Book Image

Learning SaltStack - Second Edition

By : Colton Myers
Book Image

Learning SaltStack - Second Edition

By: Colton Myers

Overview of this book

SaltStack is one of the best infrastructure management platforms available. It provides powerful tools for defining and enforcing the state of your infrastructure in a clear, concise way. With this book learn how to use these tools for your own infrastructure by understanding the core pieces of Salt. In this book we will take you from the initial installation of Salt, through running their first commands, and then talk about extending Salt for individual use cases. From there you will explore the state system inside of Salt, learning to define the desired state of our infrastructure in such a way that Salt can enforce that state with a single command. Finally, you will learn about some of the additional tools that salt provides, including salt-cloud, the reactor, and the event system. We?ll finish by exploring how to get involved with salt and what'?s new in the salt community. Finally, by the end of the book, you'll be able to build a reliable, scalable, secure, high-performance infrastructure and fully utilize the power of cloud computing.
Table of Contents (17 chapters)
Learning SaltStack Second Edition
About the Author
About the Reviewer

Securing Salt configuration

The default Salt configuration values are designed to be pretty secure. However, sometimes, new users to Salt change configuration values for convenience, which could have an adverse effect on the security of your infrastructure.

Master configuration

open_mode and auto_accept

Salt provides the ability to bypass certain authentication protocols for very secure environments, or for convenience in testing environments. In your master configuration template, you'll find settings for open_mode and auto_accept:

# Enable "open mode", this mode still maintains encryption, but
# turns off authentication, this is only intended for highly
# secure environments or for the situation where your keys end up
# in a bad state. If you run in open mode you do so at your own
# risk!
#open_mode: False

# Enable auto_accept, this setting will automatically accept all
# incoming public keys from the minions. Note that this is
# insecure.
#auto_accept: False

At the first glance, these two...