Log in for the first time and accept the master key¶
This topic explains how to log into the Enterprise Console for the first time after an initial installation. After logging in for the first time, you need to complete a few additional tasks:
- Accept the Salt Master’s key.
- Change the root password.
- Remove the Pillar top file (for multi-node installations only).
- Back up critical data.
- Try some sample content to enable more accurate presence detection and to test the overall system’s functionality.
Logging into the Enterprise Console is one post-installation step in a series of several steps that should be followed in a specific order. First, complete one of the installation scenarios and then read the following post-installation topics:
Confirm you can log in to SaltStack Enterprise¶
After installing SaltStack Enterprise and completing the previous post-installation step, confirm you can log in to the Enterprise Console using your web browser. Chrome or Firefox is recommended. For more information about supported browsers, see Which browser does the Enterprise Console need?
The default installation uses
https:// and generates a self-signed certificate.
The default credentials are as follows:
Change root password¶
While still logged in to the Enterprise Console, consider changing your root password so that it is no longer the default. To change the password:
- From the top left navigation bar, click the Menu , then select Administration to access the Administration workspace. Click the Local Users tab.
rootin the side menu to select it.
- In the Password field, type a new password. Enter the password again to confirm it.
- Click Save.
- Confirm the password has been changed by logging out and back in again.
Once you’ve changed the root password, proceed to the next section.
Accept the Salt Master’s key¶
During the master startup (unless using password authentication) a public key file will be generated. The master will start running but communication with the Enterprise API (RaaS) server will fail until the key is accepted.
After installation, you must accept the Salt Master’s key in the Enterprise Console. Until the key is accepted, the master will react slowly as it continually tries to contact the Enterprise API (RaaS) server.
To accept the master key:
Log in to the Enterprise Console.
From the top left navigation bar, click the Menu , then select Administration to access the Administration workspace. Click the Master Keys tab.
From the side menu, click Pending to show a list of all pending master keys.
Check the box next to the Salt Master key to select it. Then, click Accept Key.
After you accept the Salt Master key, an alert appears indicating you have pending keys to accept. To accept these minion keys, go to Minions > Keys.
Check the boxes next to your minions to select them. Then, click Accept Key.
Click Accept in the confirmation dialog.
The key is now accepted. After several seconds, the minion appears under the Accepted tab, and in the Minions workspace.
After verifying the master key and minion keys have been accepted, proceed to the next section.
Remove the pillar top file¶
If you installed SaltStack Enterprise using the Multi-node installation scenario, you need to remove the pillar top file you created earlier during the installation process. For reference, see step 2 in the section about Copy and edit the top state files in Multi-node installation.
This step is necessary to avoid regenerating the data the top file contains every time you refresh pillar data in the future.
Only remove the pillar top file after successfully logging in to the Enterprise Console for the first time.
Back up critical data¶
If you are not using a complete system backup solution that can restore your entire SaltStack Enterprise server, at a minimum you should back up the following files:
- /etc/raas/pki - This directory contains a hidden file named
.raas.keythat is used to encrypt data while at rest in the database. If you need to restore your SaltStack Enterprise server by re-installing, it is critical that you restore the original
.raas.keyfile from when the database was created. If this file is lost, the Enterprise API (RaaS) server will not be able to access the database.
- /etc/raas/raas - Contains SaltStack Enterprise configuration data.
- /etc/raas/raas.secconf- Contains SaltStack Enterprise configuration data.
- Enterprise API Database - Configure regular PostgreSQL database backups for the Enterprise API database.
Import sample content (optional)¶
To test the basic functionality of SaltStack Enterprise, try working with some sample content in the Enterprise Console. This content is not included as part of the installation process, but it is available when you import it manually from the installation file packages. For specific instructions on importing sample content, see Import sample content.
SaltStack Enterprise provides several default targets and jobs along with supporting files and pillar data. Sample job files and pillar data are placed in the
sse Salt environment so they don’t interfere with files and pillar data in the
base environment. The sample content includes targets, jobs, pillar data, and supporting files.
Samples are used to save time setting up your SaltStack Enterprise environment. With default jobs, you can take advantage of predefined state files and pillar data to begin running frequently-used operations. You might also refer to samples as a model for how different system elements are configured to work together as you build your own workflows.
The following sections give instructions for importing sample content and explain which sample content is recommended for most SaltStack Enterprise installations.
Import sample content¶
Sample content is not included as part of the installation process, but it is available when you import it manually to your SaltStack Enterprise API server (RaaS) from the installation file packages.
To import the sample content:
On the Salt Master or a computer where you downloaded the installer files, navigate to the
sample-resource-types.raasfile to your SaltStack Enterprise API server (RaaS).
On your SaltStack Enterprise API server (RaaS), run the following command, replacing the placeholder text with your specific information:
/usr/bin/raas-dump --insecure --server <https://raas_server_ip> --auth <username>:<password> --mode import < /tmp/sample-resource-types.raas
If you are running this command from the SaltStack Enterprise API server (RaaS), you can substitute
localhostin place of the server IP address instead.
If you are running this command on SaltStack Enterprise 6.2.0 or earlier, the file path is
Log in to the Enterprise Console and go to Elements > Jobs to verify that some of the sample jobs now appear in this workspace.
Consider running the
test.ping command on targeted Salt Minions to verify communication is working properly within SaltStack Enterprise.
This job enables more accurate minion presence detection. It’s helpful to run enable presence jobs on a regular basis to ensure that your connected minions retain a status of Present in the Minions workspace. Presence indicates if SaltStack Enterprise has received any job data from the minion recently, within a defined interval.
SaltStack Enterprise provides a job to install a Salt Beacon that sends periodic heartbeats from each Salt Minion. A good practice is to install this job and run it at regular intervals on all minions to enable more accurate presence.
To run this job:
- Open the Enterprise Console and log in using the superuser account.
- Click Minions to access the Minions workspace
- From the side menu, click the All Minions target.
- Click Run Job and select Enable Presence.
Additional sample content¶
For more sample content, see the Samples topic in the SaltStack Enterprise Help Documentation embedded in the Enterprise Console. For help finding the documentation, see Finding Enterprise Documentation.
After logging into the Enterprise Console for the first time, you must complete additional post-installation steps. The next step is to set up SSL certificates. To continue the post-installation process, see Set up SSL certificates.