Merge pull request #27733 from jacobhammons/bug-fixes

hardening topic - updates to docs.saltstack.com theme
2025-04-17 10:10:20 +00:00 · 2015-10-06 19:44:00 -06:00 · 2015-10-06 19:44:00 -06:00 · 4e48651de0
commit 4e48651de0
parent c58da846bf cbecd4f553
10 changed files with 126 additions and 38 deletions
--- a/doc/_themes/saltstack2/layout.html
+++ b/doc/_themes/saltstack2/layout.html
@ -21,12 +21,12 @@

 {% set script_files = [
    '_static/js/core.min.js',
-    '_static/js/webhelp.min_v1.4.2.js',
+    '_static/js/webhelp.min_v1.4.3.js',
 ] %}

 {% set css_files = [
    '_static/css/core.min.css',
-    '_static/css/webhelp.min_v1.4.3.css',
+    '_static/css/webhelp.min_v1.4.4.css',
 ] %}

 {%- macro relbar() %}
@ -212,7 +212,7 @@

                            <div class="col-sm-6">

-                                 <a href="http://saltstack.com/events/" target="_blank"><img class="nolightbox nav-banner center" src="{{ pathto('_static/images/saltStack_events_300x300.jpg', 1) }}"/></a>
+                                 <a href="http://saltstack.com/events/" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/webinars-banner.png', 1) }}"/></a>


                            </div>
@ -227,9 +227,12 @@
            <div id="sidebar-wrapper">
            <div id="sidebar-static">

-                <a class="ss-logo" href="http://saltstack.com"><img width="250" height="63" class="nolightbox center" src="{{ pathto('_static/images/saltstack_logo.svg', 1) }}"></a>
+                <a class="ss-logo" href="http://saltstack.com"><img width="250" height="63" class="nolightbox sidebar-logo" src="{{ pathto('_static/images/saltstack_logo.svg', 1) }}"></a>

                {% if on_saltstack %}
+
+                <a href="http://saltconf.com" target="_blank"><img class="nolightbox sidebar-banner center" src="{{ pathto('_static/images/sc16-banner.png', 1) }}"/></a>
+
                <div class="releaselinks versions {{ build_type }}">

                <a class="btn btn-secondary{% if build_type == "previous" or build_type == "inactive" %} active{% endif %}" id="previous"{% if build_type == "previous" or build_type == "inactive" %} title="View release notes"{% else %} title="Switch to docs for the previous stable release"{% endif %} data-container="body" data-toggle="tooltip" data-placement="bottom" href="/en/{{ previous_release_dir }}/">{{ previous_release }}{% if build_type == "previous" or build_type == "inactive" %} <i class="glyphicon glyphicon-ok"></i>{%- endif %}</a>
@ -238,7 +241,6 @@

                <a  class="btn btn-secondary{% if build_type == "develop" %} active{% endif %}" id="develop"{% if build_type == "develop" %} title="View all release notes"{% endif %} title="Switch to docs built recently from the develop branch" data-container="body" data-toggle="tooltip" data-placement="bottom" href="/en/develop/">Develop{% if build_type == "develop" %} <i class="glyphicon glyphicon-ok"></i>{% endif %}</a>

-                <p><a id="notifications" title="View the latest announcements from SaltStack" data-container="body" data-toggle="tooltip" data-placement="bottom" href="#">Announcements</a></p>
                </div>

                {% else %}
--- a/doc/_themes/saltstack2/static/css/webhelp.min_v1.4.4.css
+++ b/doc/_themes/saltstack2/static/css/webhelp.min_v1.4.4.css
@ -72,6 +72,7 @@ button#prev-button{float:left;margin:15px 0 0}
    #page-content-wrapper{padding:20px 0 0}
    #wrapper.toggled #page-content-wrapper{position:relative;margin-right:0}
    #menu-toggle{display:none!important}
+    .footer-banner{width:90%}
 }
@media(min-width:1200px) {
    #wrapper{padding-right:350px}
@ -84,6 +85,7 @@ button#prev-button{float:left;margin:15px 0 0}
    #wrapper.toggled #page-content-wrapper{position:relative;margin-right:0}
    #menu-toggle{display:none!important}
    .alert.alert-warning.dev-notification-text{width:68%}
+    .footer-banner{width:75%}
 }
@media(min-width:1400px) {
    #sidebar-wrapper{margin-right:-175px}
@ -93,6 +95,9 @@ button#prev-button{float:left;margin:15px 0 0}
@media(max-width:768px) {
    #sidebar-wrapper{border:1px solid #424242}
 }
+@media(max-height:750px) {
+    .sidebar-banner{display: none !important}
+}
 #header-nav{float:right;text-align:right}
 #header-nav li{padding:0 0 15px 15px;font-weight:300}
 #sidebar-wrapper{visibility:hidden}
@ -138,7 +143,7 @@ ul.nav.collapsed{margin-left:80px;font-size:14pt}
 #expanded-nav{font-size:12pt;font-weight:300}
 #expanded-nav li{padding:0 15px 0 0}
 ul.nav.collapsed li{padding:0 0 15px 10px;margin:0}
-#social-links{text-align:center;padding:10px 0}
+#social-links{text-align:center;padding:15px 0}
 .navbar-default{background-color:#fff;border-color:#fff}
 .navbar-header{width:100%}
 .open>.dropdown-menu{width:100%}
@ -167,6 +172,8 @@ div.logo{background-color:#000}
 div.versions .btn{padding: 3px 6px}
 div.versions p{margin: 3px 0 0}
 div.versions a,div.versions a:hover,div.versions a:active{color: #428bca}
+.sidebar-banner{padding: 0 0 10px 0}
+.sidebar-logo{display:block;margin: 10px auto 10px auto}

 /*pygments*/

--- a/doc/_themes/saltstack2/static/images/saltStack_events_300x300.jpg
+++ b/doc/_themes/saltstack2/static/images/saltStack_events_300x300.jpg
--- a/doc/_themes/saltstack2/static/images/saltstack_logo.svg
+++ b/doc/_themes/saltstack2/static/images/saltstack_logo.svg
@ -1,27 +1,44 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 18.1.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 257.5 65" enable-background="new 0 0 257.5 65" xml:space="preserve">
-<g>
-	<path d="M162.6,29.3c-4.2-1-4.7-1.7-4.7-2.9c0-1.2,1.2-2,3-2c1.8,0,3.6,0.7,5.5,2.1l0.4,0.3l2.6-3.6l-0.4-0.3c-2.3-1.9-5-2.8-8-2.8
-		c-4.6,0-7.8,2.8-7.8,6.8c0,4.2,2.7,5.7,7.5,6.9c4.1,1,4.4,1.7,4.4,2.8c0,1.3-1.3,2.2-3.3,2.2c-2.3,0-4.3-0.8-6.4-2.6l-0.4-0.3
-		l-2.9,3.4l0.4,0.3c2.6,2.3,5.8,3.5,9.2,3.5c4.9,0,8.1-2.7,8.1-6.9C169.8,31.7,166.4,30.2,162.6,29.3z"/>
-	<polygon points="189.6,20.3 171.3,20.3 171.3,24.8 178.1,24.8 178.1,42.7 182.8,42.7 182.8,24.8 189.6,24.8 	"/>
-	<path d="M197.6,20.2l-9.8,22.5h4.9l2.2-5.1h6l1.6-4.2l4,9.4h5.1l-9.8-22.5H197.6z M196.7,33.2l2.9-6.8l2.9,6.8H196.7z"/>
-	<path d="M228.9,36c-1.7,1.6-3.3,2.6-5.8,2.6c-3.7,0-6.5-3-6.5-7.1c0-4,2.8-7,6.5-7c2,0,3.8,0.8,5.6,2.5l0.4,0.4l3.1-3.5l-0.3-0.3
-		c-1.8-1.7-4.2-3.5-8.7-3.5c-6.6,0-11.5,5-11.5,11.6c0,6.4,5,11.5,11.4,11.5c3.7,0,6.4-1.2,9-3.9l0.3-0.4l-3.1-3.1L228.9,36z"/>
-	<polygon points="245.9,30.1 255.3,20.3 249.3,20.3 239.8,30.3 239.8,20.3 235.1,20.3 235.1,42.7 239.8,42.7 239.8,36.2 242.6,33.3 
-		249.7,42.7 255.5,42.7 	"/>
-	<path d="M83.7,29.9c-5-1.1-5.4-2.2-5.4-3.7c0-1.7,1.7-2.9,4-2.9c2.1,0,4,0.7,5.8,2.2l0.4,0.3l2-2.7l-0.4-0.3
-		c-2.4-1.9-4.7-2.7-7.8-2.7c-4.3,0-7.5,2.7-7.5,6.4c0,4.2,3,5.7,7.6,6.6c4.8,1,5.1,2.2,5.1,3.6c0,1.9-1.7,3.1-4.3,3.1
-		c-2.7,0-4.7-0.8-7-2.9L76,36.6l-2.1,2.5l0.4,0.3c2.7,2.4,5.6,3.5,9.1,3.5c4.6,0,7.8-2.7,7.8-6.6C91,32.9,88.8,31,83.7,29.9z"/>
-	<path d="M102.6,20.2L92.4,42.7H96l2.5-5.6h8.6l1.1-2.9l3.8,8.5h3.7l-10.2-22.5H102.6z M99.9,33.9l4.1-9.2l4.1,9.2H99.9z"/>
-	<polygon points="122,20.3 118.6,20.3 118.6,42.7 134,42.7 134,39.4 122,39.4 	"/>
-	<polygon points="132.9,23.6 140,23.6 140,42.7 143.5,42.7 143.5,23.6 150.6,23.6 150.6,20.3 132.9,20.3 	"/>
+<!-- Generator: Adobe Illustrator 19.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="horizontal" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 500 120" style="enable-background:new 0 0 500 120;" xml:space="preserve">
+<g id="saltStack_x5F_icon_x5F_thicker_2_">
+	<g>
+		<path d="M49.4,1.7c1.7-1.2,3.2-1,5,0c5,3,10,5.9,15.1,8.7c0.5,0.3,1.4,0.1,1.9-0.1c5-2.8,9.9-5.6,14.8-8.6c1.7-1,3.1-1.2,4.8-0.1
+			c7.5,4.4,15.1,8.8,22.7,13.1c1.6,0.9,2.3,2.1,2.3,3.9c-0.1,8.8-0.1,17.6,0,26.4c0,1.7-0.6,2.8-2.1,3.7c-4.5,2.5-8.9,5.1-13.4,7.7
+			c3.2,2.6,3.2,2.6,3.2,6.7c0,8.2,0,16.4,0,24.7c0,1.6-0.6,2.5-2,3.3c-15.6,9-31.2,17.9-46.7,27c-2.2,1.3-3.8,1.3-6,0
+			c-15.5-9.1-31.1-18.1-46.7-27c-1.5-0.8-2.1-2-2.1-3.6c0-18.3,0-36.7,0-55c0-1.6,0.6-2.7,2-3.5L49.4,1.7z M49.3,63.1
+			c0-1.1-0.3-1.7-1.2-2.2L5.4,36.4l0,48.9c0,1.2,0.4,1.8,1.4,2.4l42.3,24.4L49.3,63.1z M96.9,87.6c1-0.6,1.4-1.1,1.4-2.3l-0.1-20.5
+			L78.4,76.1c-2.8,1.6-4.7,0.5-4.7-2.7c0-7,0-14,0-21c0-0.5,0-1.1-0.1-1.8L55.6,61c-0.9,0.5-1.1,1.2-1.1,2.1l0,49L96.9,87.6z
+			 M50.7,56.4c0.8,0.5,1.4,0.5,2.2,0c3.4-2.1,6.9-4,10.4-6c2.5-1.4,4.9-2.9,7.6-4.5c-1-0.6-1.8-1.1-2.6-1.5
+			c-5.9-3.4-11.7-6.8-17.6-10.2c-2.2-1.3-2.2-3.7,0-5c3.1-1.8,6.1-3.6,9.2-5.3c1-0.5,1.5-1.2,1.3-2.3c-0.1-0.5,0-0.9,0-1.4
+			c-0.3-2.6,0.1-4.8,2.9-5.9c0.1,0,0.2-0.2,0.3-0.4c-3.9-2.2-7.8-4.4-11.6-6.7c-1-0.6-1.6-0.5-2.5,0L8.2,31.7L50.7,56.4z
+			 M107.8,17.6c-0.4-0.3-0.5-0.4-0.6-0.4c-5.9-3.4-11.8-6.8-17.7-10.2c-0.4-0.2-1.3-0.2-1.8,0.1c-5.3,3-10.5,6-15.7,9
+			c-0.7,0.4-1.4,0.9-2.4,1.4c0.4,0.2,0.5,0.3,0.6,0.4c5.9,3.4,11.8,6.8,17.7,10.2c0.4,0.2,1.3,0.1,1.8-0.1c2.6-1.4,5.1-2.9,7.6-4.3
+			C100.7,21.7,104.1,19.7,107.8,17.6z M109.7,44.8c0.5-0.3,0.8-1.1,0.8-1.7c0.1-6.4,0-12.8,0-19.3c0-0.4-0.1-0.8-0.1-1.2
+			c-0.3,0-0.4,0-0.5,0c-5.9,3.4-11.8,6.8-17.7,10.3c-0.5,0.3-0.8,1.1-0.8,1.7l0,20.7L109.7,44.8z M66.8,22.3c0,4.8,0,9.2,0,13.7
+			c0,1,0.4,1.6,1.2,2c3.1,1.8,6.2,3.6,9.4,5.4c1.3,0.7,1.8,1.7,1.8,3.1c0,1.3,0,2.7,0,4c0,0.4,0.1,1,0.4,1.2c2,1.3,4.1,2.4,6.3,3.7
+			c0.1-0.5,0.2-0.7,0.2-0.9c0-6.7,0-13.5,0-20.2c0-0.5-0.5-1.2-1-1.5L66.8,22.3z M79.3,57.8c0,4,0,7.7,0,11.7
+			c5.5-3.2,10.8-6.2,16-9.3c-0.1-0.2-0.2-0.4-0.3-0.5c-0.4,0.1-0.8,0.3-1.1,0.4c-1.1,0.6-2.2,1.2-3.2,1.9c-1.3,0.9-2.6,0.9-4,0.1
+			C84.3,60.6,81.8,59.3,79.3,57.8z M57.2,31.7c1.5,0.9,2.7,1.6,4,2.3c0-1.7,0-3.1,0-4.7C59.9,30.2,58.7,30.9,57.2,31.7z"/>
+	</g>
 </g>
-<path fill="#010101" d="M63.9,12.2L48.6,3.3L37.7,9.6l-8.9-5L3.9,19v28.9l25,14.4l25-14.4V35.7l10-5.8V12.2z M59.6,13l-11,6.4
-	l-11-6.4l11-6.4L59.6,13z M31.5,19.8l1.8-1l0,2l-0.7-0.4l0,0L31.5,19.8z M36.1,15.5l11,6.4v12.7L42,31.5v-5.7l-5.9-3.4L36.1,15.5z
-	 M42,34.8l4,2.4l-4,2.3V34.8z M28.9,7.5l6.3,3.5l-1.9,1.1l0,3.6l-6.9,3.9l3.4,2l8.4,4.9L28.9,32L7.7,19.8L28.9,7.5z M6.5,22
-	l21.2,12.2v24.4L6.5,46.4V22z M51.3,46.4L30.2,58.6V34.2l9.3-5.4V44l9.1-5.2l0,0l2.8-1.6V46.4z M50,34.6V21.9l11-6.4v12.8L50,34.6z"
-	/>
+<polygon points="480.7,57.1 499.5,37.6 487.5,37.6 468.6,57.6 468.6,37.6 459.1,37.6 459.1,82.4 468.6,82.4 468.6,69.4 474.2,63.7 
+	488.4,82.4 500,82.4 "/>
+<path d="M446.7,68.9c-3.5,3.3-6.7,5.3-11.6,5.3c-7.5,0-13.1-6.1-13.1-14.3c0-8,5.6-14.1,13.1-14.1c4.1,0,7.5,1.6,11.3,5l0.8,0.7
+	l6.2-7.1l-0.7-0.7c-3.6-3.4-8.5-6.9-17.4-6.9c-13.2,0-23.1,9.9-23.1,23.2c0,12.9,10,23,22.8,23c7.4,0,12.8-2.4,18.1-7.9l0.7-0.7
+	l-6.2-6.3L446.7,68.9z"/>
+<path d="M383.8,37.3l-19.7,45.1h9.9l4.4-10.3h12.1l3.2-8.5l8,18.8h10.1l-19.7-45.1H383.8z M382,63.4l5.8-13.5l5.8,13.5H382z"/>
+<polygon points="367.9,37.6 331.2,37.6 331.2,46.6 344.7,46.6 344.7,82.4 354.3,82.4 354.3,46.6 367.9,46.6 "/>
+<path d="M313.8,55.6c-8.4-2-9.4-3.4-9.4-5.9c0-2.4,2.4-4.1,6-4.1c3.6,0,7.2,1.4,11,4.2l0.8,0.6l5.2-7.3l-0.7-0.6
+	c-4.7-3.8-10-5.6-16.1-5.6c-9.2,0-15.6,5.5-15.6,13.5c0,8.5,5.5,11.4,15,13.7c8.3,1.9,8.9,3.5,8.9,5.7c0,2.7-2.6,4.4-6.6,4.4
+	c-4.7,0-8.6-1.6-12.9-5.3l-0.8-0.7l-5.8,6.9l0.7,0.6c5.2,4.7,11.6,7.1,18.5,7.1c9.9,0,16.3-5.4,16.3-13.9
+	C328.3,60.3,321.3,57.4,313.8,55.6z"/>
+<polygon points="254.1,44.1 268.5,44.1 268.5,82.4 275.4,82.4 275.4,44.1 289.7,44.1 289.7,37.6 254.1,37.6 "/>
+<polygon points="232.3,37.6 225.5,37.6 225.5,82.4 256.4,82.4 256.4,75.9 232.3,75.9 "/>
+<path d="M193.4,37.3L173,82.4h7.2l5.1-11.3h17.3l2.1-5.8l7.6,17.1h7.4l-20.4-45.1H193.4z M188,64.7l8.2-18.4l8.1,18.4H188z"/>
+<path d="M155.5,56.7c-10-2.2-10.8-4.5-10.8-7.5c0-3.5,3.3-5.9,8.1-5.9c4.3,0,8,1.4,11.7,4.4l0.8,0.7l4-5.3l-0.8-0.6
+	c-4.8-3.8-9.5-5.5-15.7-5.5c-8.7,0-15,5.3-15,12.8c0,8.3,6.1,11.4,15.1,13.3c9.6,2,10.3,4.3,10.3,7.3c0,3.8-3.4,6.3-8.5,6.3
+	c-5.4,0-9.4-1.7-14-5.8l-0.8-0.7l-4.3,5.1l0.7,0.7c5.4,4.8,11.2,7.1,18.2,7.1c9.2,0,15.6-5.4,15.6-13.2
+	C170.3,62.9,165.9,58.9,155.5,56.7z"/>
 </svg>
--- a/doc/_themes/saltstack2/static/images/sc16-banner.png
+++ b/doc/_themes/saltstack2/static/images/sc16-banner.png
--- a/doc/_themes/saltstack2/static/images/webinars-banner.png
+++ b/doc/_themes/saltstack2/static/images/webinars-banner.png
--- a/doc/_themes/saltstack2/static/js/webhelp.min_v1.4.3.js
+++ b/doc/_themes/saltstack2/static/js/webhelp.min_v1.4.3.js
@ -38,16 +38,16 @@ $( document ).ready(function() {
                var hash = window.location.hash.substring(1);
                var $link = $( '#sidebar-nav').find('a[href$="#' + hash + '"]').addClass("selected");
                if ($link.length) {
-                    var scrollTo_val = $link.offset().top - 300 + 'px';
+                    var scrollTo_val = $link.offset().top - ($( '#sidebar-static' ).height() + 40) + 'px';
                    $( '#sidebar-nav' ).slimScroll({ scrollTo : scrollTo_val });
                }
                else if ($( 'a.current' ).length) {
-                    var scrollTo_val = $( 'a.current' ).offset().top - 300 + 'px';
+                    var scrollTo_val = $( 'a.current' ).offset().top - ($( '#sidebar-static' ).height() + 40) + 'px';
                    $( '#sidebar-nav' ).slimScroll({ scrollTo : scrollTo_val });
                }
            }
            else if ($( 'a.current' ).length) {
-                var scrollTo_val = $( 'a.current' ).offset().top - 300 + 'px';
+                var scrollTo_val = $( 'a.current' ).offset().top - ($( '#sidebar-static' ).height() + 40) + 'px';
                $( '#sidebar-nav' ).slimScroll({ scrollTo : scrollTo_val });
            }
            /*hidden by css - make visible after slimScroll plug-in loads*/
--- a/doc/contents.rst
+++ b/doc/contents.rst
@ -34,6 +34,7 @@ Salt Table of Contents
    topics/ssh/*
    ref/index
    topics/best_practices
+    topics/hardening
    topics/troubleshooting/index
    topics/development/index
    topics/releases/index
--- a/doc/topics/hardening.rst
+++ b/doc/topics/hardening.rst
@ -0,0 +1,62 @@
+.. _hardening-salt:
+
+==============
+Hardening Salt
+==============
+
+This topic contains tips you can use to secure and harden your Salt
+environment. How you best secure and harden your Salt environment depends
+heavily on how you use Salt, where you use Salt, how your team is structured,
+where you get data from, and what kinds of access (internal and external) you
+require.
+
+General hardening tips
+======================
+
+- Restrict who can directly log into your Salt master system.
+- Use SSH keys secured with a passphrase to gain access to the Salt master system.
+- Track and secure SSH keys and any other login credentials you and your team
+  need to gain access to the Salt master system.
+- Use a hardened bastion server or a VPN to restrict direct access to the Salt
+  master from the internet.
+- Don't expose the Salt master any more than what is required.
+- Harden the system as you would with any high-priority target.
+- Keep the system patched and up-to-date.
+- Use tight firewall rules.
+
+Salt hardening tips
+===================
+
+- Subscribe to `salt-users`_ or `salt-announce`_ so you know when new Salt
+  releases are available. Keep your systems up-to-date with the latest patches.
+- Use Salt's Client :ref:`ACL system <acl>` to avoid having to give out root
+  access in order to run Salt commands.
+- Use Salt's Client :ref:`ACL system <acl>` to restrict which users can run what commands.
+- Use :ref:`external Pillar <all-salt.pillars>` to pull data into Salt from
+  external sources so that non-sysadmins (other teams, junior admins,
+  developers, etc) can provide configuration data without needing access to the
+  Salt master.
+- Make heavy use of SLS files that are version-controlled and go through
+  a peer-review/code-review process before they're deployed and run in
+  production. This is good advice even for "one-off" CLI commands because it
+  helps mitigate typos and mistakes.
+- Use salt-api, SSL, and restrict authentication with the :ref:`external auth
+  <acl-eauth>` system if you need to expose your Salt master to external
+  services.
+- Make use of Salt's event system and :ref:`reactor <reactor>` to allow minions
+  to signal the Salt master without requiring direct access.
+- Run the ``salt-master`` daemon as non-root.
+- Disable which modules are loaded onto minions with the
+  :conf_minion:`disable_modules` setting. (for example, disable the ``cmd``
+  module if it makes sense in your environment.)
+- Look through the fully-commented sample :ref:`master
+  <configuration-examples-master>` and :ref:`minion
+  <configuration-examples-minion>` config files. There are many options for
+  securing an installation.
+- Run :ref:`masterless-mode <tutorial-standalone-minion>` minions on
+  particularly sensitive minions. There is also :ref:`salt-ssh` or the
+  :mod:`modules.sudo <salt.modules.sudo>` if you need to further restrict
+  a minion.
+
+.. _salt-users: https://groups.google.com/forum/#!forum/salt-users
+.. _salt-announce: https://groups.google.com/forum/#!forum/salt-announce
--- a/doc/topics/ssh/index.rst
+++ b/doc/topics/ssh/index.rst
@ -1,3 +1,5 @@
+.. _salt-ssh:
+
 ========
 Salt SSH
 ========
@ -33,7 +35,6 @@ Salt SSH Roster
 The roster system in Salt allows for remote minions to be easily defined.

 .. note::
-
    See the :doc:`Roster documentation </topics/ssh/roster>` for more details.

 Simply create the roster file, the default location is `/etc/salt/roster`:
@ -56,7 +57,6 @@ address. A more elaborate roster can be created:
      host: 192.168.42.2

 .. note::
-
    sudo works only if NOPASSWD is set for user in /etc/sudoers:
    ``fred ALL=(ALL) NOPASSWD: ALL``

@ -72,7 +72,7 @@ You can use ssh-copy-id, (the OpenSSH key deployment tool) to deploy keys to you

   ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub user@server.demo.com

-One could also create e a simple shell script, named salt-ssh-copy-id.sh as follows:
+One could also create a simple shell script, named salt-ssh-copy-id.sh as follows:

 .. code-block:: bash

@ -85,8 +85,7 @@ One could also create e a simple shell script, named salt-ssh-copy-id.sh as foll


 .. note::
-
-Be certain to chmod +x salt-ssh-copy-id.sh.
+    Be certain to chmod +x salt-ssh-copy-id.sh.

 .. code-block:: bash