ZeroTier Client & Automatic Authorization Salt State
-
ZeroTier Client & Automatic Authorization
On your Salt Master, check the file /etc/salt/master, and make sure that pillar_opts is set to True.
# The pillar_opts option adds the master configuration file data to a dict in #pillar_opts: False pillar_opts: True
If you have to change it, then restart the salt-master service:
systemctl restart salt-master
On your Salt Master, create the following two files.
/srv/salt/zerotier.sls, contains the commands to Install CURL, ZeroTier, and Join the Network ID specified later.install_common_packages: pkg.installed: - pkgs: - curl install_zerotier_gpg_key: cmd.run: - name: | curl -s https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | gpg --import install_zerotier: cmd.run: - name: | curl -s https://install.zerotier.com/ | gpg --output - > /tmp/zt-install.sh && bash /tmp/zt-install.sh join_network: cmd.run: - name: | zerotier-cli join {{ pillar['zt_networkid'] }} authorize_client: cmd.run: - name: | MYID=`zerotier-cli info|cut -d ' ' -f 3` curl -H 'Authorization: Bearer {{ pillar['zt_authorization]}}' https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID > /tmp/ztinfo.txt sed 's/"authorized":false/"authorized":true/' /tmp/ztinfo.txt > /tmp/ztright.txt MEMBER=`cat /tmp/ztright.txt` curl -H 'Authorization: Bearer {{ pillar['zt_authorization'] }}' -X POST -d $MEMBER https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID rm /tmp/ztinfo.txt rm /tmp/ztright.txt
/srv/pillar/zerotier.sls
#ZT PILLAR #zt_authorization is the API Key from the web portal. You will have to create this if you don't already have it set up. #zt_networkid is the network ID of your ZeroTier network. #Replace apikeyhere and networkidhere with the values from your own ZeroTier network. zt_authorization: apikeyhere zt_networkid: networkidhere
You must also add the ZeroTier pillar into /srv/pillar/top.sls in the '*' section. Anywhere in the list is fine. Your Top file may be empty, in which case, you can use the template below.
/srv/pillar/top.sls
base: '*': - zerotier
Now... Apply this state to a single system:
salt 'MyTestComputer' state.apply zerotier
And if everything is done correctly, your device should have a ZeroTier IP address in a few seconds. You can check by:
salt 'MyTestComputer' grains.item ipv4
You should see an IP address in the range of your ZeroTier Network in the response.
-
Nice work! Thanks
-
@aaronstuder said in ZeroTier Client & Automatic Authorization Salt State:
Nice work! Thanks
It has been a while since I've tested this so let me know if it gives you any problems.