00:02 -05:00
2025-02-20 11:07:50 -05:00
2026-03-04 15:48:16 -05:00
2026-03-05 11:05:19 -05:00
2023-06-26 16:01:58 -04:00
2022-09-07 09:06:25 -04:00
ver
2026-06-11 08:18:38 -04:00

Security Onion Logo

Security Onion

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.

Features

Security Onion includes everything you need to monitor your network and host systems:

  • Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
  • Elastic Stack: Powerful search backed by Elasticsearch.
  • Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
  • Network Metadata: Detailed network metadata generated by Zeek or Suricata.
  • Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.

Security Onion Pro

For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:

  • Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
  • Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.

For more information, visit the Security Onion Pro page.

☁️ Cloud Deployment

Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.

🚀 Getting Started

Goal Resource
Download Security Onion ISO
Requirements Hardware Guide
Install Installation Instructions
What's New Release Notes

📖 Documentation & Support

For more detailed information, please visit our Documentation.

🤝 Contributing

We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.

🛡️ License

Security Onion is licensed under the terms of the license found in the LICENSE file.


Built with 🧅 by Security Onion Solutions.

S
Description
Security Onion 2 - Linux distro for threat hunting, enterprise security monitoring, and log management
Readme 79 MiB
Languages
Shell 51%
Jinja 22.2%
SaltStack 12%
Python 8.7%
CSS 2%
Other 4%