View secrets from master:
salt '*' pillar.items
Create key called mysecretkey on master:
echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey"
View secrets from minion:
Get a specific secret from a minion:
salt-call pillar.get a-secret
There are two essential locations for salt related files (excluding service files):
/etc/salt holds configuration files for the master and minion, as well as the keys for known minions.
/srv/salt has the state, pillar and reactor files.
List all connected minions
Show status for all connected minions
This will also show minions that are down.
Add new salt state
Salt states are the equivalent to a cookbook in Chef or a module in Puppet. To create a new one, do the following:
- Login to the salt master
mkdir /srv/salt/<name of state>
- Add your logic to
/srv/salt/<name of state>/init.sls
Run state on all minions
salt '*' state.apply <name of state>
Run state on single minion
salt '<minion name>' state.apply <name of state>