Book Image

Learning SaltStack - Second Edition

By : Colton Myers
Book Image

Learning SaltStack - Second Edition

By: Colton Myers

Overview of this book

SaltStack is one of the best infrastructure management platforms available. It provides powerful tools for defining and enforcing the state of your infrastructure in a clear, concise way. With this book learn how to use these tools for your own infrastructure by understanding the core pieces of Salt. In this book we will take you from the initial installation of Salt, through running their first commands, and then talk about extending Salt for individual use cases. From there you will explore the state system inside of Salt, learning to define the desired state of our infrastructure in such a way that Salt can enforce that state with a single command. Finally, you will learn about some of the additional tools that salt provides, including salt-cloud, the reactor, and the event system. We?ll finish by exploring how to get involved with salt and what'?s new in the salt community. Finally, by the end of the book, you'll be able to build a reliable, scalable, secure, high-performance infrastructure and fully utilize the power of cloud computing.
Table of Contents (17 chapters)
Learning SaltStack Second Edition
About the Author
About the Reviewer

Firewall and network configuration

Finally, a short word on firewall and network configuration.

Salt is designed so that ports only need to be opened on the Salt master. This is convenient as the firewall settings only need to be modified on one machine. (Refer to Chapter 1, Diving In – Our First Salt Commands, for instructions on how to open the necessary ports on the master.)

However, this also means that we're opening ports on the most critical piece of our infrastructure. If our Salt master is compromised, the attacker could gain the equivalent of root access across our entire infrastructure!

Because of this single point of failure, it is recommended that your master should not be open to the public Internet, if possible. This is much less convenient, as external minions must be connected to the Salt master's private network (usually via a VPN), but makes it astronomically more difficult for an attacker to access the master.

If the master must be connected to the Internet at large, other...