Skip to content
This repository has been archived by the owner on May 26, 2019. It is now read-only.

irtnog/salt-states

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 

Repository files navigation

IRTNOG Salt States

This repository contains service package definitions in the form of Salt states (SLS). Each top-level directory describes a single resource or service, such as kerberos5 or poudriere. One or more of these resources/services define a service package, such as salt-master or mail-relay. The repository currently consists of the following branches:

  • master, corresponding to the Salt base environment (unused except for state targeting);

  • development, a sandbox;

  • testing, for semi-automated non-production functional, performance, or quality assurance testing;

  • staging, for pre-production user acceptance testing and production deployments; and

  • production, managing the configuration of online user-facing services and related resources.

Secrets such as passwords or private keys, configuration details such as hostnames or IP addresses, and targeting data such as environment or role assignments are not stored here. Instead, that data is stored in Salt Pillar. For an example of how we structure this private Pillar data, refer to the irtnog/salt-pillar-example repository on GitHub.

Targeting

The Salt master assigns minions a role in an environment based on their fully qualified domain name. These assignments are stored in Pillar in order to limit what configuration data attackers can access should a minion be compromised. If the assignments were stored as Grains data, i.e., in the minions' configuration files, attackers with root access to any minion would be able to change its role/environment assignments and access the configuration data of any other minion without attacking the Salt master. (Note that attackers cannot change the minion ID used to make role/environment assignments in Pillar without also having privileged access to the master.)

Authoring

TODO

About

IRTNOG Salt State (SLS) modules

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published