Book Image

Learning SaltStack - Second Edition

By : Colton Myers
Book Image

Learning SaltStack - Second Edition

By: Colton Myers

Overview of this book

SaltStack is one of the best infrastructure management platforms available. It provides powerful tools for defining and enforcing the state of your infrastructure in a clear, concise way. With this book learn how to use these tools for your own infrastructure by understanding the core pieces of Salt. In this book we will take you from the initial installation of Salt, through running their first commands, and then talk about extending Salt for individual use cases. From there you will explore the state system inside of Salt, learning to define the desired state of our infrastructure in such a way that Salt can enforce that state with a single command. Finally, you will learn about some of the additional tools that salt provides, including salt-cloud, the reactor, and the event system. We?ll finish by exploring how to get involved with salt and what'?s new in the salt community. Finally, by the end of the book, you'll be able to build a reliable, scalable, secure, high-performance infrastructure and fully utilize the power of cloud computing.
Table of Contents (17 chapters)
Learning SaltStack Second Edition
About the Author
About the Reviewer

Key management

Key management is another area of Salt with a vast range of convenience/security trade-offs. For convenience, Salt does not require you to manually transfer the keys between masters and minions in order for authentication to occur. Instead, the minion will contact the master, and the master will cache the minion's public RSA key, awaiting manual approval.

Often, if we just created the minion in question and a minion of that name appears in the master's key list, we can assume with some degree of certainty that the key we're accepting is the key of the minion we just created.

However, it's possible that a malicious party could have contacted the master under the same name. In this case, we would be accepting a key from a malicious party, who would now be able to retrieve data to which they should not have access.

Such an attack is unlikely. It would be very hard to execute, as it's a small attack window, and the attacker would need to know the name of the minion being created...