Revision history for ManagementServer
Additions:
======Salt======
CategoryITDoc
CategoryITDoc
Deletions:
CategoryIT
Additions:
[[https://www.youtube.com/watch?v=Dkd51QlNmO0|Getting Started with SaltStack Video]]
===Internal Links===
===Internal Links===
Additions:
SaltStackEC2
Deletions:
Additions:
EC2SaltStack
Deletions:
base:
'*':
- webserver
create /srv/salt/webserver.sls
[webserver.sls]
apache: # ID declaration
pkg: # state declaration
- installed # function declaration
salt-call --local state.highstate
Additions:
====Server States====
Deletions:
Additions:
===Server States===
https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
Salt states are located at /srv/salt/...
./ver1_2.sls
include:
- ver1_2.logon
- ver1_2.ublock
/ver1_2/
logon.sls
/etc/profile.d:
file.recurse:
- source: salt://ver1_2/logon
- target: /etc/profile.d
- makedirs: True
ublock.sls
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:
file.recurse:
- source: salt://ver1_2/ublock
- target: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
- makedirs: True
/ver1_2/files/
https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
Salt states are located at /srv/salt/...
./ver1_2.sls
include:
- ver1_2.logon
- ver1_2.ublock
/ver1_2/
logon.sls
/etc/profile.d:
file.recurse:
- source: salt://ver1_2/logon
- target: /etc/profile.d
- makedirs: True
ublock.sls
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:
file.recurse:
- source: salt://ver1_2/ublock
- target: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
- makedirs: True
/ver1_2/files/
Deletions:
https://wiki.centos.org/HowTos/PackageManagement/Spacewalk
https://fedorahosted.org/spacewalk/
=====Puppet Server=====
https://puppetlabs.com/
~- Enterprise 7 repository
~~- sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
~- Fedora 21 repository
~~- sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-fedora-21.noarch.rpm
~- yum install puppetserver
Additions:
salt 'minion1' state.sls <script> # Run script defined in server:/srv/salt/script.sls
Additions:
Server
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
salt '*' cmd.run 'ls -l /etc' # run a command on minion
salt-key -d 'ws100*' # delete key; required if minion rebuilt
salt-key -a 'ws*' # accept key(s) for workstations
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
Client
systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
salt '*' cmd.run 'ls -l /etc' # run a command on minion
salt-key -d 'ws100*' # delete key; required if minion rebuilt
salt-key -a 'ws*' # accept key(s) for workstations
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
Client
systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
Deletions:
server:salt '*' pkg.upgrade # run updates using yum on minions
server:salt '*' pkg.install package_name # install package using yum
server:salt '*' cmd.run 'ls -l /etc' # run a command on minion
server:salt-key -d 'ws100*' # delete key; required if minion rebuilt
server:salt-key -a 'ws*' # accept key(s) for workstations
client:systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
Additions:
server:salt '*' pkg.refresh_db # check for yum/dnf updates
server:salt '*' pkg.upgrade # run updates using yum on minions
server:salt '*' pkg.install package_name # install package using yum
server:salt '*' cmd.run 'ls -l /etc' # run a command on minion
server:salt-key -d 'ws100*' # delete key; required if minion rebuilt
server:salt-key -a 'ws*' # accept key(s) for workstations
client:systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
server:salt '*' pkg.upgrade # run updates using yum on minions
server:salt '*' pkg.install package_name # install package using yum
server:salt '*' cmd.run 'ls -l /etc' # run a command on minion
server:salt-key -d 'ws100*' # delete key; required if minion rebuilt
server:salt-key -a 'ws*' # accept key(s) for workstations
client:systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
Deletions:
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
salt '*' cmd.run 'ls -l /etc' # run a command on minion
Additions:
salt '*' cmd.run 'ls -l /etc' # run a command on minion
Additions:
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
Deletions:
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
Additions:
salt '*' pkg.install package_name # install package using yum
Deletions:
Additions:
====Common Commands====
When salt command is issued on salt-master the command will be run as local root on the client.
~- Currently looking into passing other credentials as local root has no access to nfs
When salt command is issued on salt-master all targeted minions must be reachable for command to run. Salt will display an error for those clients that it was unable to reach but will take no further action or queuing to apply actions when minion becomes available.
~- Investigate queuing for offline/unavailable clients
When salt command is issued on salt-master the command will be run as local root on the client.
~- Currently looking into passing other credentials as local root has no access to nfs
When salt command is issued on salt-master all targeted minions must be reachable for command to run. Salt will display an error for those clients that it was unable to reach but will take no further action or queuing to apply actions when minion becomes available.
~- Investigate queuing for offline/unavailable clients
Deletions:
Deletions:
Additions:
====Installation====
===Repository===
===Server Installation===
==Configuring Salt Master==
==Client configuration==
===Token identification===
===Repository===
===Server Installation===
==Configuring Salt Master==
==Client configuration==
===Token identification===
Deletions:
Installed via yum
Configuring Salt Master
Client configuration
====Repository====
Additions:
====Installation and Usage====
Poprocks:
Installed via yum
Enable salt-master to start at boot
systemctl enable salt-master.service
systemctl start sal-master.service
Configuring Salt Master
vim /etc/salt/master
16: interface: 192.168.255.30
restart service
Client configuration
17: master: poprocks.votesmart.org
77: id: ws100.votesmart.org
412: file_client: remote
Key Identity
salt-key -F master
client: /etc/salt/minion
494: master_finger: '0b:25:b5:5b:95:cc:8b:0a:b9:08:51:58:bf:f4:fe:9c'
Check connection (verify keys match)
client# salt-call --local key.finger
server# salt-key --finger client.votesmart.org
Common Commands
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name
Poprocks:
Installed via yum
Enable salt-master to start at boot
systemctl enable salt-master.service
systemctl start sal-master.service
Configuring Salt Master
vim /etc/salt/master
16: interface: 192.168.255.30
restart service
Client configuration
17: master: poprocks.votesmart.org
77: id: ws100.votesmart.org
412: file_client: remote
Key Identity
salt-key -F master
client: /etc/salt/minion
494: master_finger: '0b:25:b5:5b:95:cc:8b:0a:b9:08:51:58:bf:f4:fe:9c'
Check connection (verify keys match)
client# salt-call --local key.finger
server# salt-key --finger client.votesmart.org
Common Commands
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name
Additions:
[[https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html|SaltStack Walkthrough]]
[[https://docs.saltstack.com/en/latest/ref/modules/all/index.html|SaltStack Execution Modules]]
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
Keys should be verified! Print the master key fingerprint by running salt-key -F master on the Salt master. Copy the master.pub fingerprint from the Local Keys section, and then set this value as the master_finger in the minion configuration file. Restart the Salt minion.
On the master, run salt-key -f minion-id to print the fingerprint of the minion's public key that was received by the master. On the minion, run salt-call key.finger --local to print the fingerprint of the minion key.
[[https://docs.saltstack.com/en/latest/ref/modules/all/index.html|SaltStack Execution Modules]]
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
Keys should be verified! Print the master key fingerprint by running salt-key -F master on the Salt master. Copy the master.pub fingerprint from the Local Keys section, and then set this value as the master_finger in the minion configuration file. Restart the Salt minion.
On the master, run salt-key -f minion-id to print the fingerprint of the minion's public key that was received by the master. On the minion, run salt-call key.finger --local to print the fingerprint of the minion key.
Additions:
====Client Setup====
[[https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html|Local minion quickstart]]
===Install===
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh
vim /etc/salt/minion
[minion config]
master: poprocks.votesmart.org # 127.0.0.1 for local testing
id: ws100.votesmart.org
file_client: remote # local for local testing
create /srv/salt/top.sls
[top.sls]
base:
'*':
- webserver
create /srv/salt/webserver.sls
[webserver.sls]
apache: # ID declaration
pkg: # state declaration
- installed # function declaration
salt-call --local state.highstate
Now that the minion is started, it will generate cryptographic keys and attempt to connect to the master. The next step is to venture back to the master server and accept the new minion's public key.
The salt-key command is used to manage all of the keys on the master. To list the keys that are on the master:
salt-key -L
The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
salt-key -A
[[https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html|Local minion quickstart]]
===Install===
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh
vim /etc/salt/minion
[minion config]
master: poprocks.votesmart.org # 127.0.0.1 for local testing
id: ws100.votesmart.org
file_client: remote # local for local testing
create /srv/salt/top.sls
[top.sls]
base:
'*':
- webserver
create /srv/salt/webserver.sls
[webserver.sls]
apache: # ID declaration
pkg: # state declaration
- installed # function declaration
salt-call --local state.highstate
Now that the minion is started, it will generate cryptographic keys and attempt to connect to the master. The next step is to venture back to the master server and accept the new minion's public key.
The salt-key command is used to manage all of the keys on the master. To list the keys that are on the master:
salt-key -L
The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
salt-key -A
Additions:
If this repo is added before Salt is installed, then installing either salt-master or salt-minion will automatically pull in ZeroMQ 4.0.4, and additional states to upgrade ZeroMQ and pyzmq are unnecessary.
Additions:
[[https://docs.saltstack.com/en/latest/topics/installation/rhel.html|SaltStack Docs]]
Deletions:
Additions:
[[https://docs.saltstack.com/en/latest/topics/installation/index.html|SaltStack Installation]]
yum install salt-master # server
yum install salt-minion # client
yum install salt-ssh # ssh communication
yum install salt-syndic #
yum install salt-cloud
yum install salt-master # server
yum install salt-minion # client
yum install salt-ssh # ssh communication
yum install salt-syndic #
yum install salt-cloud
Additions:
====Repository====
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
%%
vi etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
yum clean expire-cache
yum update
%%
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
%%
vi etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
yum clean expire-cache
yum update
%%
Additions:
https://docs.saltstack.com/en/latest/topics/installation/rhel.html
Deletions:
Additions:
======Content Management Server======
=====SaltStack Server=====
https://www.scriptrock.com/articles/the-7-configuration-management-tools-you-need-to-know
=====Spacewalk Server=====
https://wiki.centos.org/HowTos/PackageManagement/Spacewalk
https://fedorahosted.org/spacewalk/
=====SaltStack Server=====
https://www.scriptrock.com/articles/the-7-configuration-management-tools-you-need-to-know
=====Spacewalk Server=====
https://wiki.centos.org/HowTos/PackageManagement/Spacewalk
https://fedorahosted.org/spacewalk/
Deletions:
=====Spacewalker Server=====
<<
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
puppet-agent x86_64 1.3.2-1.fedoraf21 puppetlabs-pc1 21 M
replacing facter.x86_64 1:2.4.3-1.fc20
replacing hiera.noarch 1.3.4-1.fc21
puppetserver noarch 2.2.1-1.fc21 puppetlabs-pc1 40 M
<<
Additions:
======Management Server======
=====Spacewalker Server=====
=====Puppet Server=====
====Related Links====
====Server Setup====
=====Spacewalker Server=====
=====Puppet Server=====
====Related Links====
====Server Setup====
Deletions:
=====Related Links=====
=====Server Setup=====
