Do you think IIT Guwahati certified course can help you in your career?
Introduction
The SaltStack SDB (Simple Data Base) interface is intended to store and retrieve data that is not necessarily minion-specific, as opposed to pillars and grains. It is a SaltStack-specific database interface. The original design goal was to store passwords in a secure database, like one managed by the keyring package, rather than plain-text files. As a generic database interface, it could be used for various other purposes.
We'll show you how to use SDB to store and retrieve passwords in a centralized manner. When the same users appear in multiple Salt configuration files, this helps to avoid data duplications.
SDB Configuration
To use the SDB interface, a configuration profile must be created. It must be configured in the master configuration to be available for master commands such as runners. It can be set in the minion configuration file or as a pillar for modules executed on a minion. The SDB interface necessarily requires the creation of a profile in the master configuration file. By creating a file /etc/salt/master.d/passwords.conf, we can modularize the configuration. The configuration stanza contains the name/ID of the profile, a driver setting, and, if necessary, any other arguments required by the SDB module that will be used.
pwd:
driver: json
data: /srv/salt/common/pwd.json
SDB URIs
SDB is designed to run small database queries (hence the name SDB) with a short URL. This enables users to quickly reference a database value within various Salt configuration areas with minimal overhead. An SDB URI has the following basic format:
sdb://<profile>/<args>
The profile defined in the master or minion configuration file is called the profile.
The args are specific to the profiled module but will typically only be required to refer to the key of a key/value pair within the database.
This is because the profile should identify as many other parameters as possible.
Writing SDB Module
The data will be stored in JSON format, and you will use the SDB execution module to get, set, and delete values from this file.
There is currently one function in any SDB module that MUST exist (get()), one that SHOULD exist (set_()), and one that MAY exist (delete()). If a (set_()) function is used, a __alias_function__ dictionary must also be declared in the module:
__alias_function__ = {
'set_': 'set',
}
These methods must be implemented in the Python script json.py, which should be placed in the Salt file server's root directory called _sdb/ (that is, /srv/salt/ sdb/json.py).
Getting, Setting and Deleting SDB Values
After configuring an SDB driver, you can use the sdb execution module to get, set, and delete values from it. Most SDB modules will include two functions: get, set, and delete.
The hashed passwords can now be stored in the JSON data file.
The get() function is required because functions will invoke it in other parts of the code that use the sdb:// URI. This function is used by the config execution module's config.get function.
Only the SDB URI is required to obtain a value. To get a value from the pwd profile mentioned above, use:
$ sudo salt-run sdb.get sdb://pwd/ninja1
Setting a value uses the same URI as retrieving it, followed by the value as an additional argument. The set_() function is not necessarily required as some sources may have read-only access or it can be unsafe to access via URI, for example, the SQL injection attacks (attacker uses malicious SQL code to manipulate backend databases in order to gain access to data that was not meant to be displayed).
Set a new value for the above pwd URI with a command like:
The delete() function is optional because many sources are read-only or have restrictions on such operations. Deleting values is done in the same manner as getting them:
$ sudo salt-run sdb.delete sdb://pwd/user1
Using SDB URIs in Files
SDB URIs may be used in configuration and renderer system-processed files (jinja, mako, etc.). Make an entry in a configuration file (such as /etc/salt/master, /etc/salt/minion, /etc/salt/cloud, etc.) and set the value to the SDB URI. As an example:
mykey: sdb://myetcd/mykey
If you want to retrieve a key from SDB directly, you will use the SDB URI to call the sdb.get function. For example, in a pillar file, the passwords can be defined as follows:
Salts are used to prevent password cracking at large and can be stored in cleartext in the database.
What are SDB URIs?
SDB is designed to run small database queries (hence the name SDB) with a short URL. This enables users to quickly reference a database value within various Salt configuration areas with minimal overhead.
Should you keep salt in your database?
Yes. To prevent them from precompiling hashes, the salt should be stored in the database so they can't get it before they get the hashes. In other words, they'll need a lot of time to break the hashes after they compromise the database, giving you time to change passwords before they get access.
How will you use SDB URIs in files?
SDB URIs may be used in configuration and renderer system-processed files (jinja, mako, etc.). Make an entry in a configuration file (such as /etc/salt/master, /etc/salt/minion, /etc/salt/cloud, etc.) and set the value to the SDB URI.
Conclusions
In this article, we learned how to store data in databases in salt. The SDB configuration, URIs, and how to write it are described in this article. For the time being, you've done an excellent job, and hopefully, you'll feel much more comfortable with targeting.
Go through the articles below to get a good grasp of this domain:
27+ registered 
