[Sks-devel] SaltStack formula for SKS deployment

[Jeremy T. Bouse]

    Not entirely sure who else beside DKG on here might be running Debian for their keyserver or if anyone is making use of SaltStack to manage their servers or not, but I figured I'd put it out there for review if anyone is interested.

    I'm still working on the documentation but the logic is sound enough, in that it's how my current SKS nodes are built out completely automated. It currently probably only works correctly on Debian, as that's what I have to work on but I'm sure it could very easily be modified to work on more.

    It can make use of a Salt Reactor to automatically build the DB from keydump or you can simply fire off the 'sks.build' state manually. This is done by the 'sks.config' detecting the DB directory doesn't exist and fires off an event that the reactor triggers the call of the 'sks.build' state. The keydump is mounted via NFS from sks.srv.dumain.com from the wiki KeydumpSources page. It runs the md5sum against them prior to attempting import and then unmounts after it is completed.

    Only state needed to be added to the highstate to maintain the server is the 'sks.config' which I actually have scheduled to run periodically which picks up any new peers added to the pillar data.

https://github.com/UGNS/sks-formula

smime.p7s
Description: S/MIME Cryptographic Signature