IT 3110: System Automation

Automated Configuration - SaltStack


Salt stack Install

Master:

Minion:


Make sure minions can find the salt master

When a minion starts, by default it searches for a system that resolves to the salt hostname on the network. If found, the minion initiates the handshake and key authentication process with the Salt master. This means that the easiest configuration approach is to set internal DNS to resolve the name salt back to the Salt Master IP.


Minions finding master

Otherwise, the minion configuration file will need to be edited so that the configuration option master points to the DNS name or the IP of the Salt Master:

In /etc/salt/minion, you have to:

    master: saltmaster.example.com

Then, you can do a service salt-minion restart


Salt stack keys

After you think you have installed the master and minions, you must accept the minion keys. On master:


Salt stack ping test

or execute shell commands on multiple systems simultaneously with:


Salt command structure


Salt

Just as when we used ansible, we shouldn’t use ‘raw’ shell commands for everything. Salt has many ‘execution functions’ that we should use:


Salt targeting

Can target hosts by:


Salt Top file

A Top file describes where states should be applied (maybe analogous to ansible inventory file). States and top file work together.

Should be place in /srv/salt/top.sls


Top file

Create a top file like:

   #top.sls
   base:
     '*':
       - common
     'ns*':
       - nettools

Salt states


Salt state example

   #/srv/salt/examples.sls
   install vim:
     pkg.installed:
       - name: vim

Salt state example

   remove vim:
     pkg.removed:
       - name: vim

Salt state example


Salt service example

    apache2:
      pkg.installed

    foo:
      service.running:
        - name: apache2

Salt state

    tom:
      user.present:
        - shell: /bin/bash
        - home: /home/tom
        - groups:
          - sudo

    pete:
      user.absent

Salt random stuff


Salt Grains

Salt comes with an interface to derive information about the underlying system. This is called the grains interface, because it presents salt with grains of information. Grains are collected for the operating system, domain name, IP address, kernel, OS type, memory, and many other system properties.

can create custom grains (have to configure on each minion)


Salt pillar

Pillar is an interface for Salt designed to offer global values that can be distributed to minions. (Similar to grains, but configured on the server)

See the link here


Salt Variables


Salt Variables

Also created in /srv/pillar/top.sls

    base:
      '*':
        - core

View variables with sudo salt '*' pillar.items


Salt Using variables

Created in /srv/salt

    #make_users.sls
    {% for user in pillar['users'] %}
    add_{{ user }}:
      user.present:
        - name: {{ user }}
    {% endfor %}

or

    {% for user in pillar['users'] %}
      {{ user }}:
        user.present
    {% endfor %}

Salt stack debug

You can see your rendered jinja by doing:

sudo salt ‘minion-2’ state.show_sls make_users

Won’t actually execute it


Salt stack debug

If you are getting the following error:

You may be able to solve it by doing a sudo pip install --upgrade pyOpenSSL