Skip to main content

Posts

Showing posts with the label pillar

Saltstack and Vault integration

By
First install and configure vault using this tutorial: https://apassionatechie.wordpress.com/2017/03/05/hashicorp-vault/ Use the latest version of vault. Then install salt using the steps given here: https://docs.saltstack.com/en/latest/topics/installation/ If you face any issues then refer these links: https://apassionatechie.wordpress.com/2017/07/31/salt-issues/ https://apassionatechie.wordpress.com/2017/08/03/salt-stack-formulas/ Now let's integrate vault and salt so that we can access vault secrets from inside salt state. First let's add some key values into our vault. vault write secret/ssh/user1 password="abc123" Then you can check it by reading: vault read secret/ssh/user1 To allow salt to access your secrets you must firstly create a policy as follows: salt-policy.hcl [code] path "secret/*" { capabilities = ["read", "list"] } path "auth/*" { capabilities = ["read", "list","sudo",...
2 comments
Read more

Salt stack issues

By
The function “state.apply” is running as PID Restart salt-minion with command:  service salt-minion restart No matching sls found for ‘init’ in env ‘base’ Add top.sls file in the directory where your main sls file is present. Create the file as follows: base: 'web*': - apache If the sls is present in a subdirectory elasticsearch/init.sls then write the top.sls as: base: '*': - elasticsearch.init How to execute saltstack-formulas create file  /srv/pillar/top.sls  with content: base : ' * ' : - salt create file  /srv/pillar/salt.sls  with content: salt : master : worker_threads : 2 fileserver_backend : - roots - git gitfs_remotes : - git://github.com/saltstack-formulas/epel-formula.git - git://github.com/saltstack-formulas/git-formula.git - git://github.com/saltstack-formulas/nano-formula.git - git://github.com/saltstack-formulas/rabbitmq-formula.git - git://github.co...
Post a Comment
Read more

Salt stack formulas:

By
Add all the configurations in pillar.sls into the target file: 1 2 3 4 5 6 7 8 9 10 11 {%- if salt['pillar.get']('elasticsearch:config') %} /etc/elasticsearch/elasticsearch.yml:    file.managed:      - source: salt://elasticsearch/files/elasticsearch.yml      - user: root      - template: jinja      - require:        - sls: elasticsearch.pkg      - context:          config: {{ salt['pillar.get']('elasticsearch:config', '{}') }} {%- endif %} 2. Create multiple directories if it does not exists 1 2 3 4 5 6 7 8 9 10 11 12 {% for dir in (data_dir, log_dir) %} {% if dir %} {{ dir }}:    file.directory:      - user: elasticsearch      - group: elasticsearch  ...
Post a Comment
Read more