Saltstack

What is Salt?

More About Salt

The schedule option in either the master or the minion config files.


Module types

The Salt system maintains many module types to manage specific actions. Modules can be added to any of the systems that support dynamic modules. These modules manage all the remote execution and state management behavior of Salt. The modules can be separated into six groups.


Execution modules are the workhorse for Salt's functionality. They represent the functions available for direct execution from the remote execution engine. These modules contain the specific cross-platform information used by Salt to manage portability and constitute the core API of system-level functions used by Salt systems.

State modules are the components that make up the backend for the Salt configuration management system. These modules execute the code needed to enforce, set up or change the configuration of a target system. Like other modules, more states become available when they are added to the state's modules.

Grains are a system for detecting static information about a system and storing it in RAM for rapid gathering.

Renderer modules are used to render the information passed to the Salt state system. The renderer system is what makes it possible to represent Salt's configuration management data in any serializable format.

Returners: the remote execution calls made by Salt are detached from the calling system; this allows the return information generated by the remote execution to be returned to an arbitrary location. Management of arbitrary return locations is managed by the Returner Modules.

Runners are master-side convenience applications executed by the salt-run command.

OVERVIEW  SALTSTACK:

Salt is a very powerful automation framework. Salt architecture is based on the idea of executing commands remotely. Salt is an example of one of the more complex types of remote execution. The Salt Master runs on Linux by default, but any operating system can be a minion, and currently, Windows, VMware vSphere and BSD Unix variants are well supported.

Features of SaltStack

Advantages of SaltStack:

Robust− Salt is powerful and robust configuration management framework and works around tens of thousands of systems.

Authentication− Salt manages simple SSH key pairs for authentication.

Secure − Salt manages secure data using an encrypted protocol.

Fast− Salt is a very fast, lightweight communication bus to provide the foundation for a remote execution engine.

Virtual Machine Automation− The Salt Virt  Cloud Controller capability is used for automation.

Infrastructure as data, not code− Salt provides simple deployment, model-driven configuration management, and command execution framework.

Install the VirtualBox Environment- VirtualBox is a cross-platform virtualization application. VirtualBox allows you to run more than one operating system at a time. VirtualBox runs on Windows, Linux, Macintosh, and Solaris. It hosts and supports a large number of Guest Operating Systems.

Salt interface

Salt interfaces are of the following three types −

INSTALL SALT:

Will see for the connection for the centOS machine

For centOS:

Before we go on install salt, we need to do first disable or permissive SELinux,

[root@saltmaster zippyops]# setenforce 0

[root@saltmaster zippyops]# sestatus

[root@saltmaster zippyops]#


After that stop, the firewall, give a command to service firewalld stop,

[root@saltmaster zippyops]# systemctl stop firewalld

[root@saltmaster zippyops]# systemctl status firewalld

Hint: Some lines were ellipsized, use -l to show in full.

We can download, Salt on this link: https://repo.saltstack.com/#rhel

and registered an email address and get download it tar file

In Master connection :

[root@saltmaster Downloads]# ls

sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm

[root@saltmaster ~]# sudo yum install https://repo.saltstack.com/yum/redhat/salt   -repo-latest.el7.noarch.rpm

Here, 

# sudo yum clean expire-cache

[root@saltmaster ~]# sudo yum clean expire-cache

# sudo yum install salt-master

[root@saltmaster ~]# sudo yum install salt-master

#  Salt --version

[root@saltmaster ~]# salt --version

salt 2019.2.0 (Fluorine)


Interface:

[root@saltmaster ]# vi /etc/salt/master

Line 16 give master IP

In Line 80 give 600 for gather_job_timeout

In Line 84 give 600 for a timeout

After that, just start the salt-master with the use of these commands

# Systemctl Start Salt-master

# Systemctl enable Salt-master

In Minion connection:

[root@saltminion ]# sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest.el7.noarch.rpm

Here, 

# sudo yum clean expire-cache

[root@saltmaster ~]# sudo yum clean expire-cache

# sudo yum install salt-minion

# Salt –version

Interface:

In Salt Minion,

[root@saltminion ]# vi /etc/salt/minion

Need to Change 

Line 16 give master IP

Line 113 give Minion Name: 

After that start the salt-minion with the use of these commands

# Systemctl Start Salt-minion

# Systemctl enable salt-minion

In Master:

Check the status of the key by using the command:

# Salt-key –L

[root@saltmaster ~]# salt-key -L

Accepted Keys:

Denied Keys:

Unaccepted Keys:

Rejected Keys:

It will show the minion name that we mentioned in salt-minion-ID

To accept the key we have to use the pfb command,

# Salt-key –a first-minion

[root@saltmaster ~]# salt-key -a zippyops

The following keys are going to be accepted:

Unaccepted Keys:

zippyops

Proceed? [n/Y] y

Key for minion zippyops accepted.

To Check connectivity for the minion, we have to use the pfb command

# Salt first-minion test.ping

If it was true, the connectivity is successfully done, or else if it showing some error means we have to restart the salt-master


FOR UBUNTU:

To connect the ubuntu minion, please  follow the procedure

In this https://repo.saltstack.com/#rhel,choose the Ubuntuoptions

To download the salt-stack packages

[root@saltminion ]# wget -O - https://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add –


To update,

[root@saltminion ]# sudo apt-get update

For salt-minion 

[root@saltminion ]# sudo apt-get install salt-minion


For the interface, we have to change pfb

vi/etc/salt/minion

line 17 master IP

line 113 minion name

Then, start the salt-minion by use of the pfb commands,

# Systemctl Start salt-minion

# Systemctl enable salt-minion

After that, in master, we have to check the status of the key  

# Salt-key –L

We want to accept the key for the connection of the Ubuntu node

# Salt-key –a “minion name”

Check connectivity for that Ubuntu node

By using the pfb command

# Salt “minion name” test.ping

If it came ‘true’ the connectivity was successfully done, or else we have to restart the salt-master and salt-minion.


For Windows:

We can download, Salt on this link: https://repo.saltstack.com/#rhel

In windows, PY2 choose AMD64-download that salt-minion

[root@saltmaster ~]# firewall-cmd --zone=public --add-port=4505-4506/tcp 

--permanent

success

[root@saltmaster ~]# firewall-cmd --reload

success

Change the salt-master name and salt-minion for windows in the pfb command

Salt-Minion-2019.2.0-Py2-AMD64-Setup.exe /S /master=”yoursaltmaster” /minion-name=”yourminionname”


In Master:

Accept the key by using this command:

#Salt-key -a “minion name”

Check the connectivity for that windows node:

# Salt “minion name” test.ping

If it came true the connectivity was successfully done, or else we have to restart the salt-master Successfully,

We connected centOS Minion, Ubuntu Minion, Windows minion to the master

Then, We move to How to download the packages in a minion,


Packages installation

For centOS minion:

1.To create the packages for httpd

We have to create the directory 

mkdir srv

[root@saltmaster ~]# mkdir srv

Go to srv, create the directory salt 

mkdir salt 

[root@saltmaster srv]# mkdir salt

Within this salt directory, only that salt command will work

Then create a new directory, for the package

mkdir httpd

[root@saltmaster salt]# mkdir httpd

Create the file,

vi init.sls

httpd:

   pkg:

     - installed

   Service:

     - running

Save that file, again go to the salt directory 

Run the pfb command,

# Salt “centos minion name”state.sls “directory name”

# Salt firstminion state.sls httpd

2.For the Nginx package download, We have to create the directory 

mkdir srv

[root@saltmaster ~]# mkdir srv

Go to srv, create the directory salt 

mkdir salt 

[root@saltmaster srv]# mkdir salt

Within this salt directory, only that salt command will work

Then create a new directory, for the package

   mkdir Nginx

[root@saltmaster salt]# mkdir nginx

Create the file,

vi init.sls

nginx:

   pkg:

     - installed

   Service:

    - running


Save that file, again go to the salt directory 

Run the pfb command,


# Salt “centos minion name”state.sls “directory name”

# Salt firstminion state.sls nginx

For Ubuntu:

1.To create the packages for httpd

We have to create the directory 

mkdir srv

[root@saltmaster ~]# mkdir srv

Go to srv, create the directory salt 

mkdir salt 

[root@saltmaster srv]# mkdir salt

Within this salt directory, only that salt command will work

Then create a new directory, for the package

mkdir apache

[root@saltmaster salt]# mkdir apache

Create the file,
[root@saltmaster apache]# vi init.sls
vi init.sls
apache2:
pkg:
- installed
Service:
- running


Save that file, again go to the salt directory
Run the pfb command,

# Salt “centos minion name”state.sls “directory name”
# Salt ubuntuminion state.sls apache


2.For Nginx package download,
We have to create the directory

mkdir srv
[root@saltmaster ~]# mkdir srv
Go to srv, create the directory salt

mkdir salt
[root@saltmaster srv]# mkdir salt
Within this salt directory, only that salt command will work
Then create a new directory, for the package

mkdir nginx
[root@saltmaster salt]# mkdir nginx

Create the file,
vi init.sls
nginx:
pkg:
-installed
Service:
-running


Save that file, again go to the salt directory
Run the pfb command,

# Salt “centos minion name”state.sls “directory name”
# Salt firstminion state.sls nginx


For Windows:
1.To create the packages for httpd
We need chocolatey

First, we want to download the chocolatey package
Please follow the commands, to install the chocolatey

# Salt “windows minion name” chocolatey.bootstrap
# Salt windowminion chocolatey.bootstrap


[root@saltmaster ~]# salt zippyops chocolatey.bootstrap
zippyops:
Chocolatey found at C:\ProgramData\chocolatey\bin\chocolatey.exe


2.For Nginx package download,
In PFB,
Command to install Nginx package in windows

# Salt “windows minion name” chocolatey.install nginx
# Salt windowminion choclatey.install nginx

[root@saltmaster salt]# salt zippyops chocolatey.install nginx

zippyops:
Chocolatey v0.10.11

Installing the following packages:
nginx

Another method to install the package in windows:
1.To create the packages for tomcat
We have to create the directory

mkdir srv
[root@saltmaster ~]# mkdir srv
Go to srv, create the directory salt

mkdir salt
[root@saltmaster srv]# mkdir salt
Within this salt directory, only that salt command will work
Then create a new directory, for the package

mkdir tomcat
Create the file,
vi init.sls
Installsomepackage:
chocolatey.installed:
name: tomcat
force: True

# Salt “window minion name”state.sls “directory name”
# Salt windowminion state.sls tomcat


To create users & password

In CentOS, Ubuntu, Windows
Command to create user,

[root@saltmaster salt]# salt '*' user.add gayu
zippyops:
True


FOR CENTOS
First-time auto-generated password for that created user,

[root@saltmaster ~]# salt '*' shadow.gen_password mypassword
gayu:
$6$mnqE3G0J$F.q7Hwupi63NK6x.BSKG3F/48jNrOb3LGt2kDzgJ5CV5VMQAAGLW1O1uD3LhLFUMSaQlADG9C9ipxj3C2OKQQ.

Then to change the password

[root@saltmaster ~]# salt '*' shadow.set_password root
gayu:

Passed invalid arguments to shadow.set_password: set_password() takes at least 2 arguments (1 given)

Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:

``python -c "import crypt; print crypt.crypt('password',
'\$6\$SALTsalt')"``

``SALTsalt`` is the 8-character cryptographic salt. Valid characters in the
salt is ``.``, ``/``, and any alphanumeric character.

Keep in mind that the $6 represents a sha512 hash if your OS is using a
different hashing algorithm this needs to be changed accordingly

CLI Example:
.. code-block:: bash
salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..'

for ubuntu
To Create an encrypted password,

apt-get install makepasswd
echo '
' | makepasswd --clearfrom=- --crypt-md5 | awk '{ print $2 }

For windows
Command to check the created user,

PS C:\WINDOWS\system32> net users

The command was completed successfully.
6.Deployment with use of Jenkins
For centOs & Ubuntu Minion we are going to deploy a war file using Jenkins and use of tomcat webserver we can view

In Master,
mkdir tomcat

Create the file,
vi init.sls
{% if grains['os'] == 'CentOS' %}
tomcat:
pkg:
- installed
tomcat-webapps:
pkg:
- installed

tomcat-admin-webapps:
pkg:
- installed

/etc/tomcat/tomcat-users.xml:
file.managed:
- user: root
- group: root
- mode: 0777
- source: salt://tomcat/centos/tomcat-users.xml
/var/lib/tomcat/webapps/jetty-helloworld-webapp-1.0.war:
file.managed:
- source: salt://tomcat/jetty-helloworld-webapp-1.0.war
systemctl stop tomcat:
cmd.run


systemctl start tomcat:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}
tomcat8:
pkg:
- installed
service:
- running

tomcat8-docs:
pkg:
- installed

tomcat8-examples:
pkg:
- installed


tomcat8-admin:
pkg:
- installed


/etc/tomcat8/tomcat-users.xml:
file.managed:
- user: root
- group: root
- mode: 0777
- source: salt://tomcat/ubuntu/tomcat-users.xml
/var/lib/tomcat8/webapps/jetty-helloworld-webapp-1.0.war:
file.managed:
- source: salt://tomcat/jetty-helloworld-webapp-1.0.war


systemctl stop tomcat8:
cmd.run

systemctl start tomcat8:
cmd.run

{% endif %}
Executed successfully !!!!
It worked well!!!

WordPress installation
Writing a single for deploying a WordPress framework for 3 different platforms such as Ubuntu, CentOS, and Windows.

In Master
Make a directory in /srv/salt directory:


# mkdir wordpress

Create 5 files inside wordpress
# cd wordpress
# touch init.sls apache.sls mariadb.sls php.sls wordpress.sls


Edit init.sls
Vi init.sls
include:
- winpress.apache
- winpress.mariadb
- winpress.php
- winpress.wordpress


Edit apache.sls

Vi apache.sls
{% if grains['os'] == 'CentOS' %}
httpd:
pkg:
- installed
firewall-cmd --permanent --add-port=80/tcp:
cmd.run
firewall-cmd --reload:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}
apache2:
pkg:
- installed

ufw allow 80/tcp:
cmd.run

{% elif grains['os'] == 'Windows' %}

choc_boot:
module.run:
- name: chocolatey.bootstrap

wget:
chocolatey.installed:
- name: wget

del /f /q C:\Users\zippyops\Downloads\httpd-2.4.38-win64-VC14.zip:
cmd.run

C:\ProgramData\chocolatey\bin\wget -P C:\Users\zippyops\Downloads https://home.apache.org/~steffenal/VC14/binaries/httpd-2.4.38-win64-VC14.zip:

cmd.run

unzip:
chocolatey.installed:
- name: unzip
rmdir /s /q C:\Apache24:
cmd.run

rmdir /s /q C:\Users\zippyops\Downloads\httpd:
cmd.run

mkdir C:\Users\zippyops\Downloads\httpd:
cmd.run

C:\ProgramData\chocolatey\bin\unzip C:\Users\zippyops\Downloads\httpd-2.4.38-win64-VC14.zip -d C:\Users\zippyops\Downloads\httpd:
cmd.run

move C:\Users\zippyops\Downloads\httpd\Apache24 C:\:
cmd.run

del /f /q C:\Apache24\htdocs\*:
cmd.run


C:\Apache24\bin\vcruntime140.dll:
file.managed:
- source: salt://wordpress/vcruntime140.dll

C:\Apache24\conf\httpd.conf:
file.managed:
- source: salt://wordpress/httpd.conf

{% endif %}
Edit mariadb.sls

{% if grains['os'] == 'CentOS' %}

mariadb-server:
pkg:
- installed
mariadb:
service:
- running


if echo 'show databases;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "create database zippyops;" | /usr/bin/mysql;fi:
cmd.run

if echo 'select user from mysql.user;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "CREATE USER 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql;fi:
cmd.run

echo "GRANT USAGE ON *.* TO 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql:
cmd.run

echo "GRANT ALL privileges ON zippyops.* TO 'zippyops'@'localhost';" | /usr/bin/mysql:
cmd.run

echo "FLUSH PRIVILEGES;" | /usr/bin/mysql:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}

mariadb-server:
pkg:
- installed
mariadb:
service:
- running

if echo 'show databases;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "create database zippyops;" | /usr/bin/mysql;fi:
cmd.run

if echo 'select user from mysql.user;' | /usr/bin/mysql | grep -q zippyops;then echo 'present';else echo "CREATE USER 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql;fi:
cmd.run

echo "GRANT USAGE ON *.* TO 'zippyops'@'localhost' IDENTIFIED BY 'zippyops';" | /usr/bin/mysql:
cmd.run

echo "GRANT ALL privileges ON zippyops.* TO 'zippyops'@'localhost';" | /usr/bin/mysql:
cmd.run


echo "FLUSH PRIVILEGES;" | /usr/bin/mysql:
cmd.run

{% elif grains['os'] == 'Windows' %}

del /f /q C:\Users\zippyops\Downloads\mariadb-10.3.13-winx64.zip:
cmd.run

rmdir /s /q C:\mariadb-10.3.13-winx64:
cmd.run

C:\ProgramData\chocolatey\bin\wget -P C:\Users\zippyops\Downloads https://downloads.mariadb.com/MariaDB/mariadb-10.3.13/winx64-packages/mariadb-10.3.13-winx64.zip:

cmd.run

C:\ProgramData\chocolatey\bin\unzip C:\Users\zippyops\Downloads\mariadb-10.3.13-winx64.zip -d C:\:

cmd.run

C:\mariadb-10.3.13-winx64\bin\mysqld --install:
cmd.run

C:\Windows\System32\net start mysql:
cmd.run

{% endif %}

Edit php.sls
{% if grains['os'] == 'CentOS' %}

php:
pkg:
- installed
php-gd:
pkg:
- installed
php-mbstring:
pkg:
- installed
php-mysql:
pkg:
- installed
php-pear:
pkg:
- installed
php-xml:
pkg:
- installed
{% elif grains['os'] == 'Ubuntu' %}

php:
pkg:
- installed
php-gd:
pkg:
- installed
php-mbstring:
pkg:
- installed
php-mysql:
pkg:
- installed

php-pear:
pkg:
- installed
php-xml:
pkg:
- installed

{% elif grains['os'] == 'Windows' %}
del /f /q C:\Users\zippyops\Downloads\php-5.6.40-Win32-VC11-x64.zip:
cmd.run

C:\ProgramData\chocolatey\bin\wget -P C:\Users\zippyops\Downloads https://windows.php.net/downloads/releases/php-5.6.40-Win32-VC11-x64.zip:

cmd.run

rmdir /s /q C:\php:
cmd.run

mkdir C:\php:
cmd.run

C:\ProgramData\chocolatey\bin\unzip C:\Users\zippyops\Downloads\php-5.6.40-Win32-VC11-x64.zip -d C:\php:

cmd.run

C:\php\php.ini:
file.managed:
- source: salt://wordpress/php.ini

{% endif %}
Edit wordpress.sls
{% if grains['os'] == 'CentOS' %}
wget:
pkg:
- installed
rm -rf /var/www/html/*:
cmd.run


wget -P /root wget http://wordpress.org/latest.tar.gz;tar xzf /root/latest.tar.gz -C /var/www/html --strip 1:
cmd.run

cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php:
cmd.run

sed -i 's/database_name_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/username_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/password_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

/var/www/html/.htaccess:
file.managed:
- source: salt://wordpress/htaccess

systemctl stop httpd;systemctl start httpd:
cmd.run

{% elif grains['os'] == 'Ubuntu' %}



wget:
pkg:
- installed
rm -rf /var/www/html/*:
cmd.run

wget -P /root wget http://wordpress.org/latest.tar.gz;tar xzf /root/latest.tar.gz -C /var/www/html --strip 1:
cmd.run

cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php:
cmd.run

sed -i 's/database_name_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/username_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

sed -i 's/password_here/zippyops/g' /var/www/html/wp-config.php:
cmd.run

/var/www/html/.htaccess:
file.managed:
- source: salt://wordpress/htaccess


systemctl stop apache2;systemctl start apache2:
cmd.run

{% elif grains['os'] == 'Windows' %}

del /f /q C:\Users\zippyops\Downloads\latest.zip:
cmd.run

C:\ProgramData\chocolatey\bin\wget -P C:\Users\zippyops\Downloads https://wordpress.org/latest.zip:

cmd.run

C:\ProgramData\chocolatey\bin\unzip C:\Users\zippyops\Downloads\latest.zip -d C:\Apache24\htdocs:
cmd.run

C:\Apache24\htdocs\wordpress\wp-config.php:
file.managed:
- source: salt://wordpress/wp-config.php

C:\Apache24\bin\httpd -k install:
cmd.run

C:\Apache24\bin\httpd -k start:
cmd.run
{% endif %}


Create an htaccess in WordPress
# vi WordPress/htaccess
#BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Download the 4 files from GitHub
httpd.conf
php.ini
wp-config.php(For Windows)
vcruntime140.dll (other sources: https://www.dll-files.com/vcruntime140.dll.html)


ON master Execute:

# cd /srv/salt

# salt ‘*’ state.sls wordpress


Finally, the WordPress CMS will be installed on 3 different platforms.



Relevant Blogs:

canary deployment with istio 

Terraform execution in pipeline  

How Cloud Storage Works? 

ZA Proxy run scan

Recent Comments

No comments

Leave a Comment