ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier Client & Automatic Authorization Salt State

    IT Discussion
    zerotier salt saltstack salt stack linux configuration managment
    2
    3
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dafyreD
      dafyre
      last edited by dafyre

      ZeroTier Client & Automatic Authorization

      On your Salt Master, check the file /etc/salt/master, and make sure that pillar_opts is set to True.

      # The pillar_opts option adds the master configuration file data to a dict in
#pillar_opts: False
pillar_opts: True

      If you have to change it, then restart the salt-master service: systemctl restart salt-master

      On your Salt Master, create the following two files.
      /srv/salt/zerotier.sls, contains the commands to Install CURL, ZeroTier, and Join the Network ID specified later.

      install_common_packages:
 pkg.installed:
    - pkgs:
      - curl

install_zerotier_gpg_key:
  cmd.run:
    - name: |
        curl -s https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | gpg --import

install_zerotier:
  cmd.run:
    - name:  |
        curl -s https://install.zerotier.com/ | gpg --output - > /tmp/zt-install.sh && bash /tmp/zt-install.sh

join_network:
  cmd.run:
    - name:  |
         zerotier-cli join {{ pillar['zt_networkid'] }}

authorize_client:
  cmd.run:
    - name:  |
        MYID=`zerotier-cli info|cut -d ' ' -f 3`
        curl  -H 'Authorization: Bearer {{ pillar['zt_authorization]}}' https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID > /tmp/ztinfo.txt
        sed 's/"authorized":false/"authorized":true/' /tmp/ztinfo.txt > /tmp/ztright.txt
        MEMBER=`cat /tmp/ztright.txt`
        curl  -H 'Authorization: Bearer {{ pillar['zt_authorization'] }}' -X POST -d $MEMBER https://my.zerotier.com/api/network/{{ pillar['zt_networkid'] }}/member/$MYID
        rm /tmp/ztinfo.txt
        rm /tmp/ztright.txt

      /srv/pillar/zerotier.sls

      #ZT PILLAR
#zt_authorization is the API Key from the web portal.  You will have to create this if you don't already have it set up.

#zt_networkid is the network ID of your ZeroTier network.

#Replace apikeyhere and networkidhere with the values from your own ZeroTier network.
zt_authorization: apikeyhere
zt_networkid: networkidhere

      You must also add the ZeroTier pillar into /srv/pillar/top.sls in the '*' section. Anywhere in the list is fine. Your Top file may be empty, in which case, you can use the template below.

      /srv/pillar/top.sls

      base:
  '*':
   - zerotier

      Now... Apply this state to a single system:

      salt 'MyTestComputer' state.apply zerotier

      And if everything is done correctly, your device should have a ZeroTier IP address in a few seconds. You can check by:

      salt 'MyTestComputer' grains.item ipv4

      You should see an IP address in the range of your ZeroTier Network in the response.

      1 Reply Last reply Reply Quote 3
      • A
        Alex Sage
        last edited by

        Nice work! Thanks 🙂

        dafyreD 1 Reply Last reply Reply Quote 0
        • dafyreD
          dafyre @Alex Sage
          last edited by

          @aaronstuder said in ZeroTier Client & Automatic Authorization Salt State:

          Nice work! Thanks 🙂

          It has been a while since I've tested this so let me know if it gives you any problems.

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post