Salt helps you configure 1, 10, 100 or more computers. Secrets, such as encryption keys, must be given to authorized slaves only. In Salt, secrets are kept in pillars.
If you are just starting with pillars, do pillars tutorial first. This short listing of configuration files and commands is meant for people who already know salt. If you’re just getting started, see salt master-slave installation and salt states.
$ head -100 /srv/pillar/* /srv/salt/ssh/init.sls
==> /srv/pillar/paiste.sls <==
port: 1917
==> /srv/pillar/top.sls <==
base:
paiste:
- paiste
==> /srv/salt/ssh/init.sls <==
ssh:
pkg.installed
/etc/ssh/sshd_config:
file.managed:
- source: salt://ssh/sshd_config
- template: jinja
- context:
port: {{ pillar.get('port', 22) }}
sshd.service:
service.running:
- watch:
- file: /etc/ssh/sshd_config
$ grep '{{' /srv/salt/ssh/sshd_config
Port {{ port }}
Run it
$ sudo salt '*' state.highstate --state-output terse paiste: Name: /tmp/hellotero.txt - Function: file.managed - Result: Clean Name: ssh - Function: pkg.installed - Result: Clean Name: /etc/ssh/sshd_config - Function: file.managed - Result: Clean Name: sshd.service - Function: service.running - Result: Clean Summary for paiste ------------ Succeeded: 4 Failed: 0 ------------ Total states run: 4
Test
$ nc -vz localhost 22 nc: connect to localhost port 22 (tcp) failed: Connection refused $ nc -vz localhost 1917 Connection to localhost 1917 port [tcp/*] succeeded! $ ssh -p 1917 xubuntu@localhost Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0-28-generic x86_64) [...] Last login: Tue Apr 17 16:42:01 2018 from 127.0.0.1 xubuntu@xubuntu:~$ exit
See also
Official Salt Get Started: SaltStack Configuration Management: Pillar
Official Salt Documentation: Pillar Walkthrough