[FEATURE REQUEST]: Support auto accept minion by grain #1972
Description
Description of Issue/Question
WHAT: This is a request for enhancement.
WHY: To automate trusted minions deployment via pre-shared key approach to avoid the need to login salt-master.
See R1: The minion client side steps in R1 is like followings, before bootstrap startup minion.
- Enable minion to send in "my_auto_sign_grain" grain.
cat <<-END >/etc/salt/minion.d/autosign_grains.conf
autosign_grains:
- my_auto_sign_grain
END
- Add a file under minion.d to specify custom grain for autosign
cat <<-END >/etc/salt/minion.d/grains.conf
grains:
my_auto_sign_grain: my-secret-key-for-auto-sign
END
R1: https://docs.saltproject.io/en/latest/topics/tutorials/autoaccept_grains.html
Setup
(Please provide relevant configs (Be sure to remove sensitive info).)
Steps to Reproduce Issue
Following addon -G argument on minion should works when master side have autosign by grain enabled.
bootstrap-salt.sh -G my-secret-key-for-auto-sign
Versions and Systems
(salt --versions-report, bootstrap-salt.sh -v, system type and version,
cloud/VM provider as appropriate.)