Accept the Salt Master key and back up data

Overview

After you’ve successfully logged in for the first time, you need to complete some important tasks in the Enterprise Console:

  • Accept the Salt Master’s key.
  • Remove the Pillar top file (for multi-node installations only).
  • Back up critical data.
  • Try some sample content to enable more accurate presence detection and to test the overall system’s functionality.

Prerequisites

Accepting the Salt Master key is one post-installation step in a series of several steps that should be followed in a specific order. First, complete one of the installation scenarios and then read the following post-installation pages:

Accept the Salt Master’s key

During the master startup (unless using password authentication) a public key file will be generated. The master will start running but communication with the Enterprise API (RaaS) node will fail until the key is accepted.

After installation, you must accept the Salt Master’s key in the Enterprise Console. Until the key is accepted, the master will react slowly as it continually tries to contact the Enterprise API (RaaS) node.

To accept the master key:

  1. Log in to the Enterprise Console.

  2. From the top left navigation bar, click the Menu menu-icon, then select Administration to access the Administration workspace. Click the Master Keys tab.

  3. From the side menu, click Pending to show a list of all pending master keys.

    ../_images/master-keys-pending.png
  4. Check the box next to the Salt Master key to select it. Then, click Accept Key.

  5. After you accept the Salt Master key, an alert appears indicating you have pending keys to accept. To accept these minion keys, go to Minions > Keys.

  6. Check the boxes next to your minions to select them. Then, click Accept Key.

  7. Click Accept in the confirmation dialog.

The key is now accepted. After several seconds, the minion appears under the Accepted tab, and in the Minions workspace.

After verifying the master key and minion keys have been accepted, proceed to the next section.

Remove the pillar top file

If you installed SaltStack Enterprise using the Multi-node installation scenario, you need to remove the pillar top file you created earlier during the installation process. For reference, see step 2 in the section about Copy and edit the top state files in Multi-node installation.

This step is necessary to avoid regenerating the data the top file contains every time you refresh pillar data in the future.

Note

Only remove the pillar top file after successfully logging in to the Enterprise Console for the first time.

Back up critical data

If you are not using a complete system backup solution that can restore your entire SaltStack Enterprise server, at a minimum you should back up the following files:

  • /etc/raas/pki - This directory contains a hidden file named .raas.key that is used to encrypt data while at rest in the database. If you need to restore your SaltStack Enterprise server by re-installing, it is critical that you restore the original .raas.key file from when the database was created. If this file is lost, the Enterprise API (RaaS) node will not be able to access the database.
  • /etc/raas/raas - Contains SaltStack Enterprise configuration data.
  • /etc/raas/raas.secconf- Contains SaltStack Enterprise configuration data.
  • Enterprise API Database - Configure regular PostgreSQL database backups for the Enterprise API database.

Import sample content (optional)

To test the basic functionality of SaltStack Enterprise, try working with some sample content in the Enterprise Console. This content is not included as part of the installation process, but it is available when you import it manually from the installation file packages. For specific instructions on importing sample content, see Import sample content.

SaltStack Enterprise provides several default targets and jobs along with supporting files and pillar data. Sample job files and pillar data are placed in the sse Salt environment so they don’t interfere with files and pillar data in the base environment. The sample content includes targets, jobs, pillar data, and supporting files.

Samples are used to save time setting up your SaltStack Enterprise environment. With default jobs, you can take advantage of predefined state files and pillar data to begin running frequently-used operations. You might also refer to samples as a model for how different system elements are configured to work together as you build your own workflows.

The following sections give instructions for importing sample content and explain which sample content is recommended for most SaltStack Enterprise installations.

Import sample content

Sample content is not included as part of the manual installation process, but is automatically included if you completed a single-node or multi-node installation using the installer. For manual installations, you can import it manually to your Enterprise API (RaaS) node from the installation file packages.

To import the sample content:

  1. On the Salt Master or a computer where you downloaded the installer files, navigate to the sse-installer/salt/sse/eapi_service/files directory.

  2. Transfer the sample-resource-types.raas file to your Enterprise API (RaaS) node.

  3. On your Enterprise API (RaaS) node, run the following command, replacing the placeholder text with your specific information:

    /usr/bin/raas-dump --insecure --server <https://raas_server_ip> --auth <username>:<password> --mode import < /tmp/sample-resource-types.raas
    

    Note

    If you are running this command from the Enterprise API (RaaS) node, you can substitute localhost in place of the server IP address instead.

    If you are running this command on SaltStack Enterprise 6.2.0 or earlier, the file path is /opt/saltstack/raas/venv/bin/raas-dump instead.

  4. Log in to the Enterprise Console and go to Elements > Jobs to verify that some of the sample jobs now appear in this workspace.

test.ping

Consider running the test.ping command on targeted Salt Minions to verify communication is working properly within SaltStack Enterprise.

Enable presence

This job enables more accurate minion presence detection. It’s helpful to run enable presence jobs on a regular basis to ensure that your connected minions retain a status of Present in the Minions workspace. Presence indicates if SaltStack Enterprise has received any job data from the minion recently, within a defined interval.

SaltStack Enterprise provides a job to install a Salt Beacon that sends periodic heartbeats from each Salt Minion. A good practice is to install this job and run it at regular intervals on all minions to enable more accurate presence.

To run this job:

  1. Open the Enterprise Console and log in using the superuser account.
  2. Click Minions to access the Minions workspace
  3. From the side menu, click the All Minions target.
  4. Click Run Job and select Enable Presence.

Additional sample content

For more sample content, see the Samples page in the SaltStack Enterprise Help Documentation embedded in the Enterprise Console. For help finding the documentation, see Finding Enterprise Documentation.

Next steps

After logging into the Enterprise Console for the first time, you must complete additional post-installation steps. The next step is to set up SSL certificates. To continue the post-installation process, see Set up SSL certificates.