Book Image

Learning SaltStack - Second Edition

By : Colton Myers
Book Image

Learning SaltStack - Second Edition

By: Colton Myers

Overview of this book

SaltStack is one of the best infrastructure management platforms available. It provides powerful tools for defining and enforcing the state of your infrastructure in a clear, concise way. With this book learn how to use these tools for your own infrastructure by understanding the core pieces of Salt. In this book we will take you from the initial installation of Salt, through running their first commands, and then talk about extending Salt for individual use cases. From there you will explore the state system inside of Salt, learning to define the desired state of our infrastructure in such a way that Salt can enforce that state with a single command. Finally, you will learn about some of the additional tools that salt provides, including salt-cloud, the reactor, and the event system. We?ll finish by exploring how to get involved with salt and what'?s new in the salt community. Finally, by the end of the book, you'll be able to build a reliable, scalable, secure, high-performance infrastructure and fully utilize the power of cloud computing.
Table of Contents (17 chapters)
Learning SaltStack Second Edition
About the Author
About the Reviewer

Defining secure minion-specific data in pillar

So far, we've only been defining the state of our infrastructure using state files. However, there is no mechanism in the state files for per-minion access control. Any file or data that you put in /srv/salt is immediately available for approved minions.

Thus, we need a system to give minion-sensitive data. That system in Salt is called the pillar system.

Much like grains, which we have talked about before, the pillar system is just a key-value store in Salt. However, each minion gets its own set of pillar data, encrypted on a per-minion basis, which makes it suitable for sensitive data.

Our pillar files are stored in a separate directory from our state files. By default, this directory is /srv/pillar. Let's create this directory:

# sudo mkdir /srv/pillar
# cd /srv/pillar

Let's define some pillar data. Inside /srv/pillar, we're going to create a couple of files. The first file is going to be /srv/pillar/core.sls. Note that pillar files also have...