search

saltstack / salt-bootstrap

Generic Salt Bootstrap Script
Other
928 stars 551 forks source link

RFE: Support auto accept minion by grain #1972

Open tjyang opened 1 year ago

tjyang commented 1 year ago

Description of Issue/Question

WHAT: This is a request for enhancement. WHY: To automate trusted minions deployment via pre-shared key approach to avoid the need to login salt-master.

See R1: The minion client side steps in R1 is like followings, before bootstrap startup minion.

  1. Enable minion to send in "my_auto_sign_grain" grain.

cat <<-END >/etc/salt/minion.d/autosign_grains.conf autosign_grains: - my_auto_sign_grain END

  1. Add a file under minion.d to specify custom grain for autosign cat <<-END >/etc/salt/minion.d/grains.conf grains: my_auto_sign_grain: my-secret-key-for-auto-sign END

R1: https://docs.saltproject.io/en/latest/topics/tutorials/autoaccept_grains.html

Setup

(Please provide relevant configs (Be sure to remove sensitive info).)

Steps to Reproduce Issue

Following addon -G argument on minion should works when master side have autosign by grain enabled.

bootstrap-salt.sh -G my-secret-key-for-auto-sign

Versions and Systems

(salt --versions-report, bootstrap-salt.sh -v, system type and version, cloud/VM provider as appropriate.)