ZeroTier Client & Automatic Authroization Salt State



  • ZeroTier Client & Automatic Authorization


    On your Salt Master, check the file /etc/salt/master, and make sure that pillar_opts is set to True.

    # The pillar_opts option adds the master configuration file data to a dict in
    #pillar_opts: False
    pillar_opts: True
    

    If you have to change it, then restart the salt-master service: systemctl restart salt-master

    On your Salt Master, create the following two files.
    /srv/salt/zerotier.sls, contains the commands to Install CURL, ZeroTier, and Join the Network ID specified later.

    install_common_packages:
     pkg.installed:
        - pkgs:
          - curl
    
    install_zerotier_gpg_key:
      cmd.run:
        - name: |
            curl -s https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | gpg --import
    
    install_zerotier:
      cmd.run:
        - name:  |
            curl -s https://install.zerotier.com/ | gpg --output - > /tmp/zt-install.sh && bash /tmp/zt-install.sh
    
    join_network:
      cmd.run:
        - name:  |
             zerotier-cli join {{ pillar['zt_networkid'] }}
    
    authorize_client:
      cmd.run:
        - name:  |
            MYID=`zerotier-cli info|cut -d ' ' -f 3`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization]}}' https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID > /tmp/ztinfo.txt
            sed 's/"authorized":false/"authorized":true/' /tmp/ztinfo.txt > /tmp/ztright.txt
            MEMBER=`cat /tmp/ztright.txt`
            curl  -H 'Authorization: Bearer {{ pillar['zt_authorization'] }}' -X POST -d $MEMBER https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID
            rm /tmp/ztinfo.txt
            rm /tmp/ztright.txt
    

    /srv/pillar/zerotier.sls

    #ZT PILLAR
    #zt_authorization is the API Key from the web portal.  You will have to create this if you don't already have it set up.
    
    #zt_networkid is the network ID of your ZeroTier network.
    
    #Replace apikeyhere and networkidhere with the values from your own ZeroTier network.
    zt_authorization: apikeyhere
    zt_networkid: networkidhere
    
    

    You must also add the ZeroTier pillar into /srv/pillar/top.sls in the '*' section. Anywhere in the list is fine. Your Top file may be empty, in which case, you can use the template below.

    /srv/pillar/top.sls

    base:
      '*':
       - zerotier
    

    Now... Apply this state to a single system:

    salt 'MyTestComputer' state.apply zerotier
    

    And if everything is done correctly, your device should have a ZeroTier IP address in a few seconds. You can check by:

    salt 'MyTestComputer' grains.item ipv4
    

    You should see an IP address in the range of your ZeroTier Network in the response.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.