Wiki source for ManagementServer
======Salt======
>>{{{toc levels="h2,h3,h4"}}}>>
=====SaltStack Server=====
====Related Links====
[[https://docs.saltstack.com/en/latest/topics/installation/rhel.html|SaltStack Docs]]
[[https://docs.saltstack.com/en/latest/topics/installation/index.html|SaltStack Installation]]
[[https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html|SaltStack Walkthrough]]
[[https://docs.saltstack.com/en/latest/ref/modules/all/index.html|SaltStack Execution Modules]]
[[https://www.youtube.com/watch?v=Dkd51QlNmO0|Getting Started with SaltStack Video]]
===Internal Links===
SaltStackEC2
====Common Commands====
When salt command is issued on salt-master the command will be run as local root on the client.
~- Currently looking into passing other credentials as local root has no access to nfs
When salt command is issued on salt-master all targeted minions must be reachable for command to run. Salt will display an error for those clients that it was unable to reach but will take no further action or queuing to apply actions when minion becomes available.
~- Investigate queuing for offline/unavailable clients
%%
Server
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
salt '*' cmd.run 'ls -l /etc' # run a command on minion
salt-key -d 'ws100*' # delete key; required if minion rebuilt
salt-key -a 'ws*' # accept key(s) for workstations
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' state.sls <script> # Run script defined in server:/srv/salt/script.sls
Client
systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
%%
====Installation====
===Repository===
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
%%
vi etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
yum clean expire-cache
yum update
%%
If this repo is added before Salt is installed, then installing either salt-master or salt-minion will automatically pull in ZeroMQ 4.0.4, and additional states to upgrade ZeroMQ and pyzmq are unnecessary.
====Server Setup====
Poprocks:
yum install salt-master # server
yum install salt-minion # client
yum install salt-ssh # ssh communication
yum install salt-syndic #
yum install salt-cloud
Enable salt-master to start at boot
%%
systemctl enable salt-master.service
systemctl start sal-master.service
%%
==Configuring Salt Master==
vim /etc/salt/master
%%
16: interface: 192.168.255.30
%%
restart service
====Client Setup====
[[https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html|Local minion quickstart]]
===Install===
%%
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh
vim /etc/salt/minion
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
[minion config]
master: poprocks.votesmart.org # 127.0.0.1 for local testing
id: ws100.votesmart.org
file_client: remote # local for local testing
create /srv/salt/top.sls
%%
Now that the minion is started, it will generate cryptographic keys and attempt to connect to the master. The next step is to venture back to the master server and accept the new minion's public key.
The salt-key command is used to manage all of the keys on the master. To list the keys that are on the master:
%%
salt-key -L
%%
The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
%%
salt-key -A
%%
Keys should be verified! Print the master key fingerprint by running salt-key -F master on the Salt master. Copy the master.pub fingerprint from the Local Keys section, and then set this value as the master_finger in the minion configuration file. Restart the Salt minion.
On the master, run salt-key -f minion-id to print the fingerprint of the minion's public key that was received by the master. On the minion, run salt-call key.finger --local to print the fingerprint of the minion key.
==Client configuration==
vim /etc/salt/minion
%%
17: master: poprocks.votesmart.org
77: id: ws100.votesmart.org
412: file_client: remote
%%
===Token identification===
Key Identity
%%
salt-key -F master
%%
client: /etc/salt/minion
%%
494: master_finger: '0b:25:b5:5b:95:cc:8b:0a:b9:08:51:58:bf:f4:fe:9c'
%%
Check connection (verify keys match)
%%
client# salt-call --local key.finger
server# salt-key --finger client.votesmart.org
%%
====Server States====
https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
Salt states are located at /srv/salt/...
./ver1_2.sls
%%
include:
- ver1_2.logon
- ver1_2.ublock
%%
/ver1_2/
logon.sls
%%
/etc/profile.d:
file.recurse:
- source: salt://ver1_2/logon
- target: /etc/profile.d
- makedirs: True
%%
ublock.sls
%%
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:
file.recurse:
- source: salt://ver1_2/ublock
- target: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
- makedirs: True
%%
/ver1_2/files/
----
CategoryITDoc
>>{{{toc levels="h2,h3,h4"}}}>>
=====SaltStack Server=====
====Related Links====
[[https://docs.saltstack.com/en/latest/topics/installation/rhel.html|SaltStack Docs]]
[[https://docs.saltstack.com/en/latest/topics/installation/index.html|SaltStack Installation]]
[[https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html|SaltStack Walkthrough]]
[[https://docs.saltstack.com/en/latest/ref/modules/all/index.html|SaltStack Execution Modules]]
[[https://www.youtube.com/watch?v=Dkd51QlNmO0|Getting Started with SaltStack Video]]
===Internal Links===
SaltStackEC2
====Common Commands====
When salt command is issued on salt-master the command will be run as local root on the client.
~- Currently looking into passing other credentials as local root has no access to nfs
When salt command is issued on salt-master all targeted minions must be reachable for command to run. Salt will display an error for those clients that it was unable to reach but will take no further action or queuing to apply actions when minion becomes available.
~- Investigate queuing for offline/unavailable clients
%%
Server
salt '*' pkg.refresh_db # check for yum/dnf updates
salt '*' pkg.upgrade # run updates using yum on minions
salt '*' pkg.install package_name # install package using yum
salt '*' cmd.run 'ls -l /etc' # run a command on minion
salt-key -d 'ws100*' # delete key; required if minion rebuilt
salt-key -a 'ws*' # accept key(s) for workstations
salt-run manage.status # What is the status of all my minions? (both up and down)
salt-run jobs.active # get list of active jobs
salt-run jobs.list_jobs # get list of historic jobs
salt-run jobs.lookup_jid <job id number> # get details of this specific job
salt 'minion1' network.ip_addrs # Get IP of your minion
salt 'minion1' network.ping <hostname> # Ping a host from your minion
salt 'minion1' state.sls <script> # Run script defined in server:/srv/salt/script.sls
Client
systemctl restart salt-minion.service # restart of minion service; required to re-establish connection to salt master after key deletion
%%
====Installation====
===Repository===
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
%%
vi etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
yum clean expire-cache
yum update
%%
If this repo is added before Salt is installed, then installing either salt-master or salt-minion will automatically pull in ZeroMQ 4.0.4, and additional states to upgrade ZeroMQ and pyzmq are unnecessary.
====Server Setup====
Poprocks:
yum install salt-master # server
yum install salt-minion # client
yum install salt-ssh # ssh communication
yum install salt-syndic #
yum install salt-cloud
Enable salt-master to start at boot
%%
systemctl enable salt-master.service
systemctl start sal-master.service
%%
==Configuring Salt Master==
vim /etc/salt/master
%%
16: interface: 192.168.255.30
%%
restart service
====Client Setup====
[[https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html|Local minion quickstart]]
===Install===
%%
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh
vim /etc/salt/minion
https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
[minion config]
master: poprocks.votesmart.org # 127.0.0.1 for local testing
id: ws100.votesmart.org
file_client: remote # local for local testing
create /srv/salt/top.sls
%%
Now that the minion is started, it will generate cryptographic keys and attempt to connect to the master. The next step is to venture back to the master server and accept the new minion's public key.
The salt-key command is used to manage all of the keys on the master. To list the keys that are on the master:
%%
salt-key -L
%%
The keys that have been rejected, accepted, and pending acceptance are listed. The easiest way to accept the minion key is to accept all pending keys:
%%
salt-key -A
%%
Keys should be verified! Print the master key fingerprint by running salt-key -F master on the Salt master. Copy the master.pub fingerprint from the Local Keys section, and then set this value as the master_finger in the minion configuration file. Restart the Salt minion.
On the master, run salt-key -f minion-id to print the fingerprint of the minion's public key that was received by the master. On the minion, run salt-call key.finger --local to print the fingerprint of the minion key.
==Client configuration==
vim /etc/salt/minion
%%
17: master: poprocks.votesmart.org
77: id: ws100.votesmart.org
412: file_client: remote
%%
===Token identification===
Key Identity
%%
salt-key -F master
%%
client: /etc/salt/minion
%%
494: master_finger: '0b:25:b5:5b:95:cc:8b:0a:b9:08:51:58:bf:f4:fe:9c'
%%
Check connection (verify keys match)
%%
client# salt-call --local key.finger
server# salt-key --finger client.votesmart.org
%%
====Server States====
https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
Salt states are located at /srv/salt/...
./ver1_2.sls
%%
include:
- ver1_2.logon
- ver1_2.ublock
%%
/ver1_2/
logon.sls
%%
/etc/profile.d:
file.recurse:
- source: salt://ver1_2/logon
- target: /etc/profile.d
- makedirs: True
%%
ublock.sls
%%
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:
file.recurse:
- source: salt://ver1_2/ublock
- target: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
- makedirs: True
%%
/ver1_2/files/
----
CategoryITDoc
