FAQ
Hi all,

I need to serve private key files to various minions, but keep each
minion's files private from other minions.

Is it possible to encapsulate entire files as pillar data?

That way the "file" served in my state tree can just be a single-line jinja
template including the appropriate pillar item, like follows:

{{ pillar['sensitive-file-item'] }}

If there's another alternative to using pillar data I'm open to ideas.

Apologies for the noobiness of the question if the answer is really
obvious...

Let me know if I need to provide more specific info.

Thanks in advance,

Tom

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Pille at Nov 16, 2014 at 8:54 pm
    hi tom,
    On 11/16/2014 09:03 PM, Tom Meumann wrote:
    If there's another alternative to using pillar data I'm open to ideas.
    you may use the contents_pillar parameter of state.file.managed.

       pille

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Viq at Nov 17, 2014 at 10:15 am

    On Sun, Nov 16, 2014 at 9:03 PM, Tom Meumann wrote:
    Hi all,

    I need to serve private key files to various minions, but keep each minion's
    files private from other minions.

    Is it possible to encapsulate entire files as pillar data?

    That way the "file" served in my state tree can just be a single-line jinja
    template including the appropriate pillar item, like follows:

    {{ pillar['sensitive-file-item'] }}

    If there's another alternative to using pillar data I'm open to ideas.

    Apologies for the noobiness of the question if the answer is really
    obvious...
    The answer is not obvious currently. So far I think the most
    interesting option I've seen is
    http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
    --
    viq

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Tom Meumann at Nov 18, 2014 at 5:16 pm
    Ahh perfect thanks: the explanation under the contents_pillar option here
    <http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed>
    gave me the information I needed.

    Thanks,

    Tom

    On Monday, November 17, 2014 7:03:20 AM UTC+11, Tom Meumann wrote:

    Hi all,

    I need to serve private key files to various minions, but keep each
    minion's files private from other minions.

    Is it possible to encapsulate entire files as pillar data?

    That way the "file" served in my state tree can just be a single-line
    jinja template including the appropriate pillar item, like follows:

    {{ pillar['sensitive-file-item'] }}

    If there's another alternative to using pillar data I'm open to ideas.

    Apologies for the noobiness of the question if the answer is really
    obvious...

    Let me know if I need to provide more specific info.

    Thanks in advance,

    Tom
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Charles Baker at Nov 18, 2014 at 5:43 pm
    How does contents_pillar work with a binary file? Like a kerberos keytab?
    Or a license file?
    On Tue, Nov 18, 2014 at 12:16 PM, Tom Meumann wrote:

    Ahh perfect thanks: the explanation under the contents_pillar option here
    <http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed>
    gave me the information I needed.

    Thanks,

    Tom


    On Monday, November 17, 2014 7:03:20 AM UTC+11, Tom Meumann wrote:

    Hi all,

    I need to serve private key files to various minions, but keep each
    minion's files private from other minions.

    Is it possible to encapsulate entire files as pillar data?

    That way the "file" served in my state tree can just be a single-line
    jinja template including the appropriate pillar item, like follows:

    {{ pillar['sensitive-file-item'] }}

    If there's another alternative to using pillar data I'm open to ideas.

    Apologies for the noobiness of the question if the answer is really
    obvious...

    Let me know if I need to provide more specific info.

    Thanks in advance,

    Tom
    --
    You received this message because you are subscribed to the Google Groups
    "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.


    --
    Charles H. Baker
    864.990.1297
    Knowing is not enough; we must apply. Willing is not enough; we must do.
    Bruce Lee

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Jamie Lawrence at Nov 18, 2014 at 6:38 pm
    Unless I missed a trick, poorly. I tried the !binary syntax, which didn’t work.

    What I ended up doing was base64 encoding the contents and making a cmd.run to decode it to the right place.

    -j

    From: Charles Baker <charleshbaker@gmail.com
    Reply-To: "salt-users@googlegroups.com " <salt-users@googlegroups.com
    Date: Tuesday, November 18, 2014 at 9:43 AM
    To: "salt-users@googlegroups.com " <salt-users@googlegroups.com
    Subject: Re: [salt-users] Re: sensitive files as pillar data

    How does contents_pillar work with a binary file? Like a kerberos keytab? Or a license file?

    On Tue, Nov 18, 2014 at 12:16 PM, Tom Meumann wrote:
    Ahh perfect thanks: the explanation under the contents_pillar option here<http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed> gave me the information I needed.

    Thanks,

    Tom



    On Monday, November 17, 2014 7:03:20 AM UTC+11, Tom Meumann wrote:
    Hi all,

    I need to serve private key files to various minions, but keep each minion's files private from other minions.

    Is it possible to encapsulate entire files as pillar data?

    That way the "file" served in my state tree can just be a single-line jinja template including the appropriate pillar item, like follows:

    {{ pillar['sensitive-file-item'] }}

    If there's another alternative to using pillar data I'm open to ideas.

    Apologies for the noobiness of the question if the answer is really obvious...

    Let me know if I need to provide more specific info.

    Thanks in advance,

    Tom

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com .
    For more options, visit https://groups.google.com/d/optout.



    --
    Charles H. Baker
    864.990.1297
    Knowing is not enough; we must apply. Willing is not enough; we must do. Bruce Lee

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com .
    For more options, visit https://groups.google.com/d/optout.

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Florian Ermisch at Nov 18, 2014 at 7:52 pm
    Sounds like file.managed could use an optional pillar_base64 (or pillar_debase64?) arg then. Or something like a shebang in the first line (of pillar-content) to cause the minion to decode the content before writing the file.

    Regards, Florian

    Am 18. November 2014 19:38:22 MEZ, schrieb Jamie Lawrence <jlawrence@anchorfree.com>:
    Unless I missed a trick, poorly. I tried the !binary syntax, which
    didn’t work.

    What I ended up doing was base64 encoding the contents and making a
    cmd.run to decode it to the right place.

    -j

    From: Charles Baker
    <charleshbaker@gmail.com Reply-To:
    "salt-users@googlegroups.com <salt-users@googlegroups.com Date: Tuesday, November 18, 2014 at 9:43 AM
    To: "salt-users@googlegroups.com <salt-users@googlegroups.com Subject: Re: [salt-users] Re: sensitive files as pillar data

    How does contents_pillar work with a binary file? Like a kerberos
    keytab? Or a license file?

    On Tue, Nov 18, 2014 at 12:16 PM, Tom Meumann
    wrote:
    Ahh perfect thanks: the explanation under the contents_pillar option
    here<http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed>
    gave me the information I needed.

    Thanks,

    Tom



    On Monday, November 17, 2014 7:03:20 AM UTC+11, Tom Meumann wrote:
    Hi all,

    I need to serve private key files to various minions, but keep each
    minion's files private from other minions.

    Is it possible to encapsulate entire files as pillar data?

    That way the "file" served in my state tree can just be a single-line
    jinja template including the appropriate pillar item, like follows:

    {{ pillar['sensitive-file-item'] }}

    If there's another alternative to using pillar data I'm open to ideas.

    Apologies for the noobiness of the question if the answer is really
    obvious...

    Let me know if I need to provide more specific info.

    Thanks in advance,

    Tom

    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to
    salt-users+unsubscribe@googlegroups.com For more options, visit https://groups.google.com/d/optout.



    --
    Charles H. Baker
    864.990.1297
    Knowing is not enough; we must apply. Willing is not enough; we must
    do. Bruce Lee

    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to
    salt-users+unsubscribe@googlegroups.com For more options, visit https://groups.google.com/d/optout.

    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupsalt-users @
postedNov 16, '14 at 8:03p
activeNov 18, '14 at 7:52p
posts7
users6

People

Translate

site design / logo © 2022 Grokbase