ZeroTier Client & Automatic Authorization Salt State

  • ZeroTier Client & Automatic Authorization

    On your Salt Master, check the file /etc/salt/master, and make sure that pillar_opts is set to True.

    # The pillar_opts option adds the master configuration file data to a dict in
    #pillar_opts: False
    pillar_opts: True

    If you have to change it, then restart the salt-master service: systemctl restart salt-master

    On your Salt Master, create the following two files.
    /srv/salt/zerotier.sls, contains the commands to Install CURL, ZeroTier, and Join the Network ID specified later.

        - pkgs:
          - curl
        - name: |
            curl -s | gpg --import
        - name:  |
            curl -s | gpg --output - > /tmp/ && bash /tmp/
        - name:  |
             zerotier-cli join {{ pillar['zt_networkid'] }}
        - name:  |
            MYID=`zerotier-cli info|cut -d ' ' -f 3`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization]}}'{{ pillar['zt_networkid'] }}/member/$MYID > /tmp/ztinfo.txt
            sed 's/"authorized":false/"authorized":true/' /tmp/ztinfo.txt > /tmp/ztright.txt
            MEMBER=`cat /tmp/ztright.txt`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization'] }}' -X POST -d $MEMBER{{ pillar['zt_networkid'] }}/member/$MYID
            rm /tmp/ztinfo.txt
            rm /tmp/ztright.txt


    #zt_authorization is the API Key from the web portal.  You will have to create this if you don't already have it set up.
    #zt_networkid is the network ID of your ZeroTier network.
    #Replace apikeyhere and networkidhere with the values from your own ZeroTier network.
    zt_authorization: apikeyhere
    zt_networkid: networkidhere

    You must also add the ZeroTier pillar into /srv/pillar/top.sls in the '*' section. Anywhere in the list is fine. Your Top file may be empty, in which case, you can use the template below.


       - zerotier

    Now... Apply this state to a single system:

    salt 'MyTestComputer' state.apply zerotier

    And if everything is done correctly, your device should have a ZeroTier IP address in a few seconds. You can check by:

    salt 'MyTestComputer' grains.item ipv4

    You should see an IP address in the range of your ZeroTier Network in the response.

  • Nice work! Thanks 🙂

  • @aaronstuder said in ZeroTier Client & Automatic Authorization Salt State:

    Nice work! Thanks 🙂

    It has been a while since I've tested this so let me know if it gives you any problems.