Salt Stack Configure options

[t10t...@gmail.com]

Hi ,

I have three environments

Dev, Stage, Prod.

Since we have different teams managing these enviroments . Is it possible to restrict on basis of users or groups f
I have seen the user ACL part that limits access to execution modules. But I think that will not apply here.
Q1. The only way I see this type of access working is to setup different salt-master one per environement or is there an alternate solution?
Q2. How does one handle minions which are not always connected, Should I look into salt-reactor ?
Q3. Does slatstack support gathering custom grains(facts) from a CMDB as infomation describing the environment already exist on a DB.  

Cheers,

Ten  

[Daniel Bryan]

We have the same three environments and, as you suggest, we use multiple salt masters.

We keep our salt states and the pillar in git. To keep sensitive data secure, we have a separate repo for the production environment; we embed the base states in that repo using a git submodule.

What do you mean by handling minions which are not always connected? If you mean how can you highstate them - perhaps a script on the minion that can detect when it connects and use `salt-call` to run a highstate?

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[t10t...@gmail.com]

Thanks Daniel , i hate reinventing the wheel. As I could not find any documentation, I thought asking the community how they go about setting up different environments and also this gets discussed and documented ;-).

I should have explained the things about minions...
We have three scenarios
- first, is over VPN where a customer connects once a week (atleast) to pick updates ( Your salt-call option looks promising)
- second, We have different production segments  and some are in DMZ ( I'm looking at salt-syndic + salt-ssh bit I'm note sure. guess I ll have to check this out)
- third, Laptops (I 'm really not sure which one is the best approach)

On Thursday, May 1, 2014 1:47:36 AM UTC+2, Daniel Bryan wrote:

We have the same three environments and, as you suggest, we use multiple salt masters.

We keep our salt states and the pillar in git. To keep sensitive data secure, we have a separate repo for the production environment; we embed the base states in that repo using a git submodule.

What do you mean by handling minions which are not always connected? If you mean how can you highstate them - perhaps a script on the minion that can detect when it connects and use `salt-call` to run a highstate?

Thanks once again