Secrets

View secrets from master

Create key called mysecretkey on master

echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey"

View secrets from minion

Get a specific secret from a minion

salt-call pillar.get a-secret

Resource: https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/

Directory structure

There are two essential locations for salt related files (excluding service files):

/etc/salt holds configuration files for the master and minion, as well as the keys for known minions.

/srv/salt has the state, pillar and reactor files.

Resource: https://implement.pt/2018/10/a-comprehensive-introduction-to-salt/

Useful utilities

List all connected minions

Show status for all connected minions

This will also show minions that are down.

Resource: https://serverfault.com/questions/529049/how-do-i-list-all-connected-salt-stack-minions

Add new salt state

Salt states are the equivalent to a cookbook in Chef or a module in Puppet. To create a new one, do the following:

1. Login to the salt master
2. mkdir /srv/salt/<name of state>
3. Add your logic to /srv/salt/<name of state>/init.sls

Resource: https://implement.pt/2018/10/a-comprehensive-introduction-to-salt/

Run state on all minions

Alternatively, you can specify one from the command line:

salt '*' state.apply <name of state>

Run state on single minion

salt '<minion name>' state.apply

Alternatively, you can specify one from the command line:

salt '<minion name>' state.apply <name of state>

Minion commands

Test connection to master

salt-call -l debug test.ping

Resource: https://github.com/saltstack/salt/issues/45973