Skip to content

Instantly share code, notes, and snippets.

@stanislavb
Last active August 29, 2015 14:21
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save stanislavb/541f98a28f381b92d103 to your computer and use it in GitHub Desktop.
Salt Reactor: accept minion key from S3 bucket, sync grains and run highstate
# Only act on minions with default EC2 hostname
{% if data['id'].endswith('.compute.internal') %}
{% if data.get('act') == 'pend' %}
# Copy minion public key from trusted bucket and remove "pending" minion key
# tgt and s3 bucket edited for privacy
accept_minion_public_key:
local.cmd.run:
- tgt: salt.example.com
- arg:
- aws s3 cp s3://salt-bucket/minion/{{ data['id'] }}.pub /etc/salt/pki/master/minions/{{ data['id'] }} && rm -f /etc/salt/pki/master/minions_pre/{{ data['id'] }}
{% endif %} # End act pend
{% if data.get('act') == 'accept' %}
# When the key is accepted, run highstate right away
ec2-instance-highstate:
local.state.highstate:
- tgt: {{ data['id'] }}
{% endif %} # End act accept
{% endif %} # End data id ends with
# Salt master config (partial)
reactor:
- 'salt/auth':
- /srv/salt/reactor/new_minion.sls
- 'minion_start':
- /srv/salt/reactor/sync_grains.sls
sync_grains:
local.saltutil.sync_grains:
- tgt: {{ data['id'] }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment