Salt SSH Push

Salt SSH Push is intended to be used in environments where your Salt clients cannot reach the SUSE Manager server directly to regularly checking in and, for example, fetch package updates.

Push via SSH

This feature is not related to Push via SSH for the traditional clients. For Push via SSH, see[Salt SSH Push].


salt ssh contact taigon
Figure 1. Push via Salt SSH Contact Method

Salt provides “Salt SSH” (salt-ssh), a feature to manage clients from a server. It works without installing Salt related software on clients. Using Salt SSH there is no need to have clients connected to the Salt master. Using this as a SUSE Manager connect method, this feature provides similar functionality for Salt clients as the traditional Push via SSH feature for traditional clients.

This feature allows:

  • Managing Salt entitled systems with the Push via SSH contact method using Salt SSH.

  • Bootstrapping such systems.


  • SSH daemon must be running on the remote system and reachable by the salt-api daemon (typically running on the SUSE Manager server).

  • Python must be available on the remote system (Python must be supported by the installed Salt). Currently: python 2.6.

Unsupported Systems

Red Hat Enterprise Linux and CentOS versions ⇐ 5 are not supported because they do not have Python 2.6 by default.


To bootstrap a Salt SSH system, proceed as follows:

  1. Open the Bootstrap Minions  ] dialog in the Web UI (menu:Systems[Bootstrapping ).

  2. Fill out the required fields. Select an Activation Key  ] with the menu:Push via SSH[ contact method configured. For more information about activation keys, see:

  3. Check the Manage system completely via SSH option.

  4. Confirm with clicking the Bootstrap button.

Now the system will be bootstrapped and registered in SUSE Manager. If done successfully, it will appear in the Systems list.


There are two kinds of parameters for Push via Salt SSH:

  • Bootstrap-time parameters - configured in the Bootstrapping page:

    • Host

    • Activation key

    • Password - used only for bootstrapping, not saved anywhere; all future SSH sessions are authorized via a key/certificate pair

  • Persistent parameters - configured SUSE Manager-wide:

    • sudo user - same as in

Action Execution

The Push via Salt SSH feature uses a taskomatic job to execute scheduled actions using salt-ssh. The taskomatic job periodically checks for scheduled actions and executes them. While on traditional clients with SSH push configured only mgr_check is executed via SSH, the Salt SSH push job executes a complete salt-ssh call based on the scheduled action.

Known Limitation

  • OpenSCAP auditing is not available on Salt SSH clients.

  • Beacons do not work with Salt SSH.

    • Installing a package on a system using zypper will not invoke the package refresh.

    • Virtual Host functions (for example, a host to guests) will not work if the virtual host system is Salt SSH-based.