Accept the Salt master key and back up data

After you’ve successfully logged in for the first time, you need to complete some important tasks in the Tanzu Salt user interface. You need to accept the Salt master’s key, remove the pillar top file, and back up critical data. You can also try some sample content to enable more accurate minion presence detection and to test the overall system’s functionality.

Before you start

Accepting the Salt master key is one post-installation step in a series of several steps that should be followed in a specific order. First, complete one of the installation scenarios and then read the following post-installation pages:

• Install the license key
• Install and configure the Master Plugin
• Check the RaaS configuration file
• Log in for the first time and change default credentials

Accept the Salt master’s key

During the Salt master startup (unless using password authentication) a public key file will be generated. The master will start running but communication with the RaaS node will fail until the key is accepted.

After installation, you must accept the master’s key in the user interface. Until the key is accepted, the master will react slowly as it continually tries to contact the RaaS node.

Note:
In order to manage Salt Master keys, the user must be part of the superuser group.

To accept the master key:

1. Log in to the Tanzu Salt user interface.
2. From the top left navigation bar, click the Menu , then select Administration to access the Administration workspace. Click the Master Keys tab.

3. From the side menu, click Pending to show a list of all pending master keys.

   If you don’t see the master key, you need to upgrade Tanzu Salt to the latest stable version.

   Note:
   You can verify that a pending master key is from the correct salt-master by checking the key fingerprint. On your Salt Master, run sseapi-config auth to view the key fingerprint, then run raas authkeys on your RaaS node and verify the fingerprint for the Salt Master is identical.

4. Check the box next to the master key to select it. Then, click Accept Key.

5. After you accept the master key, an alert appears indicating you have pending keys to accept. To accept these minion keys, go to Minion Keys > Pending.
6. Check the boxes next to your minions to select them. Then, click Accept Key.

7. Click Accept in the confirmation dialog.

   The key is now accepted.

After verifying the master key and minion keys have been accepted, proceed to the next section.

Remove the pillar top file

After installing Tanzu Salt, you need to remove the pillar top file you created earlier during the installation process. See Copy and edit the top state files for more information.

This step is necessary to avoid regenerating the data the top file contains every time you refresh pillar data in the future.

Note:
Only remove the pillar top file after successfully logging in to the user interface for the first time.

Back up critical data

If you are not using a complete system backup solution that can restore your entire Tanzu Salt server, at a minimum you should back up the following files:

• /etc/raas/pki - This directory contains a hidden file named .raas.key that is used to encrypt data while at rest in the database. If you need to restore your Tanzu Salt server by re-installing, it is critical that you restore the original .raas.key file from when the database was created. If this file is lost, the RaaS node will not be able to access the database.
• /etc/raas/raas - Contains Tanzu Salt configuration data.
• /etc/raas/raas.secconf - Contains Tanzu Salt configuration data.
• RaaS Database - Configure regular PostgreSQL database backups for the RaaS database.

Try some sample content (optional)

To test the basic functionality of Tanzu Salt, try working with some sample content in the user interface. You may need to install the Salt minion service on a few of the nodes you want to manage before trying the sample content.

Tanzu Salt provides several default targets and jobs along with supporting files and pillar data. Sample job files and pillar data are placed in the sse Salt environment so they don’t interfere with files and pillar data in the base environment. The sample content includes targets, jobs, pillar data, and supporting files.

Samples are used to save time setting up your Tanzu Salt environment. With default jobs, you can take advantage of predefined state files and pillar data to begin running frequently-used operations. You might also refer to samples as a model for how different system elements are configured to work together as you build your own workflows.

The following sections give instructions for importing sample content and explain which sample content is recommended for most Tanzu Salt installations.

test.ping

Consider running the test.ping command on targeted Salt minions to verify communication is working properly within Tanzu Salt.

Enable presence

The enable presence job enables more accurate minion presence detection. It’s helpful to run enable presence jobs on a regular basis to ensure that your connected minions retain a status of Present in the Minions workspace. Presence indicates if Tanzu Salt has received any job data from the minion recently, within a defined interval.

Tanzu Salt provides a job to install a Salt Beacon that sends periodic heartbeats from each minion. A good practice is to install this job and run it at regular intervals on all minions to enable more accurate presence.

To run this job:

1. Open the user interface and log in using the superuser account.
2. Click Targets to access the Targets workspace.
3. Select a minion or the all minions check box.
4. Click Run Job and select Enable Presence.

What to do next

After logging into the user interface for the first time, you must complete additional post-installation steps. The next step is to set up SSL certificates. To continue the post-installation process, see Set up SSL certificates.