Accept the Salt master key and back up data


After you’ve successfully logged in for the first time, you need to complete some important tasks in the SaltStack Config user interface:

  • Accept the Salt master’s key.

  • Remove the Pillar top file (for multi-node installations only).

  • Back up critical data.

  • Try some sample content to enable more accurate presence detection and to test the overall system’s functionality.


    As part of VMware’s initiative to remove problematic terminology, the term Salt master will be replaced with Salt controller in SaltStack Config and related products and documentation. This terminology update may take a few release cycles before it is fully complete.


Accepting the master key is one post-installation step in a series of several steps that should be followed in a specific order. First, complete one of the installation scenarios and then read the following post-installation pages:

Accept the master’s key

During the master startup (unless using password authentication) a public key file will be generated. The master will start running but communication with the RaaS node will fail until the key is accepted.

After installation, you must accept the master’s key in the user interface. Until the key is accepted, the master will react slowly as it continually tries to contact the RaaS node.

To accept the master key:

  1. Log in to the SaltStack Config user interface.

  2. From the top left navigation bar, click the Menu menu-icon, then select Administration to access the Administration workspace. Click the Master Keys tab.

  3. From the side menu, click Pending to show a list of all pending master keys.

  4. Check the box next to the master key to select it. Then, click Accept Key.

  5. After you accept the master key, an alert appears indicating you have pending keys to accept. To accept these minion keys, go to Minion Keys > Pending.

  6. Check the boxes next to your minions to select them. Then, click Accept Key.

  7. Click Accept in the confirmation dialog.

The key is now accepted. After several seconds, the minion appears under the Accepted tab, and in the Minions workspace.

After verifying the master key and minion keys have been accepted, proceed to the next section.

Remove the pillar top file

If you installed SaltStack Config using the Multi-node installation scenario, you need to remove the pillar top file you created earlier during the installation process. For reference, see step 2 in the section about Copy and edit the top state files in Multi-node installation.

This step is necessary to avoid regenerating the data the top file contains every time you refresh pillar data in the future.


Only remove the pillar top file after successfully logging in to the user interface for the first time.

Back up critical data

If you are not using a complete system backup solution that can restore your entire SaltStack Config server, at a minimum you should back up the following files:

  • /etc/raas/pki - This directory contains a hidden file named .raas.key that is used to encrypt data while at rest in the database. If you need to restore your SaltStack Config server by re-installing, it is critical that you restore the original .raas.key file from when the database was created. If this file is lost, the RaaS node will not be able to access the database.
  • /etc/raas/raas - Contains SaltStack Config configuration data.
  • /etc/raas/raas.secconf- Contains SaltStack Config configuration data.
  • RaaS Database - Configure regular PostgreSQL database backups for the RaaS database.

Import sample content (optional)

To test the basic functionality of SaltStack Config, try working with some sample content in the user interface. This content is not included as part of the installation process, but it is available when you import it manually from the installation file packages. For specific instructions on importing sample content, see Import sample content.

SaltStack Config provides several default targets and jobs along with supporting files and pillar data. Sample job files and pillar data are placed in the sse Salt environment so they don’t interfere with files and pillar data in the base environment. The sample content includes targets, jobs, pillar data, and supporting files.

Samples are used to save time setting up your SaltStack Config environment. With default jobs, you can take advantage of predefined state files and pillar data to begin running frequently-used operations. You might also refer to samples as a model for how different system elements are configured to work together as you build your own workflows.

The following sections give instructions for importing sample content and explain which sample content is recommended for most SaltStack Config installations.

Import sample content

Sample content is not included as part of the manual installation process, but is automatically included if you completed a single-node or multi-node installation using the installer. For manual installations, you can import it manually to your RaaS node from the installation file packages.

To import the sample content:

  1. On the master or a computer where you downloaded the installer files, navigate to the sse-installer/salt/sse/eapi_service/files directory.

  2. Transfer the sample-resource-types.raas file to your RaaS node.

  3. On your RaaS node, run the following command, replacing the placeholder text with your specific information:

    /usr/bin/raas-dump --insecure --server <https://raas_server_ip> --auth <username>:<password> --mode import < /tmp/sample-resource-types.raas


    If you are running this command from the RaaS node, you can substitute localhost in place of the server IP address instead.

    If you are running this command on SaltStack Config 6.2.0 or earlier, the file path is /opt/saltstack/raas/venv/bin/raas-dump instead.

  4. Log in to the user interface and go to Elements > Jobs to verify that some of the sample jobs now appear in this workspace.

Consider running the command on targeted Salt minions to verify communication is working properly within SaltStack Config.

Enable presence

This job enables more accurate minion presence detection. It’s helpful to run enable presence jobs on a regular basis to ensure that your connected minions retain a status of Present in the Minions workspace. Presence indicates if SaltStack Config has received any job data from the minion recently, within a defined interval.

SaltStack Config provides a job to install a Salt Beacon that sends periodic heartbeats from each minion. A good practice is to install this job and run it at regular intervals on all minions to enable more accurate presence.

To run this job:

  1. Open the user interface and log in using the superuser account.
  2. Click Minions to access the Minions workspace.
  3. From the side menu, click the All Minions target.
  4. Click Run Job and select Enable Presence.

Additional sample content

For more sample content, see the Samples page in the SaltStack Config Help Documentation embedded in the user interface. For help finding the documentation, see Finding Enterprise Documentation.

Next steps

After logging into the user interface for the first time, you must complete additional post-installation steps. The next step is to set up SSL certificates. To continue the post-installation process, see Set up SSL certificates.