pryorda/Pillar Get Secret

## files-ssh_host_rsa_key_pub
{{ salt['pillar.get']('ssh_host_rsa_key_pub') }}

## Pillar Get
root@int-sftp1:~/proftpd# salt-call pillar.get ssh_host_rsa_key_pub
local:
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC37AnaAawFfT2Izrl+ks/JQSdkpZHUNXl9OvWKVK0+Y5yTAJkDE9UMB3RXuCoV7HrGUxN+l2/ddV0cMXYI7TqnEeC+HtDx6qX+3iLzszmVDiULA1RbA14xyIY3Mfov94F3WVZgBhMnLHdC4SenAJrP58fjl0tTVnpeCUbnKPOlnSN4YE+dXPogU6okYqARVYAjgALeLpRmIgNCAwBHj2VsE3ibLo1/My0MbSHIyl5FtZ0fsZFPNNvnxlfIgjEaEyllJGnTUKzgGCRLUZSnmElmEt/kK/EIoxTItD+KHSQhNp+5t6BVpBDRkmxYtGND8ADbi9oif63h475Fq8QFQc5r root@ubuntu-template
root@int-sftp1:~/proftpd#

## pillar-proftpd-key.sls
{% if 'prod' in grains['host'] %}

ssh_host_dsa_key: |
  -----BEGIN DSA PRIVATE KEY-----
  xxx
  -----END DSA PRIVATE KEY-----

ssh_host_dsa_key_pub: 'ssh-dss AAAAB3NzaC1kc3MAAACBAPlVpb5vzwkjKlL5aLZP2sSvxS6sHCxF64lqtgoayNcx9AYUXtxljHuP4og9E1BaxetiAniIIYyLcHWJrOaxLh5dtVG0MwA3NtIC5i48zJNse8FpYYA9R+KG5A/M0AxRZXHRoDASayTBltXk3gxPtU8j/DlITGdHGJRMtkIDkEcpAAAAFQCisPGCBm0VwI8/WQg4bTzVcsIEYwAAAIALbmNfOlUE2u/LnHSdC9hPufq7GusEe8ySR3GBx8xvqlNeqOxM1rbjQL6e/OQLehU4Jhsd353HFvcdk/Gs3LK9DbVTLNNQADdR5zi6IU/z6jIXVwrzJdFj3/oMLxNo6CbhN4OLrQpsEt3Av4l/wyoK6E0gEaxmbLt+L3BQVRIexQAAAIA4B6Wb2JbGxqMhcvZE6SmPfx9YZV8IIwoi+YHgTlrO8OgoABnbs2TiG/G32wghDpojgw3sR42U+wPdFsuunkF9jttOZxk7eH6rApoR0AdQCT2FWzKLJp5gW0AnGzCxQNMSyOpNdma9cnRMB53mjD9+SnDWCdgvChXIA/vykTY75w=='

ssh_host_rsa_key: |
  -----BEGIN RSA PRIVATE KEY-----
  ....

ssh_host_rsa_key_pub: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnI126xBnhn/odZ4kxn1n+QUSuzaaAmzcVSoeE7P9/5thJ6qIbdikjhZjfdo8r19J40h8Pb1ud8gSAxHo8eqN7nvAMvd2D+gzCM2Aoo2H01/oj78wBkTk9EL0yS9Sgm1hp2UQYEyUa7wKXsK2+I/cd80y8PIYV+pLcoFZPIgJydL5FIt8CXqBmkKmOPXrYXnvgcaiLk/ltHWvYDX48wAJ94HL8wn2TYab2h/APHe3t69KUZ6JHEbcFbL1cdiiSQ+IKGgAPwfuzOY2oVtRZSdyDneQ5ICe0Zqnzty9m4NCgy6hspuFxfCI8E6Jfmzgo3Enm498IkkrYgO7+Kx4SGcJ1Q=='

{% else %}

ssh_host_dsa_key: |
  -----BEGIN DSA PRIVATE KEY-----
  ....
  -----END DSA PRIVATE KEY-----

ssh_host_dsa_key_pub: 'ssh-dss AAAAB3NzaC1kc3MAAACBAOOR9QHhc8AlU7CwlxiWNZaeyPJ53JAfljWXnGMAgtSsMbbrPHJsT9p5Ep4T//ZcPrGzs6vYloVKaGyyBJJtfPrxjKDcDZn+ad2VHBybV4e9vdMcnKIw4gblsWmsYy40RcKGGkfuQE/c23haUEGqvh1RKGylDkhU+dt0mM5mB7HZAAAAFQDEoA+eT8Yzqu0UqyfbzmbUiLt5zwAAAIAdik3QEx3alvl6tcAV4HfpoSGBx7ni+V6De9y5wMc8TMW1h0JI1x+EW8OTjt20EHtN/aJIz9/7l3hyid98nG7hu6CDFZKdAwYl34LqsIhloqhgWPSi3ZpmXOpH1TuoFAAs2UQgqpumo19EG2+/UgbQrsPj9auZAmixqn9Xr4Mi2gAAAIEAvz2bbhUe7hMEeqel767CTIWXBV+JXZIYVrxCV3v6/dfAIBuyLLyBYRJ6GS2AhuIYfXvflaCANRx5dWhQ9O8JJOk9ySspoNHE/Vv9SxZ3AMGdleYBwf4W0TXQDXhKmobifUbUdOOD1dhPv68hlvfELCg1Rqu4AoZsFtIxipv+ock= root@ubuntu-template'

ssh_host_rsa_key: |
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----


ssh_host_rsa_key_pub: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC37AnaAawFfT2Izrl+ks/JQSdkpZHUNXl9OvWKVK0+Y5yTAJkDE9UMB3RXuCoV7HrGUxN+l2/ddV0cMXYI7TqnEeC+HtDx6qX+3iLzszmVDiULA1RbA14xyIY3Mfov94F3WVZgBhMnLHdC4SenAJrP58fjl0tTVnpeCUbnKPOlnSN4YE+dXPogU6okYqARVYAjgALeLpRmIgNCAwBHj2VsE3ibLo1/My0MbSHIyl5FtZ0fsZFPNNvnxlfIgjEaEyllJGnTUKzgGCRLUZSnmElmEt/kK/EIoxTItD+KHSQhNp+5t6BVpBDRkmxYtGND8ADbi9oif63h475Fq8QFQc5r root@ubuntu-template'

{% endif %}

## proftpd-init.sls
# Install Package
proftpd:
  pkg.installed:
    - name: proftpd-basic
    - version: 1.3.5~rc3-2.1ubuntu2.1
  service.running:
   - reload: True
   - enable: True
   - watch:
      - file: /etc/proftpd/dhparams.pem
      - file: /etc/proftpd/modules.conf
      - file: /etc/proftpd/proftpd.conf
      - file: /etc/ssh/ssh_host_rsa_key
      - file: /etc/ssh/ssh_host_dsa_key

# Manage file
'/etc/proftpd/dhparams.pem':
  file.managed:
    {% if 'prod' in grains['host'] %}
    - source: salt://proftpd/files/dhparams.pem_prod
    {% else %}
    - source: salt://proftpd/files/dhparams.pem_int
    {% endif %}
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: proftpd-basic

# Manage file
'/etc/proftpd/modules.conf':
  file.managed:
    {% if 'prod' in grains['host'] %}
    - source: salt://proftpd/files/modules.conf
    {% else %}
    - source: salt://proftpd/files/modules.conf
    {% endif %}
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: proftpd-basic

# Manage file
'/etc/proftpd/proftpd.conf':
  file.managed:
    - source: salt://proftpd/files/proftpd.conf
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: proftpd-basic
    - template: jinja

# Manage file
'/etc/ssh/ssh_host_rsa_key':
  file.managed:
    - source: salt://proftpd/files/ssh_host_rsa_key
    - user: root
    - group: root
    - mode: 600
    - template: jinja
    - require:
      - pkg: proftpd-basic

# Manage file
'/etc/ssh/ssh_host_dsa_key':
  file.managed:
    - source: salt://proftpd/files/ssh_host_dsa_key
    - user: root
    - group: root
    - mode: 600
    - template: jinja
    - require:
      - pkg: proftpd-basic

# Manage file
'/etc/ssh/ssh_host_rsa_key.pub':
  file.managed:
    - source: salt://proftpd/files/ssh_host_rsa_key.pub
    - user: root
    - group: root
    - mode: 600
    - template: jinja
    - require:
      - pkg: proftpd-basic

# Manage file
'/etc/ssh/ssh_host_dsa_key.pub':
  file.managed:
    - source: salt://proftpd/files/ssh_host_dsa_key.pub
    - user: root
    - group: root
    - mode: 600
    - template: jinja
    - require:
      - pkg: proftpd-basic


test_ftp_connection:
  cmd.run:
    - name: "echo quit | nc -v {{ salt['network.interface_ip']('eth0') }} 21"

test_sftp_connection:
  cmd.run:
    - name: "echo quit | nc -v {{ salt['network.interface_ip']('eth0') }} 22"

## salt run
----------
          ID: /etc/ssh/ssh_host_rsa_key.pub
    Function: file.managed
      Result: None
     Comment: The file /etc/ssh/ssh_host_rsa_key.pub is set to be changed
     Started: 08:57:35.859789
    Duration: 10.495 ms
     Changes:
              ----------
              diff:
                  ---
                  +++
                  @@ -1 +1 @@
                  -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC37AnaAawFfT2Izrl+ks/JQSdkpZHUNXl9OvWKVK0+Y5yTAJkDE9UMB3RXuCoV7HrGUxN+l2/ddV0cMXYI7TqnEeC+HtDx6qX+3iLzszmVDiULA1RbA14xyIY3Mfov94F3WVZgBhMnLHdC4SenAJrP58fjl0tTVnpeCUbnKPOlnSN4YE+dXPogU6okYqARVYAjgALeLpRmIgNCAwBHj2VsE3ibLo1/My0MbSHIyl5FtZ0fsZFPNNvnxlfIgjEaEyllJGnTUKzgGCRLUZSnmElmEt/kK/EIoxTItD+KHSQhNp+5t6BVpBDRkmxYtGND8ADbi9oif63h475Fq8QFQc5r root@ubuntu-template
                  +
              mode:
                  0600
----------
	root@int-sftp1:~/proftpd# salt-call pillar.get ssh_host_rsa_key_pub
	local:
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC37AnaAawFfT2Izrl+ks/JQSdkpZHUNXl9OvWKVK0+Y5yTAJkDE9UMB3RXuCoV7HrGUxN+l2/ddV0cMXYI7TqnEeC+HtDx6qX+3iLzszmVDiULA1RbA14xyIY3Mfov94F3WVZgBhMnLHdC4SenAJrP58fjl0tTVnpeCUbnKPOlnSN4YE+dXPogU6okYqARVYAjgALeLpRmIgNCAwBHj2VsE3ibLo1/My0MbSHIyl5FtZ0fsZFPNNvnxlfIgjEaEyllJGnTUKzgGCRLUZSnmElmEt/kK/EIoxTItD+KHSQhNp+5t6BVpBDRkmxYtGND8ADbi9oif63h475Fq8QFQc5r root@ubuntu-template
	root@int-sftp1:~/proftpd#
	{% if 'prod' in grains['host'] %}

	ssh_host_dsa_key: \|
	-----BEGIN DSA PRIVATE KEY-----
	xxx
	-----END DSA PRIVATE KEY-----

	ssh_host_dsa_key_pub: 'ssh-dss AAAAB3NzaC1kc3MAAACBAPlVpb5vzwkjKlL5aLZP2sSvxS6sHCxF64lqtgoayNcx9AYUXtxljHuP4og9E1BaxetiAniIIYyLcHWJrOaxLh5dtVG0MwA3NtIC5i48zJNse8FpYYA9R+KG5A/M0AxRZXHRoDASayTBltXk3gxPtU8j/DlITGdHGJRMtkIDkEcpAAAAFQCisPGCBm0VwI8/WQg4bTzVcsIEYwAAAIALbmNfOlUE2u/LnHSdC9hPufq7GusEe8ySR3GBx8xvqlNeqOxM1rbjQL6e/OQLehU4Jhsd353HFvcdk/Gs3LK9DbVTLNNQADdR5zi6IU/z6jIXVwrzJdFj3/oMLxNo6CbhN4OLrQpsEt3Av4l/wyoK6E0gEaxmbLt+L3BQVRIexQAAAIA4B6Wb2JbGxqMhcvZE6SmPfx9YZV8IIwoi+YHgTlrO8OgoABnbs2TiG/G32wghDpojgw3sR42U+wPdFsuunkF9jttOZxk7eH6rApoR0AdQCT2FWzKLJp5gW0AnGzCxQNMSyOpNdma9cnRMB53mjD9+SnDWCdgvChXIA/vykTY75w=='

	ssh_host_rsa_key: \|
	-----BEGIN RSA PRIVATE KEY-----
	....

	ssh_host_rsa_key_pub: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnI126xBnhn/odZ4kxn1n+QUSuzaaAmzcVSoeE7P9/5thJ6qIbdikjhZjfdo8r19J40h8Pb1ud8gSAxHo8eqN7nvAMvd2D+gzCM2Aoo2H01/oj78wBkTk9EL0yS9Sgm1hp2UQYEyUa7wKXsK2+I/cd80y8PIYV+pLcoFZPIgJydL5FIt8CXqBmkKmOPXrYXnvgcaiLk/ltHWvYDX48wAJ94HL8wn2TYab2h/APHe3t69KUZ6JHEbcFbL1cdiiSQ+IKGgAPwfuzOY2oVtRZSdyDneQ5ICe0Zqnzty9m4NCgy6hspuFxfCI8E6Jfmzgo3Enm498IkkrYgO7+Kx4SGcJ1Q=='

	{% else %}

	ssh_host_dsa_key: \|
	-----BEGIN DSA PRIVATE KEY-----
	....
	-----END DSA PRIVATE KEY-----

	ssh_host_dsa_key_pub: 'ssh-dss AAAAB3NzaC1kc3MAAACBAOOR9QHhc8AlU7CwlxiWNZaeyPJ53JAfljWXnGMAgtSsMbbrPHJsT9p5Ep4T//ZcPrGzs6vYloVKaGyyBJJtfPrxjKDcDZn+ad2VHBybV4e9vdMcnKIw4gblsWmsYy40RcKGGkfuQE/c23haUEGqvh1RKGylDkhU+dt0mM5mB7HZAAAAFQDEoA+eT8Yzqu0UqyfbzmbUiLt5zwAAAIAdik3QEx3alvl6tcAV4HfpoSGBx7ni+V6De9y5wMc8TMW1h0JI1x+EW8OTjt20EHtN/aJIz9/7l3hyid98nG7hu6CDFZKdAwYl34LqsIhloqhgWPSi3ZpmXOpH1TuoFAAs2UQgqpumo19EG2+/UgbQrsPj9auZAmixqn9Xr4Mi2gAAAIEAvz2bbhUe7hMEeqel767CTIWXBV+JXZIYVrxCV3v6/dfAIBuyLLyBYRJ6GS2AhuIYfXvflaCANRx5dWhQ9O8JJOk9ySspoNHE/Vv9SxZ3AMGdleYBwf4W0TXQDXhKmobifUbUdOOD1dhPv68hlvfELCg1Rqu4AoZsFtIxipv+ock= root@ubuntu-template'

	ssh_host_rsa_key: \|
	-----BEGIN RSA PRIVATE KEY-----
	...
	-----END RSA PRIVATE KEY-----


	ssh_host_rsa_key_pub: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC37AnaAawFfT2Izrl+ks/JQSdkpZHUNXl9OvWKVK0+Y5yTAJkDE9UMB3RXuCoV7HrGUxN+l2/ddV0cMXYI7TqnEeC+HtDx6qX+3iLzszmVDiULA1RbA14xyIY3Mfov94F3WVZgBhMnLHdC4SenAJrP58fjl0tTVnpeCUbnKPOlnSN4YE+dXPogU6okYqARVYAjgALeLpRmIgNCAwBHj2VsE3ibLo1/My0MbSHIyl5FtZ0fsZFPNNvnxlfIgjEaEyllJGnTUKzgGCRLUZSnmElmEt/kK/EIoxTItD+KHSQhNp+5t6BVpBDRkmxYtGND8ADbi9oif63h475Fq8QFQc5r root@ubuntu-template'

	{% endif %}
	# Install Package
	proftpd:
	pkg.installed:
	- name: proftpd-basic
	- version: 1.3.5~rc3-2.1ubuntu2.1
	service.running:
	- reload: True
	- enable: True
	- watch:
	- file: /etc/proftpd/dhparams.pem
	- file: /etc/proftpd/modules.conf
	- file: /etc/proftpd/proftpd.conf
	- file: /etc/ssh/ssh_host_rsa_key
	- file: /etc/ssh/ssh_host_dsa_key

	# Manage file
	'/etc/proftpd/dhparams.pem':
	file.managed:
	{% if 'prod' in grains['host'] %}
	- source: salt://proftpd/files/dhparams.pem_prod
	{% else %}
	- source: salt://proftpd/files/dhparams.pem_int
	{% endif %}
	- user: root
	- group: root
	- mode: 644
	- require:
	- pkg: proftpd-basic

	# Manage file
	'/etc/proftpd/modules.conf':
	file.managed:
	{% if 'prod' in grains['host'] %}
	- source: salt://proftpd/files/modules.conf
	{% else %}
	- source: salt://proftpd/files/modules.conf
	{% endif %}
	- user: root
	- group: root
	- mode: 644
	- require:
	- pkg: proftpd-basic

	# Manage file
	'/etc/proftpd/proftpd.conf':
	file.managed:
	- source: salt://proftpd/files/proftpd.conf
	- user: root
	- group: root
	- mode: 644
	- require:
	- pkg: proftpd-basic
	- template: jinja

	# Manage file
	'/etc/ssh/ssh_host_rsa_key':
	file.managed:
	- source: salt://proftpd/files/ssh_host_rsa_key
	- user: root
	- group: root
	- mode: 600
	- template: jinja
	- require:
	- pkg: proftpd-basic

	# Manage file
	'/etc/ssh/ssh_host_dsa_key':
	file.managed:
	- source: salt://proftpd/files/ssh_host_dsa_key
	- user: root
	- group: root
	- mode: 600
	- template: jinja
	- require:
	- pkg: proftpd-basic

	# Manage file
	'/etc/ssh/ssh_host_rsa_key.pub':
	file.managed:
	- source: salt://proftpd/files/ssh_host_rsa_key.pub
	- user: root
	- group: root
	- mode: 600
	- template: jinja
	- require:
	- pkg: proftpd-basic

	# Manage file
	'/etc/ssh/ssh_host_dsa_key.pub':
	file.managed:
	- source: salt://proftpd/files/ssh_host_dsa_key.pub
	- user: root
	- group: root
	- mode: 600
	- template: jinja
	- require:
	- pkg: proftpd-basic


	test_ftp_connection:
	cmd.run:
	- name: "echo quit \| nc -v {{ salt['network.interface_ip']('eth0') }} 21"

	test_sftp_connection:
	cmd.run:
	- name: "echo quit \| nc -v {{ salt['network.interface_ip']('eth0') }} 22"
	----------
	ID: /etc/ssh/ssh_host_rsa_key.pub
	Function: file.managed
	Result: None
	Comment: The file /etc/ssh/ssh_host_rsa_key.pub is set to be changed
	Started: 08:57:35.859789
	Duration: 10.495 ms
	Changes:
	----------
	diff:
	---
	+++
	@@ -1 +1 @@
	-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC37AnaAawFfT2Izrl+ks/JQSdkpZHUNXl9OvWKVK0+Y5yTAJkDE9UMB3RXuCoV7HrGUxN+l2/ddV0cMXYI7TqnEeC+HtDx6qX+3iLzszmVDiULA1RbA14xyIY3Mfov94F3WVZgBhMnLHdC4SenAJrP58fjl0tTVnpeCUbnKPOlnSN4YE+dXPogU6okYqARVYAjgALeLpRmIgNCAwBHj2VsE3ibLo1/My0MbSHIyl5FtZ0fsZFPNNvnxlfIgjEaEyllJGnTUKzgGCRLUZSnmElmEt/kK/EIoxTItD+KHSQhNp+5t6BVpBDRkmxYtGND8ADbi9oif63h475Fq8QFQc5r root@ubuntu-template
	+
	mode:
	0600
	----------