Book Image

Learning SaltStack

By : Colton Myers
Book Image

Learning SaltStack

By: Colton Myers

Overview of this book

Table of Contents (15 chapters)

Defining secure minion-specific data in pillar

So far, we've only been defining the state of our infrastructure using state files. However there is no mechanism in the state files for per-minion access control. Any file or data that you put in /srv/salt is immediately available for approved minions.

Thus, we need a system to give minions sensitive data. That system in Salt is called pillar.

Much like grains, which we have talked about before, pillar is just a key-value store in Salt. However, each minion gets its own set of pillar data, encrypted on a per-minion basis, which makes it suitable for sensitive data.

Our pillar files are stored in a separate directory from our state files. By default, this directory is /srv/pillar. Let's create this directory:

# sudo mkdir /srv/pillar
# cd /srv/pillar

Let's define some pillar data. Inside of /srv/pillar, we're going to create a couple of files. The first file is going to be /srv/pillar/core.sls. Note that pillar files also have the .sls file extension...