cross-posted from: https://infosec.pub/post/6911236
Is anyone running saltstack, and if so, are you doing gitfs for your repo?
Do you have your pillar data in the repo? Or some other external?
Are you doing one top file in base? Or top in each branch/environment?
Is there a better way to do managed repo for salt?
I used saltstack for work some years ago, the fact that you need to install salt minions and connwct them to master was enough to convince us to change.to.ansible. unless you need Saltstack for some specfic reason, I recommend ansible instead.
We had pillar data in repos, one top file total.
Yeah, salt has SSH support and it supposed to be able to deploy without minion/target interaction, but it wasn’t very reliable or I was doing it wrong.
I started with SALT because of Security Onion, open source IDS. Only reason.
SALT can run master less, is that what you were after? Rather than having a single/central manager?
I could paste an example of how we did it if you want