Secrets
View secrets from master:
salt '*' pillar.items
Create key called mysecretkey on master:
echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey"
View secrets from minion:
salt-call pillar.items
Get a specific secret from a minion:
salt-call pillar.get a-secret
Resource: https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/
Directory structure
There are two essential locations for salt related files (excluding service files):
/etc/salt
/srv/salt
/etc/salt holds configuration files for the master and minion, as well as the keys for known minions.
/srv/salt has the state, pillar and reactor files.
Resource: https://implement.pt/2018/10/a-comprehensive-introduction-to-salt/
Useful utilities
List all connected minions
salt-run manage.up
Show status for all connected minions
This will also show minions that are down.
salt-run manage.status
Resource: https://serverfault.com/questions/529049/how-do-i-list-all-connected-salt-stack-minions
Add new salt state
Salt states are the equivalent to a cookbook in Chef or a module in Puppet. To create a new one, do the following:
- Login to the salt master
mkdir /srv/salt/<name of state>- Add your logic to
/srv/salt/<name of state>/init.sls
Resource: https://implement.pt/2018/10/a-comprehensive-introduction-to-salt/
Run state on all minions
salt '*' state.apply
Alternatively, you can specify one from the command line:
salt '*' state.apply <name of state>
Run state on single minion
salt '<minion name>' state.apply
Alternatively, you can specify one from the command line:
salt '<minion name>' state.apply <name of state>
Commands to run on minion
Test connection to master
salt-call -l debug test.ping