ZeroTier Client & Automatic Authorization Salt State



  • ZeroTier Client & Automatic Authorization


    On your Salt Master, check the file /etc/salt/master, and make sure that pillar_opts is set to True.

    # The pillar_opts option adds the master configuration file data to a dict in
    #pillar_opts: False
    pillar_opts: True
    

    If you have to change it, then restart the salt-master service: systemctl restart salt-master

    On your Salt Master, create the following two files.
    /srv/salt/zerotier.sls, contains the commands to Install CURL, ZeroTier, and Join the Network ID specified later.

    install_common_packages:
     pkg.installed:
        - pkgs:
          - curl
    
    install_zerotier_gpg_key:
      cmd.run:
        - name: |
            curl -s https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | gpg --import
    
    install_zerotier:
      cmd.run:
        - name:  |
            curl -s https://install.zerotier.com/ | gpg --output - > /tmp/zt-install.sh && bash /tmp/zt-install.sh
    
    join_network:
      cmd.run:
        - name:  |
             zerotier-cli join {{ pillar['zt_networkid'] }}
    
    authorize_client:
      cmd.run:
        - name:  |
            MYID=`zerotier-cli info|cut -d ' ' -f 3`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization]}}' https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID > /tmp/ztinfo.txt
            sed 's/"authorized":false/"authorized":true/' /tmp/ztinfo.txt > /tmp/ztright.txt
            MEMBER=`cat /tmp/ztright.txt`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization'] }}' -X POST -d $MEMBER https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID
            rm /tmp/ztinfo.txt
            rm /tmp/ztright.txt
    

    /srv/pillar/zerotier.sls

    #ZT PILLAR
    #zt_authorization is the API Key from the web portal.  You will have to create this if you don't already have it set up.
    
    #zt_networkid is the network ID of your ZeroTier network.
    
    #Replace apikeyhere and networkidhere with the values from your own ZeroTier network.
    zt_authorization: apikeyhere
    zt_networkid: networkidhere
    
    

    You must also add the ZeroTier pillar into /srv/pillar/top.sls in the '*' section. Anywhere in the list is fine. Your Top file may be empty, in which case, you can use the template below.

    /srv/pillar/top.sls

    base:
      '*':
       - zerotier
    

    Now... Apply this state to a single system:

    salt 'MyTestComputer' state.apply zerotier
    

    And if everything is done correctly, your device should have a ZeroTier IP address in a few seconds. You can check by:

    salt 'MyTestComputer' grains.item ipv4
    

    You should see an IP address in the range of your ZeroTier Network in the response.



  • Nice work! Thanks 🙂



  • @aaronstuder said in ZeroTier Client & Automatic Authorization Salt State:

    Nice work! Thanks 🙂

    It has been a while since I've tested this so let me know if it gives you any problems.