salt-helper
is a Go application which runs on the same instance with salt-master and auto accepts minions
Before accepting, helper checks if hostname(minion key filename) exists in configured AWS or
OpenStack regions , and sends alert in slack.
This allows you to have dynamic infra in multiple clouds. Also helper can keep your salt clean of old removed minions with scheduled checks.
Download binary for linux from https://github.com/vladislavPV/salt-helper/releases You can instantiate it by using supervisord, systemd, upstart or any other init system.
By default config file(config.yaml) should be in the same dir as salt-helper-linux or you can use --config option. Example config is here: https://github.com/vladislavPV/salt-helper/blob/master/config-example.yaml
Also few other options available --log-level=debug|info allows you to set verbosity --fastaccept do cloud check after accepting minion. Could be usefull for autoscaled instances --nocleanup disable cleanup of dead salt minions --noscheduler disable scheduled checks. will not send you if minion is down --allow-known force accept minions already existing in salt. Could be usefull for autoscaled instances
NOTE! In Aws your ApiKey should be able to read ec2 metadata, so in IAM you have to allow DescribeInstances.
$ sudo ./salt-helper-linux --config /path/to/config.yaml
When new minion is trying to connect, salt master creates file with minion_id in /etc/salt/pki/master/minions_pre/ Salt-helper listens on such events and checks the minion_id in all known accounts/regions. If minion_id found in clouds salt-helper will move file in /etc/salt/pki/master/minions/ minion_id == instance Name