Konfigurasi GPG untuk Saltstack#

Install#

Install GPG

apt-get update && apt-get install -y python3-gnupg
apt install python3-pip
pip3 install python-gnupg

Configure#

gpg --batch --quick-generate-key "salt-master <salt-master@roomit.local>" rsa4096 sign,encrypt,auth 0 && gpg --armor --export-secret-keys "salt-master <salt-master@roomit.local>" > /etc/salt/gpgkeys/salt-master.priv.asc
rm -rf /etc/salt/gpgkeys/S.gpg-agent*
rm -f /etc/salt/gpgkeys/*.lock
chown -R salt:salt /etc/salt/gpgkeys
chmod 700 /etc/salt/gpgkeys
find /etc/salt/gpgkeys -type f -exec chmod 600 {} +

Change Parameter in /etc/salt/master

signing_protocol: 2
file_roots:
   base:
     - /srv/saltstack/salt/

pillar_roots:
  base:
    - /srv/saltstack/pillar

file_recv: True
file_recv_size_max: 0
gpg_keydir: /etc/salt/gpgkeys
renderer: jinja|yaml|gpg

Restart#

systemctl restart salt-master