cross-posted from: https://infosec.pub/post/6911236

Is anyone running saltstack, and if so, are you doing gitfs for your repo?

Do you have your pillar data in the repo? Or some other external?

Are you doing one top file in base? Or top in each branch/environment?

Is there a better way to do managed repo for salt?

  • maggio
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    I used saltstack for work some years ago, the fact that you need to install salt minions and connwct them to master was enough to convince us to change.to.ansible. unless you need Saltstack for some specfic reason, I recommend ansible instead.

    We had pillar data in repos, one top file total.

    • maggio
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      I could paste an example of how we did it if you want

    • MSgtRedFox@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Yeah, salt has SSH support and it supposed to be able to deploy without minion/target interaction, but it wasn’t very reliable or I was doing it wrong.

      I started with SALT because of Security Onion, open source IDS. Only reason.

      SALT can run master less, is that what you were after? Rather than having a single/central manager?