Salt Notes

Secrets

View secrets from master:

salt '*' pillar.items

Create key called mysecretkey on master:

echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey"

View secrets from minion:

salt-call pillar.items

Get a specific secret from a minion:

salt-call pillar.get a-secret

Resource:
https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/

Directory structurs

There are two essential locations for salt related files (excluding service files):

/etc/salt
/srv/salt

/etc/salt holds configuration files for the master and minion, as well as the keys for known minions.

/srv/salt has the state, pillar and reactor files.

Resource:
https://implement.pt/2018/10/a-comprehensive-introduction-to-salt/

Useful utilities

List all connected minions

salt-run manage.up

Show status for all connected minions

This will also show minions that are down.

salt-run manage.status

Resource:
https://serverfault.com/questions/529049/how-do-i-list-all-connected-salt-stack-minions

Add new salt state

Salt states are the equivalent to a cookbook in Chef or a module in Puppet. To create a new one, do the following:

  1. Login to the salt master
  2. mkdir /srv/salt/<name of state>
  3. Add your logic to /srv/salt/<name of state>/init.sls

Resource:
https://implement.pt/2018/10/a-comprehensive-introduction-to-salt/

Run state on all minions

salt '*' state.apply <name of state>

Run state on single minion

salt '<minion name>' state.apply <name of state>