Managing
infrastructure is always complex when dealing with large number of systems and
high speed communication between them is always a problem. So what is a “salt
Stack?”.
Consider
we have a couple of machines that we manage. If we need perform a couple
of operations on them like patching , or perform some command execution on
these machine we need to login to each and every machine and then do the
appropriate action on them . But what if the machines we handle are large ( may
be more than 1000 ) . Managing them is always complex.
Salt
Stack comes in here. The salt Stack is a configuration management tool which
helps the administrators in performing these sort of operations very easily.
Salt Stack also provides us with high speed communications between the
infrastructures.
We
have other tools like puppet and chef which provide us the same facilities.
What makes Salt different is that it is written in Phyton and is light-weight
as far as resources and requirements. The implementation is also very simple.
Salt uses “ZeroMQ” in its communication layer which is really fast.
All
the above tools allow us to perform command executions on multiple machines at
once, install and configure software etc.
In
this article we will see how we can configure and use salt Stack to perform
remote execution. For the article purpose I will use only one system as both
master and slave. We can also configure multiple machines and use them as slaves.
One
important thing is that Salt tool is a command line tool.
Installation & Configuration
Installing
salt is very easy. The salt documentation tells us ways to install salt on
various distributions. Check the installation docs ( http://docs.saltstack.com/en/latest/topics/installation/index.html )
on how to install salt on RHEL.
On
RHEL, execute
and
get the packages necessary for the installation.
Once
the packages are available and installed, we can now see a configuration
directory in /etc/salt. This location contains 2 files “master” and “minion”.
Now
once the files are available, we need to fist do some configuration changes to
both the files. The terms master and minion are commonly referred to the
controller and the controlled. The master is the center controller for all the
minions running. This is much like a master-slave configuration.
Once
we confirm these files are available, execute the command “salt-master“
and keep it running in the back ground. lets configure minion.
The
first thing we need to configure is a way for minion ( slave ) to communicate
with the master. This can be configured in minion configuration file ,
Here
are the changes that we need to do in the minion configuration file, uncomment
these lines and provide the necessary date,
master:
172.16.101.68 <IP address of the master system >
id:
testminion <Name of the minion >
Once
the changes are done , save them and restart the minion using “salt-minion
–d” command. The –d flag demonizes the process and starts the minion in the
back ground.
The
next step is to accept the minion keys. From the above configuration the minion
knows where the master is. Salt uses public key encryption to secure the
communication between master and minion. We need to notify the master and
minion that they can trust each other by accepting minion keys on the master.
[root@vx111a
salt]# salt-key -L
Accepted
Keys:
Unaccepted
Keys:
testminion
Rejected
Keys:
Use
the “salt-key –L” command to get a list of all pending , accepting and
rejected minions information. When I ran the command I see that there is
unaccepted keys from testminion which we configured as a minion in our article.
For
accepting testminion keys , execute “salt-key -a testminion”
[root@vx111a
salt]# salt-key -a testminion
The
following keys are going to be accepted:
Unaccepted
Keys:
testminion
Proceed?
[n/Y] y
Key
for minion testminion accepted.
Once
we accept the keys we can now test the communication using “salt '*'
test.ping”
[root@vx111a
salt]# salt '*' test.ping
testminion:
True
We
can use the command “salt ‘*’ test.ping” to test all the available
minions. The wild-card “*” targets every minion and since we have only one
minion “testminion” , it gets the status of that. The response is “True” saying
that the communication is happened successfully.
The
salt command contains the command , targets and action. Now if we want to
execute a command on a available minions we can use
Salt ‘*’ cmd.run “service httpd restart”
Salt ‘*’ cmd.run “uptime”
All
the commands should be available on minions. In the above case, the httpd
should be available if we run the restart command on that. In the next article,
we will see the salt stack configuration management options.