Use Pre-existing RSA Key Pair and Certificate with Saltstack

Question

I've got a bunch of servers, and I'd like to use Salt with them. During build, each host gets a RSA key-pair and a Certificate. How can I go about using these to connect my salt minions and masters?

I've got them up and communicating with the automatically created keys, I just need some direction in using these pre-existing keys. Any help is appreciated.

Thanks a lot!

Answer 1

There are multiple options:

• You can use Salt Cloud to provision your servers in the first place. This will create the new keys on the master and the publish them to the minions. This will depend the cloud provider you use to provision the servers
• If you provision your servers with some other method, but get at least an SSH login on these servers, there is a generic Salt Cloud provisioner saltify that will use any SSH connection to the new minions to roll out salt and the fresh keys that have been created on the master.
• If you just want to use the pre-created keys, it's sufficient to put them into the right directories on both the minion and the master. Or you use the salt-key command to create the keys and call salt-bootstrap directly (passing the keys in a directory with the -k parameter)