nebula

Nebula state module.

Manages Nebula VPN certificates on minions. All platform-specific logic lives in the nebula execution module; these states are thin orchestration wrappers.

depends:

nebula execution module

saltext.nebula.states.nebula.__virtual__()

Only load if the nebula execution module is available.

saltext.nebula.states.nebula.certificates_present(name, minion_id=None, cert_dir=None, force_regenerate=False, auto_renew=True, renewal_threshold_days=30, backup_old_certs=True, validate_after_deploy=True)

Ensure Nebula certificates are present and valid.

Retrieves certificates from the Salt master file server. Certificates must first be generated on the master with the nebula runner:

salt-run nebula.get_certificate minion_id=<id>

name

Unique state name.

minion_id

Minion ID for certificates. Defaults to current minion.

cert_dir

Certificate directory. Auto-detected if omitted.

force_regenerate

Force retrieval even if certificates are valid.

auto_renew

Renew certificates approaching expiration. Default: True

renewal_threshold_days

Days before expiry to trigger renewal. Default: 30

backup_old_certs

Back up existing certificates before replacement. Default: True

validate_after_deploy

Validate the certificate chain after deployment. Default: True

Example state:

nebula_certificates:
  nebula.certificates_present:
    - auto_renew: true
    - renewal_threshold_days: 30

saltext.nebula.states.nebula.certificate_info(name, cert_path=None, minion_id=None)

Display Nebula certificate information.

Informational state – reports status without making changes.

name

Unique state name.

cert_path

Path to certificate. Auto-detected if omitted.

minion_id

Minion ID. Defaults to current minion.

Example state:

show_cert_info:
  nebula.certificate_info:
    - name: cert_info