@dgingerich @scottalanmiller sorry for the delay in a response from me. Working on a sev-1 at work at the moment so I'm only sporadically available. I'll be sure to take a look at this later when either the sev-1 clears up or my day is over.

Not having used salt yet myself, couldn't you set the contents of that file using the Salt Master?

I'll add a note for clarity given the title... SaltStack does not do authentication like AD does. AD does not do patching of any sort like Salt does. Salt is an alternative to common myths about AD functionality, but not to actual AD functionality. But you can use Salt to do distributed local authentication management, which does replace the need for AD, but is very different than what is being discussed here. In this case Salt is replacing GPO, not AD.

@msff-amman-Itofficer said in Beginner SaltStack Question: Can minions be placed in folders or groups ? (Coming from AD perspective):

@scottalanmiller

ohh shit, how did that get passed me...

Great, thanks again.

🙂

@aaronstuder said in ZeroTier Client & Automatic Authorization Salt State:

Nice work! Thanks 🙂

It has been a while since I've tested this so let me know if it gives you any problems.

This way you can share the config(s) under conf.d between multiple machines using the same roles (or whatever Salt calls them) and have different main NGINX server settings.

@aaronstuder said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

@scottalanmiller said in Installing Varnish Cache to a LAMP Stack on Fedora 25 with SaltStack:

Varnish Cache cannot handle TLS connections, so Apache will continue to server HTTPS on port 443, for now at least.

That's unfortunate 😕 I use Varnish on Cloudways, but everything is HTTPS... Does that mean Varnish is doing nothing?

It just means that an SSL layer has to be in front of it. Nginx is used on most platforms to handle SSL.

@scottalanmiller How are you liking Salt Stack?

@emad-r said in Automatically Add New Vultr Fedora Minion to Salt Master:

@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:

If you are using Vultr as your VPS or Cloud Computing IaaS platform, then you have some simple tools to make automating a Salt Minion installation even easier. Vultr allows for "boot scripts" which run upon initial VM creation, along with their automatically installed system keys. Adding a tiny script can make all of the difference between needing to set up a new VM and having the entire process be totally automated.

Here is an example script that you can use. Notice that this is for Fedora and uses DNF. You will need a similar script for APT, YUM or other package management systems.

#!/bin/sh dnf -y install salt-minion echo "master: you.salt.master" >> /etc/salt/minion systemctl restart salt-minion systemctl enable salt-minion

That's all that it takes. Select the script when building your VM(s) and look for them to auto-populate in your Salt Master's key request list.

But what will be the ID/name of this Fedora instance in salt master ?

LOL, I got confused. Was thinking we were on Sodium, not salt.

It'll be your hostname.

@jaredbusch said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller why install a proxy when Apaches here and working what is the benefit to having a proxy on the same server. Let’s Encrypt perfectly with Apache

Security and flexibility typically. Here is the admitted marketing material from Nginx on security: "Security and anonymity – By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network."

Just as a comparison, here's what it would look like with Ansible:

name: Recursively own html files file: path: /var/www/html owner: apache group: apache state: directory recurse: yes