Salt Stack – a Infrastructure management tool

Managing infrastructure is always complex when dealing with large number of systems and high speed communication between them is always a problem. So what is a “salt Stack?”.

Consider we have a couple of machines that we manage. If we need perform  a couple of operations on them like patching , or perform some command execution on these machine we need to login to each and every machine and then do the appropriate action on them . But what if the machines we handle are large ( may be more than 1000 ) . Managing them is always complex.

Salt Stack comes in here. The salt Stack is a configuration management tool which helps the administrators in performing these sort of operations very easily. Salt Stack also provides us with high speed communications between the infrastructures.

We have other tools like puppet and chef which provide us the same facilities. What makes Salt different is that it is written in Phyton and is light-weight as far as resources and requirements. The implementation is also very simple. Salt uses “ZeroMQ” in its communication layer which is really fast.

All the above tools allow us to perform command executions on multiple machines at once, install and configure software etc.

In this article we will see how we can configure and use salt Stack to perform remote execution. For the article purpose I will use only one system as both master and slave. We can also configure multiple machines and use them as slaves.

One important thing is that Salt tool is a command line tool.

Installation & Configuration

Installing salt is very easy. The salt documentation tells us ways to install salt on various distributions. Check the installation docs ( http://docs.saltstack.com/en/latest/topics/installation/index.html )  on how to install salt on RHEL.

On RHEL, execute

rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm

and get the packages necessary for the installation.

Once the packages are available and installed, we can now see a configuration directory in /etc/salt. This location contains 2 files “master” and “minion”.

Now once the files are available, we need to fist do some configuration changes to both the files. The terms master and minion are commonly referred to the controller and the controlled. The master is the center controller for all the minions running. This is much like a master-slave configuration.

Once we confirm these files are available, execute the command “salt-master“ and keep it running in the back ground. lets configure minion.

The first thing we need to configure is a way for minion ( slave ) to communicate with the master. This can be configured in minion configuration file ,

Here are the changes that we need to do in the minion configuration file, uncomment these lines and provide the necessary date,

master: 172.16.101.68 <IP address of the master system >

id: testminion  <Name of the minion >

Once the changes are done , save them and restart the minion using “salt-minion –d” command. The –d flag demonizes the process and starts the minion in the back ground.

The next step is to accept the minion keys. From the above configuration the minion knows where the master is. Salt uses public key encryption to secure the communication between master and minion. We need to notify the master and minion that they can trust each other by accepting minion keys on the master.

[root@vx111a salt]# salt-key -L

Accepted Keys:

Unaccepted Keys:

testminion

Rejected Keys:

Use the “salt-key –L” command to get a list of all pending , accepting and rejected minions information. When I ran the command I see that there is unaccepted keys from testminion which we configured as a minion in our article.

For accepting testminion keys , execute “salt-key -a testminion”

[root@vx111a salt]# salt-key -a testminion

The following keys are going to be accepted:

Unaccepted Keys:

testminion

Proceed? [n/Y] y

Key for minion testminion accepted.

Once we accept the keys we can now test the communication using “salt '*' test.ping”

[root@vx111a salt]# salt '*' test.ping

testminion:

    True

We can use the command “salt ‘*’ test.ping” to test all the available minions. The wild-card “*” targets every minion and since we have only one minion “testminion” , it gets the status of that. The response is “True” saying that the communication is happened successfully.

The salt command contains the command , targets and action. Now if we want to execute a command on a available minions we can use

Salt ‘*’ cmd.run “service httpd restart”

Salt ‘*’ cmd.run “uptime”

All the commands should be available on minions. In the above case, the httpd should be available if we run the restart command on that. In the next article, we will see the salt stack configuration management options.

Happy Learning, More to come.