- Node.js for building the front-end.
- Pipenv for the back-end.
- A Postgresql database
git clone email@example.com:lincolnloop/saltdash.git cd saltdash make all # download dependencies and build the world $EDITOR saltdash.yml # change settings as needed pipenv shell # activate the Python virtual environment saltdash migrate # setup the database saltdash runserver # run a development server
Uses parcel. To start a development environment with live reloading, run:
cd client yarn run watch
Running in Production
pip install saltdash
saltdash runserver is not suitable for production. A production-level
webserver is included and can be started with
saltdash serve. If Docker is
more your speed, there's a
Dockerfile as well.
Configuration can be done via environment variables, a file, or a combination
of both thanks to
Goodconf. By default
it will look for a YAML file named
/etc/saltdash/ or the current
directory. You can also specify a configuration file with the
saltdash-generate-config can be used to generate a sample config file
containing the following variables:
- SECRET_KEY REQUIRED
a long random string you keep secret https://docs.djangoproject.com/en/2.2/ref/settings/#secret-key
Hosts allowed to serve the site https://docs.djangoproject.com/en/2.2/ref/settings/#allowed-hosts
List of modules to hide the output from in the web interface.
Socket for webserver to listen on.
GitHub Team authentication is included by setting the relevant
You'll need to setup an OAuth App at
https://github.com/organizations/<org>/settings/applications with a callback URL in the form:
To retrieve your team IDs:
- Create a token at GitHub
curl -H "Authorization: token <token>" https://api.github.com/orgs/<org>/teams
Setting up Salt
Once you've setup a Postgresql database using
saltdash migrate, connect Salt's external job cache to the database by adding the following lines to
# Replace items in brackets with actual values master_job_cache: pgjsonb returner.pgjsonb.host: [db-host] returner.pgjsonb.pass: [db-password] returner.pgjsonb.db: [db-database-name] returner.pgjsonb.port: [db-port] returner.pgjsonb.user: [db-user]
salt-master and all future jobs should get stored in the database.
If you have lots of jobs, you'll probably want to purge the cache periodically. A helper command is provided to do just that, run:
saltdash purge_job_cache [days_older_than_to_purge]
If you want to automate this, use the
--no-input flag to bypass the confirmation prompt.
It is very easy to accidentally expose secrets in Salt via the logs and/or
console output. The same applies for Saltdash. Since secrets are often stored
in encrypted pillar data, by default the output from any
pillar.* calls is
hidden via the
HIDE_OUTPUT setting. If you have additional modules you know
expose secret data, they should be added to the list.
There are many other ways secrets can leak, however. A few general tips (which are good practice whether you use Saltdash or not).
show_changes: falseon any
file.*actions which deal with sensitive data.
hide_output: trueon any
cmd.*state which may output sensitive data.
- When working with files, use templates or
- Avoid passing secrets as arguments to modules or states. Typically Salt can read them from a pillar or config instead.
Icon by BornSymbols used under