Infrastructure Management with SaltStack: Part 1 – The Setup

By | March 14, 2014

saltstack_logo

Introduction

Lately there is quite a bit of talk in IT circles about devops and programmatic configuration management. During these conversations two names come up over and over, Puppet by Puppet Labs and Chef (née Opscode). There is a third option that deserves attention as well, Salt by SaltStack.

Salt was developed by Tom Hatch and first released in 2011. Unlike the Ruby based Puppet and Chef it written in Python. Salt’s goal is to provide simple, yet deeply flexible infrastructure management at extremely high speeds and at an enterprise scale. It is this goal that sets it apart from the others.

How It Works

The core of Salt is a client-server design. Several agent daemons, called “minions”, are controlled by a “master” daemon. These masters can then be aggregated allowing for the possibility of tens of thousands of nodes in an enterprise. All network communication is encrypted by a pre-approved shared key.

Salt uses the Python ZeroMQ messaging library to accomplish its tasks at high speeds.

The salt-master runs Execution Modules against the salt-minions to remotely execute commands. The master leverages a similar system to manage “States”. The State system is responsible for configuration management.

The minions run a program called “grains” which is similar to facter. Grains contains system information about the minion controlled node and stores the information in memory for fast retrieval. More security sensitive information as well as global variables  are stored and accessed with the Pillar system.

Salt has an is built upon an extensive series of module systems here are a few:

  • An extensive Cloud management system built upon Apache Libcloud. Controlling Amazon, Rackspace, Google, OpenStack and nodes from 30 other providers is fully supported and well documented.
  • A Job Management system (via minion proc) and a reactionary event system aptly called Reactor handle automation, job scheduling, and event response.
  • What is Salt with out a Mine? The Mine system handles issues with time sensitive data where age matters.
  • The Salt Virt system covers all your hypervisor needs.

Oh yeah, and it support Windows Server too. That’s right, Windows.

Installing the salt-master and salt-minion

1. Deploy 2 Virtual Machines with Ubuntu 12.04 LTS (“Precise Pangolin”). One will be the master and one will be in the minion.

2. Connect to each with PuTTy and log in with the user created during install.

Run These Commands on Both Servers:

3. Change user to root.

sudo su -

salt-001

4. Install the python-software-properties package.

apt-get install python-software-properties

salt-002

5. Add the SaltStack Repository.

add-apt-repository ppa:saltstack/salt

salt-003

6. Update the package management database.

apt-get update

salt-004

Run This Command on the salt-master Server:

7. Install salt-master.

apt-get install salt-master

salt-005

Run These Commands on the salt-minion Server:

8. Install salt-minion.

apt-get install salt-minion

salt-006

9. Edit the file /etc/salt/minion with vi. Find the line “#master: salt”. Delete the “#”. Change
“salt” to the FQDN or IP of the salt-master server.

vi /etc/salt/minion

Note: To edit the file type “i”. To save and exit type “:wq” and “enter”.

salt-007

The file should look like this:

salt-008

10. Restart the salt-minion daemon.

service salt-minion restart

salt-009

Run These Commands on the salt-master Server:

11. Add the minion’s private key to the salt-master. “-L” lists all keys. “-A” accepts all new keys.

salt-key -L
salt-key -A

salt-010

12. Test the connection with test.ping Execution Module. The result should return true.

salt "*" test.ping

salt-011

The salt-master now has the ability to remotely execute against the salt-minion. Here are a couple of simple things it can do:

Return Disk Usage:

salt "*" disk.usage

salt-012

Run Remote Commands:

salt "*" cmd.run "ls /var/log -la"

salt-013
Install the git package:

salt "*" pkg.install git

salt-014

Conclusion

Running the salt command from the CLI is just the beginning. I’ll continue to explore the deeper abilities of Salt in upcoming posts.

In Part 2 I will discuss the Grains system, Pillar, and States (Salt’s term for configuration management). Until then for further reading check out the SaltStack site and Tom Hatch’s Blog