What is Salt?

• Software configuration management tool

• Define a configuration once and apply it to thousands of nodes

• Remediate configuration drift

• Get details about your hardware and software configurations

• Orchestrate change to thousands of nodes

• The Saltstack language is declarative

• Salt is written to express desired end state of the node

• Management of node resource is abstracted from the operating system

• Code is written inside of classes, classes are assigned to nodes

• Salt was founded by Thomas S Hatch

• Written in Python

More About Salt

The schedule option in either the master or the minion config files.

• Minion pillar data − It refreshes the minion pillar data using the saltutil.refresh_pillar command.

• SaltStack also offers Salt SSH, which provides an “agentless” systems management.

• Extend Salt with Ruby.

• SaltMaster − SaltMaster is the master daemon. A SaltMaster is used to send commands and configurations to the Salt slaves. A single master can manage multiple masters.

• SaltMinions − SaltMinion is the slave daemon. A Salt minion receives commands and configuration from the SaltMaster.

• Execution − Modules and Adhoc commands executed from the command line against one or more minions. It performs Real-time Monitoring.

• Formulas − Formulas are the pre-written Salt States. They are as open-ended as the Salt States themselves and can be used for tasks such as installing a package, configuring and starting a service, setting up users or permissions, and many other common tasks.

• Grains − Grain is an interface that provides information specific to a minion. The information available through the grains interface is static. Grains get loaded when the Salt minion starts. This means that the information in grains is unchanging. Therefore, grains information could be about the running kernel or the operating system. It is case insensitive.

• Pillar − A-pillar is an interface that generates and stores highly sensitive data specific to a particular minion, such as cryptographic keys and passwords. It stores data in a key/value pair and the data is managed similarly to the Salt State Tree.

• Top File − Matches Salt states and pillar data to Salt minions.

• Runners − It is a module located inside the SaltMaster and performs tasks such as job status, connection status, read data from external APIs, query connected salt minions, and more.

• Returners − Returns data from Salt minions to another system.

• Reactor − It is responsible for triggering reactions when events occur in your SaltStack environment.

• SaltCloud − Salt Cloud provides a powerful interface to interact with cloud hosts.

• SaltSSH − Run Salt commands over SSH on systems without using Salt minion.

Module types

The Salt system maintains many module types to manage specific actions. Modules can be added to any of the systems that support dynamic modules. These modules manage all the remote execution and state management behavior of Salt. The modules can be separated into six groups.

Execution modules are the workhorse for Salt's functionality. They represent the functions available for direct execution from the remote execution engine. These modules contain the specific cross-platform information used by Salt to manage portability and constitute the core API of system-level functions used by Salt systems.

State modules are the components that make up the backend for the Salt configuration management system. These modules execute the code needed to enforce, set up or change the configuration of a target system. Like other modules, more states become available when they are added to the state's modules.

Grains are a system for detecting static information about a system and storing it in RAM for rapid gathering.

Renderer modules are used to render the information passed to the Salt state system. The renderer system is what makes it possible to represent Salt's configuration management data in any serializable format.

Returners: the remote execution calls made by Salt are detached from the calling system; this allows the return information generated by the remote execution to be returned to an arbitrary location. Management of arbitrary return locations is managed by the Returner Modules.

Runners are master-side convenience applications executed by the salt-run command.

OVERVIEW  SALTSTACK:

Salt is a very powerful automation framework. Salt architecture is based on the idea of executing commands remotely. Salt is an example of one of the more complex types of remote execution. The Salt Master runs on Linux by default, but any operating system can be a minion, and currently, Windows, VMware vSphere and BSD Unix variants are well supported.

Features of SaltStack

• Fault tolerance

• Flexible

• Scalable Configuration Management

• Python API

• Easy to Setup

• Parallel Execution model

Advantages of SaltStack:

Robust− Salt is powerful and robust configuration management framework and works around tens of thousands of systems.

Authentication− Salt manages simple SSH key pairs for authentication.

Secure − Salt manages secure data using an encrypted protocol.

Fast− Salt is a very fast, lightweight communication bus to provide the foundation for a remote execution engine.

Virtual Machine Automation− The Salt Virt  Cloud Controller capability is used for automation.

Infrastructure as data, not code− Salt provides simple deployment, model-driven configuration management, and command execution framework.

Install the VirtualBox Environment- VirtualBox is a cross-platform virtualization application. VirtualBox allows you to run more than one operating system at a time. VirtualBox runs on Windows, Linux, Macintosh, and Solaris. It hosts and supports a large number of Guest Operating Systems.

Salt interface

Salt interfaces are of the following three types −

• Publisher ACL system - A Publisher ACL system allows access to the users other than root to execute Salt commands on minions from the master.

• ExternalAuth system - The external auth system is used to provide access to execute salt commands on specific minions through an external authorization system like PAM, LDAP, etc.

• Peer system - Salt minions can pass commands using the peer interface. The peer interface is configured through the master configuration file either to allow minions to send commands from the master using the peer configuration section or to allow minions to execute runners from the master using the peer_run configuration.

INSTALL SALT:

Will see for the connection for the centOS machine

For centOS:

Before we go on install salt, we need to do first disable or permissive SELinux,

[root@saltmaster zippyops]# setenforce 0

[root@saltmaster zippyops]# sestatus

[root@saltmaster zippyops]#

After that stop, the firewall, give a command to service firewalld stop,

[root@saltmaster zippyops]# systemctl stop firewalld

[root@saltmaster zippyops]# systemctl status firewalld

Hint: Some lines were ellipsized, use -l to show in full.

We can download, Salt on this link: https://repo.saltstack.com/#rhel

and registered an email address and get download it tar file

In Master connection :

[root@saltmaster Downloads]# ls

sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm

[root@saltmaster ~]# sudo yum install https://repo.saltstack.com/yum/redhat/salt   -repo-latest.el7.noarch.rpm

Here, 

# sudo yum clean expire-cache

[root@saltmaster ~]# sudo yum clean expire-cache

# sudo yum install salt-master

[root@saltmaster ~]# sudo yum install salt-master

#  Salt --version

[root@saltmaster ~]# salt --version

salt 2019.2.0 (Fluorine)

Interface:

[root@saltmaster ]# vi /etc/salt/master

Line 16 give master IP

In Line 80 give 600 for gather_job_timeout

In Line 84 give 600 for a timeout

After that, just start the salt-master with the use of these commands

# Systemctl Start Salt-master

# Systemctl enable Salt-master

In Minion connection:

[root@saltminion ]# sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm

Here, 

# sudo yum clean expire-cache

[root@saltmaster ~]# sudo yum clean expire-cache

# sudo yum install salt-minion

# Salt –version

Interface:

In Salt Minion,

[root@saltminion ]# vi /etc/salt/minion

Need to Change 

Line 16 give master IP

Line 113 give Minion Name: 

After that start the salt-minion with the use of these commands

# Systemctl Start Salt-minion

# Systemctl enable salt-minion

In Master:

Check the status of the key by using the command:

# Salt-key –L

[root@saltmaster ~]# salt-key -L

Accepted Keys:

Denied Keys:

Unaccepted Keys:

Rejected Keys:

It will show the minion name that we mentioned in salt-minion-ID

To accept the key we have to use the pfb command,

# Salt-key –a first-minion

[root@saltmaster ~]# salt-key -a zippyops

The following keys are going to be accepted:

Unaccepted Keys:

zippyops

Proceed? [n/Y] y

Key for minion zippyops accepted.

To Check connectivity for the minion, we have to use the pfb command

# Salt first-minion test.ping

If it was true, the connectivity is successfully done, or else if it showing some error means we have to restart the salt-master

FOR UBUNTU:

To connect the ubuntu minion, please  follow the procedure

In this https://repo.saltstack.com/#rhel,choose the Ubuntuoptions

To download the salt-stack packages

[root@saltminion ]# wget -O - https://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add –

To update,

[root@saltminion ]# sudo apt-get update

For salt-minion 

[root@saltminion ]# sudo apt-get install salt-minion

For the interface, we have to change pfb

vi/etc/salt/minion

line 17 master IP

line 113 minion name

Then, start the salt-minion by use of the pfb commands,

# Systemctl Start salt-minion

# Systemctl enable salt-minion

After that, in master, we have to check the status of the key  

# Salt-key –L

We want to accept the key for the connection of the Ubuntu node

# Salt-key –a “minion name”

Check connectivity for that Ubuntu node

By using the pfb command

# Salt “minion name” test.ping

If it came ‘true’ the connectivity was successfully done, or else we have to restart the salt-master and salt-minion.

For Windows:

We can download, Salt on this link: https://repo.saltstack.com/#rhel

In windows, PY2 choose AMD64-download that salt-minion

[root@saltmaster ~]# firewall-cmd --zone=public --add-port=4505-4506/tcp 

--permanent

success

[root@saltmaster ~]# firewall-cmd --reload

success

Change the salt-master name and salt-minion for windows in the pfb command

Salt-Minion-2019.2.0-Py2-AMD64-Setup.exe /S /master=”yoursaltmaster” /minion-name=”yourminionname”

In Master:

Accept the key by using this command:

#Salt-key -a “minion name”

Check the connectivity for that windows node:

# Salt “minion name” test.ping

If it came true the connectivity was successfully done, or else we have to restart the salt-master Successfully,

We connected centOS Minion, Ubuntu Minion, Windows minion to the master

Then, We move to How to download the packages in a minion,

Packages installation

For centOS minion:

1.To create the packages for httpd

We have to create the directory 

mkdir srv

[root@saltmaster ~]# mkdir srv

Go to srv, create the directory salt 

mkdir salt 

[root@saltmaster srv]# mkdir salt

Within this salt directory, only that salt command will work

Then create a new directory, for the package

mkdir httpd

[root@saltmaster salt]# mkdir httpd

Create the file,

vi init.sls

httpd:

   pkg:

     - installed

   Service:

     - running

Save that file, again go to the salt directory 

Run the pfb command,

# Salt “centos minion name”state.sls “directory name”

# Salt firstminion state.sls httpd

2.For the Nginx package download, We have to create the directory 

mkdir srv

[root@saltmaster ~]# mkdir srv

Go to srv, create the directory salt 

mkdir salt 

[root@saltmaster srv]# mkdir salt

Within this salt directory, only that salt command will work

Then create a new directory, for the package

   mkdir Nginx

[root@saltmaster salt]# mkdir nginx

Create the file,

vi init.sls

nginx:

   pkg:

     - installed

   Service:

    - running

Save that file, again go to the salt directory 

Run the pfb command,

# Salt “centos minion name”state.sls “directory name”

# Salt firstminion state.sls nginx

For Ubuntu:

1.To create the packages for httpd

We have to create the directory 

mkdir srv

[root@saltmaster ~]# mkdir srv

Go to srv, create the directory salt 

mkdir salt 

[root@saltmaster srv]# mkdir salt

Within this salt directory, only that salt command will work

Then create a new directory, for the package

mkdir apache

[root@saltmaster salt]# mkdir apache

Create the file,
[root@saltmaster apache]# vi init.sls
vi init.sls
apache2:
pkg:
- installed
Service:
- running

Save that file, again go to the salt directory
Run the pfb command,

# Salt “centos minion name”state.sls “directory name”
# Salt ubuntuminion state.sls apache

2.For Nginx package download,
We have to create the directory

mkdir srv
[root@saltmaster ~]# mkdir srv
Go to srv, create the directory salt

mkdir salt
[root@saltmaster srv]# mkdir salt
Within this salt directory, only that salt command will work
Then create a new directory, for the package

mkdir nginx
[root@saltmaster salt]# mkdir nginx

Create the file,
vi init.sls
nginx:
pkg:
-installed
Service:
-running

Save that file, again go to the salt directory
Run the pfb command,

# Salt “centos minion name”state.sls “directory name”
# Salt firstminion state.sls nginx

For Windows:
1.To create the packages for httpd
We need chocolatey

First, we want to download the chocolatey package
Please follow the commands, to install the chocolatey

# Salt “windows minion name” chocolatey.bootstrap
# Salt windowminion chocolatey.bootstrap

[root@saltmaster ~]# salt zippyops chocolatey.bootstrap
zippyops:
Chocolatey found at C:\ProgramData\chocolatey\bin\chocolatey.exe

2.For Nginx package download,
In PFB,
Command to install Nginx package in windows

# Salt “windows minion name” chocolatey.install nginx
# Salt windowminion choclatey.install nginx

[root@saltmaster salt]# salt zippyops chocolatey.install nginx
zippyops:
Chocolatey v0.10.11

Installing the following packages:
nginx

Another method to install the package in windows:
1.To create the packages for tomcat
We have to create the directory

mkdir srv
[root@saltmaster ~]# mkdir srv
Go to srv, create the directory salt

mkdir salt
[root@saltmaster srv]# mkdir salt
Within this salt directory, only that salt command will work
Then create a new directory, for the package

mkdir tomcat
Create the file,
vi init.sls
Installsomepackage:
chocolatey.installed:
name: tomcat
force: True

# Salt “window minion name”state.sls “directory name”
# Salt windowminion state.sls tomcat

To create users & password

In CentOS, Ubuntu, Windows
Command to create user,

[root@saltmaster salt]# salt '*' user.add gayu
zippyops:
True

FOR CENTOS
First-time auto-generated password for that created user,

[root@saltmaster ~]# salt '*' shadow.gen_password mypassword
gayu:
$6$mnqE3G0J$F.q7Hwupi63NK6x.BSKG3F/48jNrOb3LGt2kDzgJ5CV5VMQAAGLW1O1uD3LhLFUMSaQlADG9C9ipxj3C2OKQQ.

Then to change the password

[root@saltmaster ~]# salt '*' shadow.set_password root
gayu:
Passed invalid arguments to shadow.set_password: set_password() takes at least 2 arguments (1 given)

Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:

``python -c "import crypt; print crypt.crypt('password',
'\$6\$SALTsalt')"``

``SALTsalt`` is the 8-character cryptographic salt. Valid characters in the
salt is ``.``, ``/``, and any alphanumeric character.

Keep in mind that the $6 represents a sha512 hash if your OS is using a
different hashing algorithm this needs to be changed accordingly

CLI Example:
.. code-block:: bash
salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..'

for ubuntu
To Create an encrypted password,

apt-get install makepasswd
echo '' | makepasswd --clearfrom=- --crypt-md5 | awk '{ print $2 }

For windows
Command to check the created user,

PS C:\WINDOWS\system32> net users

The command was completed successfully.
6.Deployment with use of Jenkins
For centOs & Ubuntu Minion we are going to deploy a war file using Jenkins and use of tomcat webserver we can view

In Master,
mkdir tomcat

Create the file,
vi init.sls
{% if grains['os'] == 'CentOS' %}
tomcat:
pkg:
- installed
tomcat-webapps:
pkg:
- installed

tomcat-admin-webapps:
pkg:
- installed

/etc/tomcat/tomcat-users.xml:
file.managed:
- user: root
- group: root
- mode: 0777
- source: salt://tomcat/centos/tomcat-users.xml
/var/lib/tomcat/webapps/jetty-helloworld-webapp-1.0.war:
file.managed:
- source: salt://tomcat/jetty-helloworld-webapp-1.0.war
systemctl stop tomcat:
cmd.run

systemctl start tomcat:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}
tomcat8:
pkg:
- installed
service:
- running

tomcat8-docs:
pkg:
- installed

tomcat8-examples:
pkg:
- installed

tomcat8-admin:
pkg:
- installed

/etc/tomcat8/tomcat-users.xml:
file.managed:
- user: root
- group: root
- mode: 0777
- source: salt://tomcat/ubuntu/tomcat-users.xml
/var/lib/tomcat8/webapps/jetty-helloworld-webapp-1.0.war:
file.managed:
- source: salt://tomcat/jetty-helloworld-webapp-1.0.war

systemctl stop tomcat8:
cmd.run

systemctl start tomcat8:
cmd.run

{% endif %}
Executed successfully !!!!
It worked well!!!

WordPress installation
Writing a single for deploying a WordPress framework for 3 different platforms such as Ubuntu, CentOS, and Windows.

In Master
Make a directory in /srv/salt directory:

# mkdir wordpress

Create 5 files inside wordpress
# cd wordpress
# touch init.sls apache.sls mariadb.sls php.sls wordpress.sls

Edit init.sls
Vi init.sls
include:
- winpress.apache
- winpress.mariadb
- winpress.php
- winpress.wordpress

Edit apache.sls

Vi apache.sls
{% if grains['os'] == 'CentOS' %}
httpd:
pkg:
- installed
firewall-cmd --permanent --add-port=80/tcp:
cmd.run
firewall-cmd --reload:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}
apache2:
pkg:
- installed

ufw allow 80/tcp:
cmd.run

{% elif grains['os'] == 'Windows' %}

choc_boot:
module.run:
- name: chocolatey.bootstrap

wget:
chocolatey.installed:
- name: wget

del /f /q C:\Users\zippyops\Downloads\httpd-2.4.38-win64-VC14.zip:
cmd.run

cmd.run

unzip:
chocolatey.installed:
- name: unzip
rmdir /s /q C:\Apache24:
cmd.run

rmdir /s /q C:\Users\zippyops\Downloads\httpd:
cmd.run

mkdir C:\Users\zippyops\Downloads\httpd:
cmd.run

C:\ProgramData\chocolatey\bin\unzip C:\Users\zippyops\Downloads\httpd-2.4.38-win64-VC14.zip -d C:\Users\zippyops\Downloads\httpd:
cmd.run

move C:\Users\zippyops\Downloads\httpd\Apache24 C:\:
cmd.run

del /f /q C:\Apache24\htdocs\*:
cmd.run

C:\Apache24\bin\vcruntime140.dll:
file.managed:
- source: salt://wordpress/vcruntime140.dll

C:\Apache24\conf\httpd.conf:
file.managed:
- source: salt://wordpress/httpd.conf

{% endif %}
Edit mariadb.sls

{% if grains['os'] == 'CentOS' %}

mariadb-server:
pkg:
- installed
mariadb:
service:
- running

if echo 'show databases;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "create database zippyops;" | /usr/bin/mysql;fi:
cmd.run

if echo 'select user from mysql.user;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "CREATE USER 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql;fi:
cmd.run

echo "GRANT USAGE ON *.* TO 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql:
cmd.run

echo "GRANT ALL privileges ON zippyops.* TO 'zippyops'@'localhost';" | /usr/bin/mysql:
cmd.run

echo "FLUSH PRIVILEGES;" | /usr/bin/mysql:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}

mariadb-server:
pkg:
- installed
mariadb:
service:
- running

if echo 'show databases;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "create database zippyops;" | /usr/bin/mysql;fi:
cmd.run

if echo 'select user from mysql.user;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "CREATE USER 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql;fi:
cmd.run

echo "GRANT USAGE ON *.* TO 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql:
cmd.run

echo "GRANT ALL privileges ON zippyops.* TO 'zippyops'@'localhost';" | /usr/bin/mysql:
cmd.run

echo "FLUSH PRIVILEGES;" | /usr/bin/mysql:
cmd.run

{% elif grains['os'] == 'Windows' %}

del /f /q C:\Users\zippyops\Downloads\mariadb-10.3.13-winx64.zip:
cmd.run

rmdir /s /q C:\mariadb-10.3.13-winx64:
cmd.run

cmd.run

cmd.run

C:\mariadb-10.3.13-winx64\bin\mysqld --install:
cmd.run

C:\Windows\System32\net start mysql:
cmd.run

{% endif %}

Edit php.sls
{% if grains['os'] == 'CentOS' %}

php:
pkg:
- installed
php-gd:
pkg:
- installed
php-mbstring:
pkg:
- installed
php-mysql:
pkg:
- installed
php-pear:
pkg:
- installed
php-xml:
pkg:
- installed
{% elif grains['os'] == 'Ubuntu' %}

php:
pkg:
- installed
php-gd:
pkg:
- installed
php-mbstring:
pkg:
- installed
php-mysql:
pkg:
- installed

php-pear:
pkg:
- installed
php-xml:
pkg:
- installed

{% elif grains['os'] == 'Windows' %}
del /f /q C:\Users\zippyops\Downloads\php-5.6.40-Win32-VC11-x64.zip:
cmd.run

cmd.run

rmdir /s /q C:\php:
cmd.run

mkdir C:\php:
cmd.run

cmd.run

C:\php\php.ini:
file.managed:
- source: salt://wordpress/php.ini

{% endif %}
Edit wordpress.sls
{% if grains['os'] == 'CentOS' %}
wget:
pkg:
- installed
rm -rf /var/www/html/*:
cmd.run

wget -P /root wget http://wordpress.org/latest.tar.gz;tar xzf /root/latest.tar.gz -C /var/www/html --strip 1:
cmd.run

cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php:
cmd.run

sed -i 's/database_name_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/username_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/password_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

/var/www/html/.htaccess:
file.managed:
- source: salt://wordpress/htaccess

systemctl stop httpd;systemctl start httpd:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}


wget:
pkg:
- installed
rm -rf /var/www/html/*:
cmd.run

wget -P /root wget http://wordpress.org/latest.tar.gz;tar xzf /root/latest.tar.gz -C /var/www/html --strip 1:
cmd.run

cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php:
cmd.run

sed -i 's/database_name_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/username_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/password_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

/var/www/html/.htaccess:
file.managed:
- source: salt://wordpress/htaccess


systemctl stop apache2;systemctl start apache2:
cmd.run

{% elif grains['os'] == 'Windows' %}

del /f /q C:\Users\zippyops\Downloads\latest.zip:
cmd.run

cmd.run

C:\ProgramData\chocolatey\bin\unzip C:\Users\zippyops\Downloads\latest.zip -d C:\Apache24\htdocs:
cmd.run

C:\Apache24\htdocs\wordpress\wp-config.php:
file.managed:
- source: salt://wordpress/wp-config.php

C:\Apache24\bin\httpd -k install:
cmd.run