IT 3110: System Automation

Automated Configuration - SaltStack

Salt stack Install



Make sure minions can find the salt master

When a minion starts, by default it searches for a system that resolves to the salt hostname on the network. If found, the minion initiates the handshake and key authentication process with the Salt master. This means that the easiest configuration approach is to set internal DNS to resolve the name salt back to the Salt Master IP.

Minions finding master

Otherwise, the minion configuration file will need to be edited so that the configuration option master points to the DNS name or the IP of the Salt Master:

In /etc/salt/minion, you have to:


Then, you can do a service salt-minion restart

Salt stack keys

After you think you have installed the master and minions, you must accept the minion keys. On master:

Salt stack ping test

or execute shell commands on multiple systems simultaneously with:

Salt command structure


Just as when we used ansible, we shouldn’t use ‘raw’ shell commands for everything. Salt has many ‘execution functions’ that we should use:

Salt targeting

Can target hosts by:

Salt Top file

A Top file describes where states should be applied (maybe analogous to ansible inventory file). States and top file work together.

Should be place in /srv/salt/top.sls

Top file

Create a top file like:

       - common
       - nettools

Salt states

Salt state example

   install vim:
       - name: vim

Salt state example

   remove vim:
       - name: vim

Salt state example

Salt service example


        - name: apache2

Salt state

        - shell: /bin/bash
        - home: /home/tom
        - groups:
          - sudo


Salt random stuff

Salt Grains

Salt comes with an interface to derive information about the underlying system. This is called the grains interface, because it presents salt with grains of information. Grains are collected for the operating system, domain name, IP address, kernel, OS type, memory, and many other system properties.

can create custom grains (have to configure on each minion)

Salt pillar

Pillar is an interface for Salt designed to offer global values that can be distributed to minions. (Similar to grains, but configured on the server)

See the link here

Salt Variables

Salt Variables

Also created in /srv/pillar/top.sls

        - core

View variables with sudo salt '*' pillar.items

Salt Using variables

Created in /srv/salt

    {% for user in pillar['users'] %}
    add_{{ user }}:
        - name: {{ user }}
    {% endfor %}


    {% for user in pillar['users'] %}
      {{ user }}:
    {% endfor %}

Salt stack debug

You can see your rendered jinja by doing:

sudo salt ‘minion-2’ state.show_sls make_users

Won’t actually execute it

Salt stack debug

If you are getting the following error:

You may be able to solve it by doing a sudo pip install --upgrade pyOpenSSL