During this installation task, you edit five different sections in the SaltStack Config settings pillar mapping file to provide the values that are appropriate for your environment.

These settings will be used by the configuration state files to deploy and manage your SaltStack Config deployment.

To copy and edit the SaltStack Config settings state file:

1. On the Salt master, navigate to the /srv/pillar/sse/ directory.
2. Open the sse_settings.yaml file in an editor. Section 1 of this file contains four variables that correspond to the four nodes. Change the values of the four variables to the minion IDs (not the IP addresses or DNS names) for the corresponding nodes. Use the minion IDs that you recorded earlier as you worked through the Record key data about the four nodes step.

   For example:

   # PostgreSQL Server (Single value)
   pg_server: postgres-database-1
   
   # Redis Server (Single value)
   redis_server: redis-database-1
   
   # SaltStack Enterprise Servers (List one or more)
   eapi_servers:
     - saltstack-enterprise-api-server-1
   
   # Salt Masters (List one or more)
   salt_masters:
     - saltmaster-1

   Note: The pg_server and redis_server variables are single variables because most network configurations only have one PostgreSQL and Redis database. By contrast, the variables for the eapi_servers and salt-masters are formatted in a list because it is possible to have more than one RaaS node and Salt master.
3. In Section 2 of this file, edit the variables to specify the endpoint and port of your PostgreSQL node:
   • pg_endpoint - Change the value to the IP address or DNS name (not the minion ID) of your PostgreSQL server. If you are in a virtualized environment, take care to specify the internal address, as opposed to the public address.
   • pg_port - The standard PostgreSQL port is provided, but may be overridden, if needed.
   • pg_username and pg_password - Enter the credentials for the user that the API (RaaS) will use to authenticate to PostgreSQL. This user is created when you run the configuration orchestration highstate.
   Note: The variable is specified as the pg_endpoint as some installations may have configured a separate PostgreSQL server (or cluster) that is not managed by this installation process. If that is the case, exclude the action. Do not apply the highstate to the PostgreSQL server during the Apply the highstates to the nodes step later in the process.
4. Repeat the previous step to edit Section 3 of this file, but instead edit the corresponding variables to specify the endpoint and port of your Redis node.
5. In Section 4 of this file, edit the variables related to the RaaS node:
   • If this is a fresh installation, do not change the default values for the eapi_username and eapi_password variables. During the configuration orchestration, the installation process establishes the database with these default credentials. It needs these credentials to connect through the eAPI service to establish your default Targets and Jobs in SaltStack Config. You will change the default password in a later post-installation step.
   • For the eapi_endpoint variable, change the value to the IP address or DNS (not the minion ID) of your RaaS node.
     Note: The variable is specified as the eapi_endpoint as some installations host multiple eAPI servers behind a load balancer.
   • The eapi_ssl_enabled variable is set to True by default. When set to True, SSL is enabled. You are strongly recommended to leave this enabled. SSL validation is not required by the installer, but is likely a security requirement in environments that host their own certificate authority.
   • The eapi_standalone variable is set to False by default. This variable provides direction to the configuration states if Pillar data is being used in a single-node installation scenario. In that scenario, all IP communication would be directed to the loopback address. In the multi-installation scenario, you should leave this set to False.
   • The eapi_failover_master variable is set to False by default. This variable supports deployments where Salt masters (and minions) are operating in failover mode.
   • The eapi_key variable defines the encryption key thatSaltStack Config uses to manage encrypted data in the PostgreSQL database. This key should be unique for each installation. A default is provided, but a custom key can be generated by running the following command in a separate terminal outside of the editor:

     openssl rand -hex 32

6. In Section 5 of this file, edit the variables to add your unique customer identifiers:
   • The customer_id variable uniquely identifies a SaltStack deployment. It becomes the suffix of the schema name of the raas_* (API (RaaS)) database in PostgreSQL. A default is provided, but a custom key can be generated by running the following command in a separate terminal outside of the editor:

     cat /proc/sys/kernel/random/uuid

   • The cluster_id variable defines the ID for a set of Salt masters when it is configured in either Active or Failover Multi-Master mode. This ID prevents minions that are reporting to multiple Salt masters from being reported multiple times within the SaltStack Config.

Save your changes to this file and proceed to the next section.