How do you pre-sign minion certificates on the salt master server?

[Campee]

Can someone point me in the direction of a document that describes how
to pre-sign minion certs on the salt master server? Thanks.

[Gerard Lynch]

I don't believe you can pre-sign - it's similar to ssh (pub/priv) key creation, i.e. the keys are created randomely.

however you can autoaccept - see the master config

# Enable auto_accept, this setting will automatically accept all incoming
# public keys from the minions
#auto_accept: False

[Jeff Schroeder]

On Mon, Jan 16, 2012 at 3:35 PM, Gerard Lynch <gerard...@adfonic.com> wrote:
> I don't believe you can pre-sign - it's similar to ssh (pub/priv) key
> creation, i.e. the keys are created randomely.

Actually you can. You would do something like:
salt-key --gen-keys foobar.company.com

Then in the current directory, you should have
foobar.company.com.{pub,pem} which can be copied to
/etc/salt/pki/minion.{pub,pem} on the respective minion. You'll also
need to copy the public key to
/etc/salt/pki/minions/foobar.company.com on the master. This _should_
work.

>
> however you can autoaccept - see the master config
>
> # Enable auto_accept, this setting will automatically accept all incoming
> # public keys from the minions
> #auto_accept: False

This is the easiest way to get things going, but isn't required.

--
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com

[Eric]

Perfect, thanks.

[Kody Brown]

Is this something that can be used for multiple clients? I mean, can I copy the same keys (pub,pem) to dozens or hundreds of minions when I set them up?