To address this need there are many options, one of them is to preseed minions keys (still pretty secure). You may also want to let your developers provision new development machines on the fly. For instance, you may want the Minion to bootstrap itself as soon as it comes online. This is the default (pretty secure) behaviour in Salt for accepting connections, however in some situations it is not convenient to wait for a Minion to start before accepting its key on the Master. Salt Minion keys must be accepted before systems can receive commands from the Salt Master. After installation, each Salt Minion sends its public key to the Salt master, where it eagerly waits to be accepted. You may ask yourself what is the Minion key? Why do I need to accept it on Master? Here is why: each connection between the Salt Master and Salt Minion is managed and secured using cryptographic keys.
Before with get startedĪdding new minions is very straightforward you just need to install the salt-minion on the machines you want to manage (will see agentless in a future post) and then accept their keys on the vRA SaltStack Config/Master. Now that we have our vRA SaltStack Config (with Master) up and running it’s time to start playing with it and the first things to do is to add some minions and issue our first commands.
0 kommentar(er)
