Secrets in Salt Pillars – SSH Port Change

Salt helps you configure 1, 10, 100 or more computers. Secrets, such as encryption keys, must be given to authorized slaves only. In Salt, secrets are kept in pillars.
If you are just starting with pillars, do pillars tutorial first. This short listing of configuration files and commands is meant for people who already know salt. If you’re just getting started, see salt master-slave installation and salt states.



$ head -100 /srv/pillar/* /srv/salt/ssh/init.sls
==> /srv/pillar/paiste.sls <==
port: 1917
==> /srv/pillar/top.sls <==
base:
 paiste:
 - paiste
==> /srv/salt/ssh/init.sls <==
ssh:
  pkg.installed
/etc/ssh/sshd_config:
  file.managed:
    - source: salt://ssh/sshd_config
    - template: jinja
    - context:
      port: {{ pillar.get('port', 22) }}
sshd.service:
  service.running:
    - watch:
      - file: /etc/ssh/sshd_config
$ grep '{{' /srv/salt/ssh/sshd_config
Port {{ port }}

Run it

$ sudo salt '*' state.highstate --state-output terse
paiste:
  Name: /tmp/hellotero.txt - Function: file.managed - Result: Clean
  Name: ssh - Function: pkg.installed - Result: Clean
  Name: /etc/ssh/sshd_config - Function: file.managed - Result: Clean
  Name: sshd.service - Function: service.running - Result: Clean
Summary for paiste
------------
Succeeded: 4
Failed:    0
------------
Total states run:     4

Test

$ nc -vz localhost 22
nc: connect to localhost port 22 (tcp) failed: Connection refused
$ nc -vz localhost 1917
Connection to localhost 1917 port [tcp/*] succeeded!
$ ssh -p 1917 xubuntu@localhost
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-28-generic x86_64)
[...]
Last login: Tue Apr 17 16:42:01 2018 from 127.0.0.1
xubuntu@xubuntu:~$ exit

See also

Official Salt Get Started: SaltStack Configuration Management: Pillar
Official Salt Documentation: Pillar Walkthrough

Posted in Uncategorized | Tagged , , , , , | Comments Off on Secrets in Salt Pillars – SSH Port Change

Comments are closed.