You can control a huge number of daemons with a configuration management system. Package-file-service is the common pattern for this: install the software, replace a configuration file and finally restart the daemon to use the new configuration.
This article shows a simple Salt state to change SSH server port.
Set up salt master-slave architecture.
On the master, create the state (sshd.sls) and the master copy of configuration file (sshd_config).
Create SSH State
$ cat /srv/salt/sshd.sls
openssh-server:
pkg.installed
/etc/ssh/sshd_config:
file.managed:
- source: salt://sshd_config
sshd:
service.running:
- watch:
- file: /etc/ssh/sshd_config
This is almost the default sshd_config file from Ubuntu right after installing openssh-server. Just comments (“#”) removed and port number changed (“Port 8888”).
$ cat /srv/salt/sshd_config # DON'T EDIT - managed file, changes will be overwritten Port 8888 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 1024 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin prohibit-password StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes
Apply the State to Slaves
$ sudo salt '*' state.apply sshd
Test
Using one of your slaves as a target (instead of tero.example.com)
$ nc -vz tero.example.com 8888 Connection to tero.example.com 2002 port [tcp/*] succeeded!
Or
$ ssh -p 8888 tero@tero.example.com tero@tero.example.com's password:
If you got the SSH daemon answer on port 8888, well done. Your package-file-service state is working!
What daemons will you configure next?