Saltstack Tutorial for beginners [2023]

Saltstack Tutorial: What Is SaltStack?

 Salt (Salt-Stack) is infrastructure automation and management system written in Python. You’ll see through this introduction that it is a powerful tool. Please note that this saltstack tutorial is for beginners.

Installation

Let’s begin by installing it. I am using a Debian based distro (Ubuntu, Linux Mint ..), for other distros please check the installation manual (for this part).

For this saltstack tutorial blog post, I am going to install Master and Minion in the same server (localhost).

Master is the server and Minion is the target.

We’re going for now to configure the (local) minion:

Search for master and tell it to use localhost or 127.0.0.1 or even the default gateway 10.0.0.1

and restart the service :

Salt works with a system of keys, it can tells you which Minion was accepted/rejected. To list all the Minion keys your Master knows about, type :

If the host is rejected, add it using -a :

Check that the Minion responds:

the ‘*’ refers to all Minions whose key is accepted. You can specify instead, the FQDN of your minion.

Usage

We’re going, for now, some usage examples:

For Nginx (Installation of the server and starting its service):

For vim (Installation of vim)

You can even see all of your minion servers’ disk usage:

Or list network interfaces:

You can also execute a command

salt ‘*’ cmd.run ‘ls -l /etc’

To list the documentation you can type

Grains

Salt comes with an interface to derive information about the underlying system. This is called the grains interface because it presents salt with grains of information.

The grains interface is made available to Salt modules and components so that the right salt minion commands are automatically available on the right systems.

Let’s view all grains our minions (*):

To list grains data:

As an example, if we want to match all CentOS and ping them, we can also use grains this way:

To list all minions with 64-bit CPUs, and return number of CPU cores for each matching one:

Adding new grains

Grains can also be assigned within the minion configuration file.

Open :

And search for “grains”

(As you can see, there is a list of grains like “deployment” that have the value mydatacenter. You can add your own grain. Make sure everything respects YAML language standards. )

or by adding the code below (without “grains:”) in

Example:

If your favorited language is Python, you have the habit of using dicts, you can use it also as a grain :

To query the last example :

Output format

Changing the output format is easy:

“–out” could be also one of the values listed here.

Troubleshooting

As troubleshooting is always part of learning, to debug the master or the minion you can use:

Let’s see what the port connectivity from the minion with the NC command.

(Remember that salt uses two ports, you can change them in master/minion configuration under /etc/salt/)

Debug with salt-call

We’re going to use salt-call with state.highstate if you’re not familiar with states, we’re going to explain them for later:

salt-call -l debug state.highstate

The verbose output could help you troubleshoot your problems. You only need patience.

Turn up logs

Salt can be quite chatty when you change the logging setting to debug:

Foreground run

By not starting the minion in daemon mode (-d) one can view any output from the minion as it works:

Increase the default timeout value when running salt. For example, to change the default timeout to 60 seconds:

Combine all:

Salt Authentification

We already spoke about keys but here is a reminder. We’re using two main functionality of salt-key command (on the master).

To list the keys that are on the master:

salt-key -L

The keys that have been rejected, accepted and pending acceptance are listed.

The easiest way to accept the minion key is to accept all pending keys:

Salt file roots

A base environment is required to house the top file.

In

you can add :

If you want to organize more as I did, you can create two subdirectories: states and pillars

and under each directory, you can create other subdirectories ( dev, integration, test, production ..etc).

In this blog post, I am going to speak about states, but not pillars. You can find good examples in the official documentation.

Salt States

If you consider working with salt, states are an important point to understand and it is not complicated.

As we already had configured “file_roots” which is “/srv/salt/”, we can move to the next simple example :

Example:

On the master, add the following code to

“base” is an environment and it’s our default one. You can define a list of minion that will be attached to that environment

Explanation:

In the last example, all hosts are concerned ( ‘*’ ), and the state webserver will be applied to them.

Minions can be matched by glob, PCRE regular expression, or by grains.

If we modify the last example and use “grains” matching instead of just writing “*”, you’ll have to modify your code like this :

os: Debian’ is the used grain to match host(s)

The last line tells Salt to use the sls called “webserver”.

Let’s keep the first example for the rest of this tutorial and continue to the second part (SLS).

Create our ‘sls’ file called ‘webserver.sls’. Write the next code to that file:

ID declaration is a random name but unique, in our example, it is the name of the package that should be installed on our minions.

When you type :

Salt will install the package defined in “webserver.sls” on your target minions defined in “top.sls” file

Let’s move to another interesting part of salt: How can we manage a configuration file on a distant machine? This will be the main subject of the next saltstack tutorial post. Also, you can check our latest post regarding Docker ADD vs COPY. Enjoy 🙂