ZeroTier Client & Automatic Authorization Salt State

  • ZeroTier Client & Automatic Authorization

    On your Salt Master, check the file /etc/salt/master, and make sure that pillar_opts is set to True.

    # The pillar_opts option adds the master configuration file data to a dict in
    #pillar_opts: False
    pillar_opts: True

    If you have to change it, then restart the salt-master service: systemctl restart salt-master

    On your Salt Master, create the following two files.
    /srv/salt/zerotier.sls, contains the commands to Install CURL, ZeroTier, and Join the Network ID specified later.

        - pkgs:
          - curl
        - name: |
            curl -s | gpg --import
        - name:  |
            curl -s | gpg --output - > /tmp/ && bash /tmp/
        - name:  |
             zerotier-cli join {{ pillar['zt_networkid'] }}
        - name:  |
            MYID=`zerotier-cli info|cut -d ' ' -f 3`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization]}}'{{ pillar['zt_networkid'] }}/member/$MYID > /tmp/ztinfo.txt
            sed 's/"authorized":false/"authorized":true/' /tmp/ztinfo.txt > /tmp/ztright.txt
            MEMBER=`cat /tmp/ztright.txt`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization'] }}' -X POST -d $MEMBER{{ pillar['zt_networkid'] }}/member/$MYID
            rm /tmp/ztinfo.txt
            rm /tmp/ztright.txt


    #zt_authorization is the API Key from the web portal.  You will have to create this if you don't already have it set up.
    #zt_networkid is the network ID of your ZeroTier network.
    #Replace apikeyhere and networkidhere with the values from your own ZeroTier network.
    zt_authorization: apikeyhere
    zt_networkid: networkidhere

    You must also add the ZeroTier pillar into /srv/pillar/top.sls in the '*' section. Anywhere in the list is fine. Your Top file may be empty, in which case, you can use the template below.


       - zerotier

    Now... Apply this state to a single system:

    salt 'MyTestComputer' state.apply zerotier

    And if everything is done correctly, your device should have a ZeroTier IP address in a few seconds. You can check by:

    salt 'MyTestComputer' grains.item ipv4

    You should see an IP address in the range of your ZeroTier Network in the response.

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.