Salt

Table of Contents

SaltStack Server

SaltStack Docs
SaltStack Installation
SaltStack Walkthrough
SaltStack Execution Modules
Getting Started with SaltStack Video
SaltStackEC2



Common Commands

When salt command is issued on salt-master the command will be run as local root on the client.
When salt command is issued on salt-master all targeted minions must be reachable for command to run. Salt will display an error for those clients that it was unable to reach but will take no further action or queuing to apply actions when minion becomes available. 
Server
salt '*' pkg.refresh_db				# check for yum/dnf updates
salt '*' pkg.upgrade				# run updates using yum on minions
salt '*' pkg.install package_name		# install package using yum
salt '*' cmd.run 'ls -l /etc'			# run a command on minion
salt-key -d 'ws100*'				# delete key; required if minion rebuilt
salt-key -a 'ws*'				# accept key(s) for workstations
salt-run manage.status  			# What is the status of all my minions? (both up and down)
salt-run jobs.active      			# get list of active jobs
salt-run jobs.list_jobs   			# get list of historic jobs
salt-run jobs.lookup_jid <job id number>	# get details of this specific job
salt 'minion1' network.ip_addrs          	# Get IP of your minion
salt 'minion1' network.ping <hostname>   	# Ping a host from your minion
salt 'minion1' state.sls <script>		# Run script defined in server:/srv/salt/script.sls

Client
systemctl restart salt-minion.service	# restart of minion service; required to re-establish connection to salt master after key deletion


Installation

Repository

rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
vi etc/yum.repos.d/saltstack.repo

[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

yum clean expire-cache
yum update


If this repo is added before Salt is installed, then installing either salt-master or salt-minion will automatically pull in ZeroMQ 4.0.4, and additional states to upgrade ZeroMQ and pyzmq are unnecessary.

Server Setup

Poprocks:
yum install salt-master # server
yum install salt-minion # client
yum install salt-ssh # ssh communication
yum install salt-syndic #
yum install salt-cloud

Enable salt-master to start at boot
systemctl enable salt-master.service
systemctl start sal-master.service

Configuring Salt Master
vim /etc/salt/master
16: interface: 192.168.255.30

restart service

Client Setup

Local minion quickstart

Install

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh
vim /etc/salt/minion
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
[minion config]
master: poprocks.votesmart.org # 127.0.0.1 for local testing
id: ws100.votesmart.org
file_client: remote # local for local testing

create /srv/salt/top.sls


Now that the minion is started, it will generate cryptographic keys and attempt to connect to the master. The next step is to venture back to the master server and accept the new minion's public key.

The salt-key command is used to manage all of the keys on the master. To list the keys that are on the master:
salt-key -L

The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
salt-key -A

Keys should be verified! Print the master key fingerprint by running salt-key -F master on the Salt master. Copy the master.pub fingerprint from the Local Keys section, and then set this value as the master_finger in the minion configuration file. Restart the Salt minion.

On the master, run salt-key -f minion-id to print the fingerprint of the minion's public key that was received by the master. On the minion, run salt-call key.finger --local to print the fingerprint of the minion key.

Client configuration
vim /etc/salt/minion
17: master: poprocks.votesmart.org
77: id: ws100.votesmart.org
412: file_client: remote

Token identification

Key Identity
salt-key -F master

client: /etc/salt/minion
494: master_finger: '0b:25:b5:5b:95:cc:8b:0a:b9:08:51:58:bf:f4:fe:9c'

Check connection (verify keys match)
client# salt-call --local key.finger
server# salt-key --finger client.votesmart.org


Server States

https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html

Salt states are located at /srv/salt/...

./ver1_2.sls
include:
  - ver1_2.logon
  - ver1_2.ublock

/ver1_2/
logon.sls
/etc/profile.d:
  file.recurse:
	- source: salt://ver1_2/logon
	- target: /etc/profile.d
	- makedirs: True

ublock.sls
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:
  file.recurse:
   - source: salt://ver1_2/ublock
   - target: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
   - makedirs: True

/ver1_2/files/


CategoryITDoc
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki