New year.. new stack (get it?)
For this year – I wanted to learn a new configuration management I’ve been using at home. Although ansible CLI has been good and dependable, AWX has left a bad taste. The high resource utilization and cumbersome way of installing in Kubernetes are good reason to look at other options.
Good thing, being with VMware allows us to try the softwares that are currently in our solutions. With salt-stack recently acquired – its time for me to test it out.
Here are some few gotchas during the single-node installation of Salt Stack Enterprise 6.4
- Salstack Enterprise (GUI) only supports CentOS/RH/OracleLinux/ OpenSuse. No ubuntu for us 🙁 so i ended up using CentOS
- Using the setup_single_node.sh installer install SelfSigned certificate with CN: localhost. This is not ideal since you wont be able to browse the GUI. The following needs to be run in order to change the certificate
- Generate New Certificate. The CN should be the FQDN you will be using to access the GUI and change the certificate by doing the following:
#Generate Self-Signed using OpenSSL openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem # rename to .crt and .key mv key.pem key.key && mv certificate.pem certificate.crt # edit raas config vi /etc/raas/raas # and change the following lines to the location of the generated keys/crt tls_crt: /etc/pki/raas/certs/localhost.crt tls_key: /etc/pki/raas/certs/localhost.key # make sure to chown the certificates to raas:raas and chmod to 600 chmod 600 certificate.crt && chmod 600 key.key chown raas:raas key.key && chown raas:raas certificate.crt # restart raas service systemctl restart raas
Reference here: https://help.saltstack.com/hc/en-us/articles/360025949531-How-to-update-SSL-certificates-for-SaltStack-Enterprise
