July 9, 2013 ahydle

Saltstack: Master Setup

What can I say about Saltstack but, WOW! After only using it a couple of days I already have a working CM implementation and not only is it easy to use and incredibly powerful but it is FAST! This is not to say I still dont want to spend more time with Chef but after using Saltstack I find it very hard to peel myself away!

As with anything I enjoy I thought it would be a good idea to build out some walkthrough’s for my own reference as well as to help anyone else getting started. To begin I thought I would start with a production master server setup.

Please also note that Saltstack has already provided a great set of documentation on their website. You should definitely check it out!

Up and running on Debian

To get started we will update our apt configuration with the Saltstack repository, add its key and update our sources. These instructions are Debian specific but you can find plenty of help from the Saltstack documentation.

# echo "deb http://debian.saltstack.com/debian wheezy-saltstack main" > /etc/apt/sources.list.d/saltstack.list
# wget -q -O- "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" | apt-key add -
# apt-get update

Next, to install the master service a simple apt-get install will do.

apt-get install salt-master

Configuration

Now that the master server is installed we are ready to begin our configuration by editing the /etc/salt/master file to enable the salt-states file server as well as pillar.

The salt-states file server is where you will store all of your state configurations, software configuration files and possibly other files you want pushed out to the clients (The salt server has a built in file server to transfer files to clients. No SSH required!).

State configurations define how the server will react to different configurations and by default are encoded using YAML, for example “Is mysql installed? Install it” simply looks like this:

mysql-package:
  pkg:
    - name: mysql-server
    - installed

Your software configuration files are templated versions of your normal configuration files using JINJA markup by default. For example, I could add some markup to my my.conf file that would allow me to get a variable from pillar. It would look like this:

[client]
port            = {{ pillar['mysql']['port'] }}
socket          = /var/run/mysqld/mysqld.sock

On the other hand pillar looks similar to the salt-states side of things but is used to store variables that can be used in all of your salt-state files or software configuration files. So my pillar file for the above example may look like this:

mysql:
  port: 3306

Salt States / File Server

To setup the salt states file server uncomment the following lines from the /etc/salt/master file to point to the directory which will hold your state and configuration files and create the directories if needed. The default is /srv/salt.

file_roots:
  base:
    - /srv/salt

Pillar Settings

To setup pillar uncomment the following lines from the /etc/salt/master file to point to the directory which will hold your pillar files and create the directories if needed. The default is /srv/pillar

pillar_roots:
  base:
    - /srv/pillar

Moving on

Believe it or not, but after restarting your salt-master service you have a completely configured setup. From here you could start up a minion on a computer on the network and start managing it!

By default all minions search for a master at salt.yourdomain.com where yourdomain.com is your local search domain. So if you have a DNS CNAME record for salt.yourdomain.com the minion would automatically connect to your server and submit its public key to be authorized as soon as the software is installed and running.

Then all you would need to do is authorize the client on your master with the command below and you can control the client! Easy!

salt-key -a minion.yourdomain.com

Running as an unprivileged user

We need to create a new user and update the permissions on all the salt directories.

# adduser --home /srv --no-create-home salt
# chown -R salt /var/cache/salt
# chown -R salt /var/log/salt
# chown -R salt /etc/salt/pki

Then, we need to update the /etc/salt/master file and uncomment the user: configuration.

user: salt
, , , , , , , ,

Comment (1)

Leave a Reply

Your email address will not be published. Required fields are marked *