I, along with seemingly everyone else, am jumping on the automation bandwagon as much as I possibly can. There are a ton of options out there from vendors and then several open-source(ish) solutions out there as well. In this article I’m going to go through what it takes to get started with SaltStack (or Salt for short). Some opine that Salt is a configuration management tool for the operations side of IT, making the scripting/dev part easier while still maintaining some flexibility and offering some awesome orchestration.
Salt is built for simplicity and is founded on remote execution. It uses what is called a ZeroMQ topology to enable high speed communication. ZeroMQ allows for parallel communication between many nodes in a datacenter.
Salt is similar to Puppet Enterprise in that it runs a master server with clients which in the Salt world is referred to as the Master and Minion roles. For my Salt master I chose to use Ubuntu 14.04. However, there are several options. The following steps are all for Ubuntu, though.
First I added the Salt repository and updated the software packages on the linux VM:
Sudo add-apt-repository ppa:saltstack/salt
Sudo apt-get update
With Ubuntu 14.04 this command was accepted. If that command is not available to you try installing python-software-properties.
Then I installed and started the master package by typing:
Sudo apt-get install salt-master
Service salt-master start
Then I set up a Salt minion following the same process except running the command ‘apt-get install salt-minion’ instead. You should have a DNS server set up already when you do this and specify “salt” as the name of your Salt master with an IP address. You can modify this, but by default this is how the minion is configured to find the Salt master.
Modify the salt-minion config file
On the minion system you can get to the minion config file by typing:
This takes you to a file that looks like the following figure:
As you can see I’ve modified the line that says “master” by uncommenting it and specifying an IP address. You could also specify a host name if DNS is configured properly. Then restart your salt-minion service by typing:
Service salt-minion restart
Accepting the key
In order for the minion to work with the master, the master will need to accept the minion’s keys. By typing:
This shows you the following:
You can see Accepted Keys, Unaccepted Keys (also considered pending) and finally Rejected Keys. As you can see from the picture above I have a salt-minion which is (somewhat confusingly) called DNS. By typing:
And then pressing Y to accept, I can accept this key. Then when I type salt-key –L again I can see that it’s now an accepted key so the Salt Master and Minion should now be able to communicate.
Getting started with commands
Now that the master and the minion are communicating we can start sending commands. The easiest of which will be a ping test. In order to run this type:
Salt ‘*’ test.ping
The * denotes all minions but you can actually specify the minion you’d like to ping. If all goes well it will return a “True” statement. By typing the word ‘time’ before the command we can see how much time it took to ping as shown in the figure below (again, keep in mind my salt-minion is called DNS due to some double dipping in my testing environment).
We can see this command along with many others available by typing:
Salt ‘*’ sys.doc | more
There are a ton of simple commands we can run to list information, download certain files, create schedules, install packages, etc., etc. You can also see these commands in the web documentation found here.
There are also ways to gather information about minion from the master, which are cleverly called Grains. To get a list of items we can grab the information about you can type:
Salt ‘*’ grains.ls
Then to specify information you can type something like:
Salt ‘*’ grains.get
For example, if I type:
Salt ‘*’ grains.get OS Ubuntu
That will specify that all of my Salt minions are Ubuntu. I could also specifically name a Salt minion and assign it an OS if they weren’t all the same.
As I said in the intro paragraph, Salt Stack is a configuration management tool that allows you to automate changes to systems. It uses the concept of States to do this configuration management. It uses a Salt State File, or SLS, to keep track of the states in which systems should be and uses a sort of layering technique to keep it somewhat simple.
Within these SLS files we can see which software packages are installed, user information, permission information, etc. We can also build out what are called State Trees with multiple SLS files. This allows for some flexibility when assigning states, but will allow you to not have to create a custom SLS file for each system.
Pillars, according to the walkthrough, are “tree-like structures of data defined on the Salt Master and passed through to the minions. They allow confidential, targeted data to be securely sent only to the relevant minion.” So things like passwords may be communicated through the use of pillars. Pillars and grains can be confusing. Grains are data created and about the minions, such as OS or CPU information. Where pillars are data created on the master and passed securely onto the minions, such as keys and passwords.
As Thomas Hatch, the creator of SaltStack has said, the best way to learn Salt is to dive in. It seems like a pretty cool solution, though it’s helpful to have some advanced knowledge of systems and scripting or coding. He’s probably right, though, the more you play with it the easier it becomes. With no advanced knowledge of Salt and very little experience with Chef or Puppet I was able to get a master and minion up and running really easily and started running commands. I do remember Puppet was a little harder to get going (disclaimer: I haven’t done it for about a year and was using the free version). I like that it’s possible to use Windows as well as Linux to run SaltStack as well. If you’re looking for a tool that will provide you with some configuration management automation (especially open source) then I think Salt is worth a look.
If you have any experience with Salt and have anything to add/correct please feel free to leave your comments in the section below.