BGP.guru

BGP.guru

Nerd blog.

25 Jun 2014

SaltStack Automation

This week I changed that and set up a salt-master and several (OK, 10) salt-minions to take commands from the master. 8 local Debian Linux VMs, 1 Remote FreeBSD VM, and 1 remote Debian Linux VM.

Getting starting with SaltStack is really easy. Essentially the process is as follows:

  • On master and minion:
    • Add/enable salt repo to your package environment
  • On master
    • install salt-master package
    • edit /etc/salt/master and enable IPv6 if your environment has IPv6
  • On minion
    • install salt-minion package
    • edit /etc/salt/minion and edit the master: line (and enable IPv6)
    • restart salt-minion service
    • run >salt-call --local key.finger
    • run cat /etc/salt/pki/minion/minion.pub
  • On master
    • run salt-key -L to list keys
    • run salt-key -p <unaccepted-minion.host.name>
  • Compare the output of the pubkey from the minion with the master’s printout, and then accept it on the master by running salt-key -A which will prompt you for each unaccepted key.
  • On master
    • run salt '*' test.ping, you should get output like the following:
# salt '*.ciscodude.net' test.ping
jake.ciscodude.net:
  *  True
ns0.ciscodude.net:
  *  True
ciscodude.net:
  *  True
dev.ciscodude.net:
  *  True
...

This is your basic salt-minion/master set up. You can run commands on the minion like follows:

# salt -G 'roles:*dns' cmd.run 'uname -a'
jake.ciscodude.net:
  *  Linux jake 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux
ns0.ciscodude.net:
  *  Linux ns0 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux
meagan.ciscodude.net:
  *  FreeBSD meagan.ciscodude.int 10.0-RELEASE-p3 FreeBSD 10.0-RELEASE-p3 #0: Tue May 13 18:31:10 UTC 2014     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
ns2.henchman21.net:
  *  Linux ns2.henchman21.net 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2+deb7u2 x86_64 GNU/Linux

SaltStack also has integration with apt-get on Debian, so a command like salt -G os:debian pkg.refresh_db followed by salt -G os:debian pkg.upgrade will run apt-get update followed by apt-get dist-upgrade on all of my Debian minions. There is also fine grained control to see which packages are available for upgrade.

Also, since SaltStack is written in Python, everything available thru CLI is also available via Python:

#!/usr/bin/env python

import salt.client

local = salt.client.LocalClient()
returns = local.cmd_batch('*.ciscodude.net', 'cmd.run', ['uptime'])

for i in returns:
  *print i

Which, when run will give output like follows:

# ./info.uptime.py
{'ciscodude.net': ' 00:33:01 up 4 days,  1:09,  1 user,  load average: 0.00, 0.01, 0.05'}
{'ns0.ciscodude.net': ' 00:32:54 up 4 days,  1:07,  0 users,  load average: 0.00, 0.01, 0.05'}
{'meagan.ciscodude.net': '12:33AM  up 25 days,  4:37, 0 users, load averages: 0.11, 0.12, 0.14'}
{'jake.ciscodude.net': ' 00:32:54 up 4 days,  1:07,  0 users,  load average: 0.00, 0.01, 0.05'}

Theodore Baschak - Theo is a network engineer with experience operating core internet technologies like HTTP, HTTPS and DNS. He has extensive experience running service provider networks with OSPF, MPLS, and BGP.