How can I provision salt minion on connect

Question

I have an AWS setup where I have a designated salt master that accepts all incoming keys and a provisions based on subnet/designated ip addresses. How can I immediately provision my minions on connect without logging into the master server to do so?

John Hazen · Accepted Answer

The way to do this is with the reactor system. Exactly how to do it depends on what you mean by "on connect". If you want a minion to highstate every time it connects, then you want to react to the event tag:

salt/minion/*/start

If you want to execute the highstate only when the minion connects for the first time (when its key is accepted), then you'll need to turn off auto-accept, and react to the

salt/auth

tag. (In this case, you'll need to accept the key, and then execute the highstate, after waiting for the minion to actually connect.) Since that's more complicated, I'll show you the first one. You should be able to extrapolate for the latter case.

First you need to tell the salt-master to react to the tag:

# File: /etc/salt/master.d/reactor.conf
reactor:
  - 'salt/minion/*/start':
    - /srv/reactor/highstate.sls

And then you need the highstate.sls file:

# File: /srv/reactor/highstate.sls
minion_highstate:
  local.state.highstate:
    - tgt: {{ data['id'] }}

After implementing this, I get this (with snippage) in my minion log:

2016-03-18 23:07:06,009 [salt.cli.daemons ][INFO    ][21627] Setting up the Salt Minion "jhazentest05.example.net"
2016-03-18 23:07:06,219 [salt.cli.daemons ][INFO    ][21627] The salt minion is starting up
2016-03-18 23:07:06,707 [salt.minion      ][INFO    ][21627] Minion is ready to receive requests!
2016-03-18 23:07:06,708 [salt.minion      ][INFO    ][21627] User root Executing command state.highstate with jid 20160318230706334642
2016-03-18 23:07:09,699 [salt.minion      ][INFO    ][21700] Returning information for job: 20160318230706334642

How can I provision salt minion on connect

Answers (2)

Related Questions