Enable the management of the APT node through the Salt Master node

Enable the management of the APT node through the Salt Master nodeΒΆ

In compliance with the security best practices, MCP enables you to connect your offline mirror APT VM to the Salt Master node and manage it as any infrastructure VM on your MCP deployment.


This section is only applicable for the offline deployments where all repositories are stored on a specific VM deployed using the MCP apt01 offline image, which is included in the MCP release artifacts.

For the deployments managed by the MCP 2018.8.0 Build ID or later, you should not manually enable the Salt minion on the offline image VM as it is configured automatically on boot during the APT VM provisioning.

Though, if your want to enable the management of the offline image VM through the Salt Master node on an existing deployment managed by the MCP version below the 2018.8.0 Build ID, you need to perform the procedure included in this section.

To enable the Salt minion on an existing offline mirror node:

  1. Connect to the serial console of your offline image VM, which is included in the pre-built offline APT QCOW image:

    virsh console $(virsh list --all --name | grep ^apt01) --force

    Log in with the user name and password that you created in step 4 of the Generate configuration drives manually procedure.

    Example of system response:

    Connected to domain apt01.example.local
    Escape character is ^]
  2. Press Enter to drop into the root shell.

  3. Configure the Salt minion and start it:

    echo "" > /etc/salt/minion
    echo "master: <IP_address>" > /etc/salt/minion.d/minion.conf
    echo "id: <apt01.example.local>" >> /etc/salt/minion.d/minion.conf
    service salt-minion stop
    rm -f /etc/salt/pki/minion/*
    service salt-minion start
  4. Quit the serial console by sending the Ctrl + ] combination.

  5. Log in to the Salt Master node.

  6. Verify that you have the offline mirror VM Salt minion connected to your Salt Master node:

    salt-key -L | grep apt

    The system response should include your offline mirror VM domain name. For example:

  7. Verify that you can access the Salt minion from the Salt Master node:

    salt apt01\* test.ping
  8. Verify the Salt states are mapped to the offline mirror VM:

    salt apt01\* state.show_top

Now, you can manage your offline mirror APT VM from the Salt Master node. At this point, the Salt Master node does not manage the offline mirror content. If you need to adjust the content of your offline mirror, refer to Customize the prebuilt mirror node.