Date Tags salt

salt is an exceptional tool that helps system administrators manage servers and perform configuration management. salt can be configured to run in masterless mode where the salt states, grains and pillars can be distributed among many servers using git.

I use this pattern to manage personal servers spread across multiple regions which aren't connected to a single network where I can securely run a salt master. Instead of using the distributions package management tool, I use pythons virtualenv to install the salt package and libraries.

Let's get started by first installing the salt package within a virtualenv:

$ virtualenv /opt/virtualenv/salt
$ /opt/virtualenv/salt/bin/pip install salt

Create the base dir where the pillar, states, configuration, pki files and a few helper scripts live:

$ mkdir -p /srv/salt/ \
    /srv/salt/conf \
    /srv/salt/pillar \
    /srv/salt/pki \
    /srv/salt/states

Create a /srv/salt/runsaltcall.sh script which runs salt-call with a few extra options that configures salt-call to use a masterless setup:

#!/bin/sh

salt_args=$*

sudo /opt/virtualenv/salt/bin/salt-call --local \
    --config-dir=/srv/salt/conf \
    --id=${HOSTNAME} \
    ${salt_args}

Create the salt minion file which lives in /srv/salt/conf/minion:

file_client: local
file_roots:
  base:
    - /srv/salt/states
pillar_roots:
  base:
    - /srv/salt/pillar
grains_dirs:
  - /srv/salt/conf/grains.d
pki_dir: /srv/salt/conf/pki

Create the salt master file which lives in /srv/salt/conf/master:

open_mode: True
file_roots:
  base:
    - /srv/salt/states
pillar_roots:
  base:
    - /srv/salt/pillar

And lets create a test salt state which simply installs git. This state lives in /srv/salt/states/git/init.sls:

git:
  pkg.installed

You can now call the runsaltcall.sh script and pass it any args that salt-call accepts.

For example, lets call state.sls on our new git state:

$ bash /srv/salt/runsaltcall.sh state.sls git

This can also list grains:

$ bash /srv/salt/runsaltcall.sh grains.list

Extending on this, we can setup /srv/salt/states/top.sls:

base:
  '*':
    - git

So now state.highstate works as expected:

$ bash /srv/salt/runsaltcall.sh state.highstate

And setup a test pillar in /srv/salt/pillar/secrets.sls:

admin: secret

And /srv/salt/pillar/top.sls:

base:
  '*':
    - secrets

And pillars should now work:

$ bash /srv/salt/runsaltcall.sh pillar.items

To start sharing your salt states among other machines, commit /srv/salt to git. As long as the salt virtualenv is setup, you should have a way to manage multiple machines using salt without the need to run a salt master.

Conclusion

salt provides an easy portable way to manage servers using easy to understand syntax. By using a salt masterless setup, system administrators can manage servers that span regions and networks where it may not be feasible to setup and manage a salt master server.

Editors Note

I've been using this salt masterless pattern since 2013 to manage personal servers which run a wide range of distributions. The setup is working well for me so far and provides me with a way to manage services and packages using a single codebase on multiple machines which sit on different networks.


Comments

comments powered by Disqus