Revision history for SaltStackEC2
Additions:
CategoryITDoc
Deletions:
Additions:
||Virgina||east||East coast servers||
||Oregon||west||West coast servers||
||Oregon||west||West coast servers||
Additions:
||Database||database||db[0-9]||
||MasterDB||masterdb||db0||
||Utility||utility||util[0-1]||
||Salt Master||saltmaster||util0||
||VPN||vpn||or-vpn[0-1]||
||API||api||api[0-1]||
||Test||test||test servers||
||MasterDB||masterdb||db0||
||Utility||utility||util[0-1]||
||Salt Master||saltmaster||util0||
||VPN||vpn||or-vpn[0-1]||
||API||api||api[0-1]||
||Test||test||test servers||
Deletions:
||Master DB||masterdatabase||||
||Utility||utility||util0-1||
||VPN||vpn||||
Additions:
||VPN||vpn||||
Additions:
||Master DB||masterdatabase||||
||Utility||utility||util0-1||
||Utility||utility||util0-1||
Additions:
Custom grains found at /etc/salt/grains
roles:
- customrole
||Database||slavedatabase||db[0-9]||
roles:
- customrole
||Database||slavedatabase||db[0-9]||
Additions:
||Machine Role||Grain||Servers||
||Web Head||webhead||www[0-9]||
||Web Head||webhead||www[0-9]||
Deletions:
|Web Head|webhead|www[0-9]|
Additions:
====Grains Associated with Servers====
|Machine Role|Grain|Servers|
|Web Head|webhead|www[0-9]|
|Machine Role|Grain|Servers|
|Web Head|webhead|www[0-9]|
Additions:
----
CategoryIT
CategoryIT
Additions:
http://wiki.votesmart.org/ManagementServer
Additions:
====Master Config====
====Minion Config====
====Minion Config====
Deletions:
===Minion Config===
Additions:
====Communications====
Salt Cloud not needed for what we are doing and requires ID/Secret to get working, recommended setup is to use IAM since all servers are housed on AWS services. For our needs we need only open ports.
Create Security Groups on AWS
TCP/4505-4506
=====Salt-Cloud Setup=====
Not Implemented at this time
Salt Cloud not needed for what we are doing and requires ID/Secret to get working, recommended setup is to use IAM since all servers are housed on AWS services. For our needs we need only open ports.
Create Security Groups on AWS
TCP/4505-4506
=====Salt-Cloud Setup=====
Not Implemented at this time
Deletions:
Additions:
#driver: ec2
# driver is used in salt-cloud version 2015.8 where provider is used in 2015.5
provider: ec2
# driver is used in salt-cloud version 2015.8 where provider is used in 2015.5
provider: ec2
Deletions:
Additions:
==Setup Master keys==
[root@util0 ec2-user]# salt-key -F master
Local Keys:
master.pem: 16:fa:19:cd:4d:82:74:8d:30:8a:e5:40:6d:ec:45:14
master.pub: 56:79:41:c0:27:ff:15:05:57:fe:ee:f9:b7:40:84:64
master_finger: 56:79:41:c0:27:ff:15:05:57:fe:ee:f9:b7:40:84:64
[root@util0 ec2-user]# salt-key -F master
Local Keys:
master.pem: 16:fa:19:cd:4d:82:74:8d:30:8a:e5:40:6d:ec:45:14
master.pub: 56:79:41:c0:27:ff:15:05:57:fe:ee:f9:b7:40:84:64
master_finger: 56:79:41:c0:27:ff:15:05:57:fe:ee:f9:b7:40:84:64
Deletions:
Additions:
===Master Config===
Deletions:
Additions:
===Minion Config===
master: 10.1.20.5
id: or-www0
file_client: remote
master_finger:
###### Beacons #####
###########################################
beacons:
inotify:
root/testfile:
mask:
- modify
master: 10.1.20.5
id: or-www0
file_client: remote
master_finger:
###### Beacons #####
###########################################
beacons:
inotify:
root/testfile:
mask:
- modify
Additions:
===salt-master config===
interface: 10.1.20.5
interface: 10.1.20.5
Deletions:
Additions:
==/etc/salt/master==
interface: 10.1.20.50
ipv6: False
user: root
worker_threads: 32
file_roots:
base:
- /srv/salt
dev:
- /srv/salt/dev/services
- /srv/salt/dev/states
prod:
- /srv/salt/prod/services
- /srv/salt/prod/states
pillar_roots:
base:
- /srv/pillar
interface: 10.1.20.50
ipv6: False
user: root
worker_threads: 32
file_roots:
base:
- /srv/salt
dev:
- /srv/salt/dev/services
- /srv/salt/dev/states
prod:
- /srv/salt/prod/services
- /srv/salt/prod/states
pillar_roots:
base:
- /srv/pillar
Additions:
==ec2-us-west-2.conf==
ec2-us-west-2-public:
# Set up the location of the salt master
#
minion:
master: util0.cloud.votesmart.org
# Set up grains information, which will be common for all nodes
# using this provider
grains:
node_type: broker
release: 1.0.1
# Specify whether to use public or private IP for deploy script.
#
# Valid options are:
# private_ips - The salt-cloud command is run inside the EC2
# public_ips - The salt-cloud command is run outside of EC2
#
ssh_interface: private_ips
# Set the EC2 access credentials (see below)
# Note: if either id or key is set to 'use-instance-role-credentials'
# it is assumed that Salt is running on an AWS instance, and the
# instance role credentials will be retrieved and used. Since both
# the id and key are required parameters for the AWS ec2 provider, it
# is recommended to set both to 'use-instance-role-credentials' for
# this functionality.
#
id: 'use-instance-role-credentials'
key: 'use-instance-role-credentials'
# Make sure this key is owned by root with permissions 0400.
#
private_key: /etc/salt/aws2-west.pem
keyname: salt-cloud-deployed
# This one should NOT be specified if VPC was not configured in AWS to be
# the default. It might cause an error message which says that network
# interfaces and an instance-level security groups may not be specified
# on the same request.
#
# Using Security group for util servers
securitygroup: sg-02eaf564
# Optionally configure default region
# Use salt-cloud --list-locations <provider> to obtain valid regions
#
location: us-west-2
availability_zone: us-west-2b
# Configure which user to use to run the deploy script. This setting is
# dependent upon the AMI that is used to deploy. It is usually safer to
# configure this individually in a profile, than globally. Typical users
# are:
#
# Amazon Linux -> ec2-user
# RHEL -> ec2-user
# CentOS -> ec2-user
# Ubuntu -> ubuntu
#
ssh_username: ec2-user
# Optionally add an IAM profile
# iam_profile: 'User ARN: arn:aws:iam::846597906540:user/SaltConnector'
driver: ec2
ec2-us-west-2-public:
# Set up the location of the salt master
#
minion:
master: util0.cloud.votesmart.org
# Set up grains information, which will be common for all nodes
# using this provider
grains:
node_type: broker
release: 1.0.1
# Specify whether to use public or private IP for deploy script.
#
# Valid options are:
# private_ips - The salt-cloud command is run inside the EC2
# public_ips - The salt-cloud command is run outside of EC2
#
ssh_interface: private_ips
# Set the EC2 access credentials (see below)
# Note: if either id or key is set to 'use-instance-role-credentials'
# it is assumed that Salt is running on an AWS instance, and the
# instance role credentials will be retrieved and used. Since both
# the id and key are required parameters for the AWS ec2 provider, it
# is recommended to set both to 'use-instance-role-credentials' for
# this functionality.
#
id: 'use-instance-role-credentials'
key: 'use-instance-role-credentials'
# Make sure this key is owned by root with permissions 0400.
#
private_key: /etc/salt/aws2-west.pem
keyname: salt-cloud-deployed
# This one should NOT be specified if VPC was not configured in AWS to be
# the default. It might cause an error message which says that network
# interfaces and an instance-level security groups may not be specified
# on the same request.
#
# Using Security group for util servers
securitygroup: sg-02eaf564
# Optionally configure default region
# Use salt-cloud --list-locations <provider> to obtain valid regions
#
location: us-west-2
availability_zone: us-west-2b
# Configure which user to use to run the deploy script. This setting is
# dependent upon the AMI that is used to deploy. It is usually safer to
# configure this individually in a profile, than globally. Typical users
# are:
#
# Amazon Linux -> ec2-user
# RHEL -> ec2-user
# CentOS -> ec2-user
# Ubuntu -> ubuntu
#
ssh_username: ec2-user
# Optionally add an IAM profile
# iam_profile: 'User ARN: arn:aws:iam::846597906540:user/SaltConnector'
driver: ec2
Additions:
===Setup Providers===
Deletions:
Additions:
===Setup Providers====
Additions:
==Installing Salt on EC2 servers with central Master==
=====Links:=====
=====Dependencies=====
====US East Inbound Rules====
====Setup AWS CLI====
===Create an IAM Role===
=====util0 (Oregon Utility server)=====
====Copy AWS key pair up to Salt master====
=====Links:=====
=====Dependencies=====
====US East Inbound Rules====
====Setup AWS CLI====
===Create an IAM Role===
=====util0 (Oregon Utility server)=====
====Copy AWS key pair up to Salt master====
Deletions:
====Links:====
====Dependencies====
===US East Inbound Rules===
===Setup AWS CLI===
==Create an IAM Role==
====util0 (Oregon Utility server)====
===Copy AWS key pair up to Salt master===
Additions:
==Create an IAM Role==
Deletions:
Additions:
===US East Inbound Rules===
Add inbound rule for N. Virgina vpn
required to setup util1
===Setup AWS CLI===
Add inbound rule for N. Virgina vpn
required to setup util1
===Setup AWS CLI===
Deletions:
#### Add inbound rule for N. Virgina vpn
#### required to setup util1
Additions:
===Copy AWS key pair up to Salt master===
====Create an IAM Role====
====Create an IAM Role====
Deletions:
#### Create an IAM Role
