Automatically Add New Vultr Fedora Minion to Salt Master
-
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
echo "master: you.salt.master" >> /etc/salt/minion
This is a FQDN? Like master.domain.com?
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
echo "master: you.salt.master" >> /etc/salt/minion
This is a FQDN? Like master.domain.com?
Yes, or anything that would resolve from your minion, but realistically an FQDN 95% of the time.
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
echo "master: you.salt.master" >> /etc/salt/minion
This is a FQDN? Like master.domain.com?
It defaults to the name salt. So if your server will resolve from the short name salt, it would be fine. If not, then you need either the short or fqdn.
-
@stacksofplates so if your search domain was correctly setup, and your salt master was at salt.domain.com you wouldn't even need this line?
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@stacksofplates so if your search domain was correctly setup, and your salt master was at salt.domain.com you wouldn't even need this line?
correct.
-
@stacksofplates Good to know
-
@scottalanmiller Anyway this could reach out to the salt master, and automatically setup Nextcloud for example? I assume not because you have to allow access the minion first?
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller Anyway this could reach out to the salt master, and automatically setup Nextcloud for example? I assume not because you have to allow access the minion first?
It will reach out so that all you have to do is add it to the group that gets NextCloud or you can run the state against it. If you put nextcloud in its hostname, for example, you could make that trigger it being a nextcloud server automatically. That's a common way to go.
The key still has to be accepted on the master, but that's it. You never, ever, need to log into the minion.
-
@scottalanmiller Is there a way to have to auto accepted by the master? Maybe there is a security concern with this?
-
Preseed Minion with Accepted Key
In some situations, it is not convenient to wait for a minion to start before accepting its key on the master. For instance, you may want the minion to bootstrap itself as soon as it comes online. You may also want to to let your developers provision new development machines on the fly.
https://docs.saltstack.com/en/latest/topics/tutorials/preseed_key.html -
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller Is there a way to have to auto accepted by the master? Maybe there is a security concern with this?
You could, but you really don't want to in a case like this. It would mean that absolutely any machine on the Internet that figured out that you were out there could join your master.
-
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
You could, but you really don't want to in a case like this. It would mean that absolutely any machine on the Internet that figured out that you were out there could join your master.
Then you could have some fun with them
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
You could, but you really don't want to in a case like this. It would mean that absolutely any machine on the Internet that figured out that you were out there could join your master.
Then you could have some fun with them
They might be able to use it to DDOS you, but then again, if they found that you are a salt master, they could just normal DDOS you, soooo I guess that would be pointless.
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
You could, but you really don't want to in a case like this. It would mean that absolutely any machine on the Internet that figured out that you were out there could join your master.
Then you could have some fun with them
Not really, they control what you can do. The issue is that they will download all of your management info.
-
@aaronstuder said in Automatically Add New Vultr Fedora Minion to Salt Master:
e master? Maybe there is a security concern with t
There is setting on the master salt that you can change as well, called auto-accept
-
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
If you are using Vultr as your VPS or Cloud Computing IaaS platform, then you have some simple tools to make automating a Salt Minion installation even easier. Vultr allows for "boot scripts" which run upon initial VM creation, along with their automatically installed system keys. Adding a tiny script can make all of the difference between needing to set up a new VM and having the entire process be totally automated.
Here is an example script that you can use. Notice that this is for Fedora and uses DNF. You will need a similar script for APT, YUM or other package management systems.
#!/bin/sh dnf -y install salt-minion echo "master: you.salt.master" >> /etc/salt/minion systemctl restart salt-minion systemctl enable salt-minion
That's all that it takes. Select the script when building your VM(s) and look for them to auto-populate in your Salt Master's key request list.
But what will be the ID/name of this Fedora instance in salt master ?
-
@emad-r said in Automatically Add New Vultr Fedora Minion to Salt Master:
@scottalanmiller said in Automatically Add New Vultr Fedora Minion to Salt Master:
If you are using Vultr as your VPS or Cloud Computing IaaS platform, then you have some simple tools to make automating a Salt Minion installation even easier. Vultr allows for "boot scripts" which run upon initial VM creation, along with their automatically installed system keys. Adding a tiny script can make all of the difference between needing to set up a new VM and having the entire process be totally automated.
Here is an example script that you can use. Notice that this is for Fedora and uses DNF. You will need a similar script for APT, YUM or other package management systems.
#!/bin/sh dnf -y install salt-minion echo "master: you.salt.master" >> /etc/salt/minion systemctl restart salt-minion systemctl enable salt-minion
That's all that it takes. Select the script when building your VM(s) and look for them to auto-populate in your Salt Master's key request list.
But what will be the ID/name of this Fedora instance in salt master ?
LOL, I got confused. Was thinking we were on Sodium, not salt.
It'll be your hostname.