Mastering SaltStack - Second Edition
By Hall Joseph
()
About this ebook
Read more from Hall Joseph
Ideal Commonwealths Rating: 0 out of 5 stars0 ratingsMastering SaltStack Rating: 0 out of 5 stars0 ratingsExtending SaltStack Rating: 0 out of 5 stars0 ratingsSelections from Early Middle English 1130-1250: Part II: Notes Rating: 0 out of 5 stars0 ratingsSelections from early Middle English, 1130-1250 Part I: Texts Rating: 0 out of 5 stars0 ratings
Related to Mastering SaltStack - Second Edition
Related ebooks
Implementing Splunk: Big Data Reporting and Development for Operational Intelligence Rating: 4 out of 5 stars4/5PostgreSQL Replication - Second Edition Rating: 0 out of 5 stars0 ratingsLearning SaltStack - Second Edition Rating: 0 out of 5 stars0 ratingsImplementing Splunk - Second Edition Rating: 0 out of 5 stars0 ratingsMastering Splunk Rating: 0 out of 5 stars0 ratingsPostgreSQL 9.0 High Performance Rating: 4 out of 5 stars4/5Infrastructure as Code (IAC) Cookbook Rating: 0 out of 5 stars0 ratingsHadoop in Practice Rating: 0 out of 5 stars0 ratingsAzure in Action Rating: 0 out of 5 stars0 ratingsNginx HTTP Server - Third Edition Rating: 0 out of 5 stars0 ratingsMastering Go Network Automation Rating: 0 out of 5 stars0 ratingsMastering Git Rating: 0 out of 5 stars0 ratingsMastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter Rating: 0 out of 5 stars0 ratingsRed Hat Enterprise Linux 6 Administration: Real World Skills for Red Hat Administrators Rating: 0 out of 5 stars0 ratingsSquid Proxy Server 3.1 Beginner's Guide Rating: 3 out of 5 stars3/5OpenNebula 3 Cloud Computing Rating: 0 out of 5 stars0 ratingsFreeRADIUS Beginner's Guide Rating: 0 out of 5 stars0 ratingsMastering Elasticsearch 5.x - Third Edition Rating: 0 out of 5 stars0 ratingsAnsible A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSalt Cookbook Rating: 0 out of 5 stars0 ratingsLearning SaltStack Rating: 4 out of 5 stars4/5Red Hat Certified Engineer (RHCE) Study Guide: Ansible Automation for the Red Hat Enterprise Linux 8 Exam (EX294) Rating: 0 out of 5 stars0 ratingsKubernetes Secrets Management Rating: 0 out of 5 stars0 ratingsGetting Started with Citrix XenApp® 7.6 Rating: 0 out of 5 stars0 ratingsNetOps 2.0 Transformation: The DIRE Methodology Rating: 5 out of 5 stars5/5CentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 Systems Rating: 0 out of 5 stars0 ratingsBeginning Git and GitHub: A Comprehensive Guide to Version Control, Project Management, and Teamwork for the New Developer Rating: 0 out of 5 stars0 ratingsNginx Essentials Rating: 0 out of 5 stars0 ratingsCeph Cookbook Rating: 4 out of 5 stars4/5
Programming For You
PYTHON: Practical Python Programming For Beginners & Experts With Hands-on Project Rating: 5 out of 5 stars5/5Python Programming : How to Code Python Fast In Just 24 Hours With 7 Simple Steps Rating: 4 out of 5 stars4/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5C++ Learn in 24 Hours Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5Learn to Code. Get a Job. The Ultimate Guide to Learning and Getting Hired as a Developer. Rating: 5 out of 5 stars5/5HTML & CSS: Learn the Fundaments in 7 Days Rating: 4 out of 5 stars4/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 0 out of 5 stars0 ratingsC# 7.0 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Beginning Programming with Python For Dummies Rating: 3 out of 5 stars3/5Java for Beginners: A Crash Course to Learn Java Programming in 1 Week Rating: 5 out of 5 stars5/5Learn SQL in 24 Hours Rating: 5 out of 5 stars5/5Python: For Beginners A Crash Course Guide To Learn Python in 1 Week Rating: 4 out of 5 stars4/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Game Development with Unreal Engine 5: Learn the Basics of Game Development in Unreal Engine 5 (English Edition) Rating: 0 out of 5 stars0 ratingsPython: Learn Python in 24 Hours Rating: 4 out of 5 stars4/5Data Structures and Algorithm Analysis in Java, Third Edition Rating: 4 out of 5 stars4/5SQL: For Beginners: Your Guide To Easily Learn SQL Programming in 7 Days Rating: 5 out of 5 stars5/5SQL All-in-One For Dummies Rating: 3 out of 5 stars3/5
Reviews for Mastering SaltStack - Second Edition
0 ratings0 reviews
Book preview
Mastering SaltStack - Second Edition - Hall Joseph
Table of Contents
Mastering SaltStack Second Edition
Credits
Foreword
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Essentials Revisited
Executing commands remotely
Master and minions
Targeting minions
Glob
Perl Compatible Regular Expression (PCRE)
List
Subnet
Grain
Grain PCRE
Pillar
Compound
Nodegroup
Using module functions
test.ping
test.echo
test.sleep
test.version
pkg.install
pkg.remove
file.replace
Other file functions
Various user and group functions
sys.doc
SLS file trees
SLS files
Tying things together with top files
Organizing the SLS directories
Using states for configuration management
Using include blocks
Ordering with requisites
require
watch
onchanges
onfail
use
prereq
Inverting requisites
Extending SLS files
The basics of grains, pillars, and templates
Using grains for minion-specific data
Centralizing variables with pillars
Managing files dynamically with templates
A quick Jinja primer
Summary
2. Diving into Salt Internals
Understanding the Salt configuration
Following the configuration tree
Looking inside /etc/salt/
Managing Salt keys
Exploring the SLS directories
Examining the Salt cache
The master job cache
The master-side minion cache
The external file server cache
The minion-side proc/ directory
External modules
The renderer
Rendering SLS files
Render pipes
Serving templated files
Understanding the loader
Dynamic modules
Execution modules
Cloud modules
Plunging into the state compiler
Imperative versus declarative
Requisites
High and low states
High states
Low states
Enforcing statefulness
name
result
changes
comment
Summary
3. Managing States
Handling multiple states
Including other SLS files
Spanning multiple environments
Using the base environment
Breaking out environments
Understanding master_tops
Using Salt Stack Formulas on GitHub
Examining the standard layout
formula name
pillar.example
README
LICENSE
FORMULA
Cloning formulas
Using the Salt Package Manager
Thinking of SPM as a package manager
Thinking of SPM as a repository manager
Configuring SPM repositories
Downloading repository metadata
Creating SPM repositories
Set aside a directory to hold packages
Share that directory
Populate the directory
Create the repository metadata
Building packages
version
release
summary
description
name
os
os_family
dependencies
optional
recommended
minimum_version
top_level_dir
license
Where to use SPM
SPM configuration
spm_conf_file
formula_path
pillar_path
reactor_path
spm_logfile
spm_default_include
spm_repos_config
spm_cache_dir
spm_build_dir
spm_build_exclude
spm_db
Summary
4. Exploring Salt SSH
Grappling with SSH
Remote shells
Using rosters
The flat roster
host
port
user
passwd
sudo
priv
timeout
thin_dir
Other built-in rosters
scan
cache
cloud
ansible
Building dynamic rosters
Using Salt SSH
Using a Saltfile
Salt versus Salt SSH
Architecture
Performance
Understanding the salt-thin agent
Building the thin package
Including extra modules
Deploying the thin package
Executing the thin package
The Salt SSH shim
Preparing for Salt states
Running Salt
Salt's running data
Using the raw SSH mode
Caching SSH connections
Summary
5. Managing Tasks Asynchronously
Looking at the event system
Reviewing the basics
The structure of event data
Watching event data
Installing the event listener
Using the event listener
Firing custom data
Namespacing events
Namespacing guidelines
Some common events
salt/auth
salt/key
salt/minion/minion_id/start
salt/job/job_id/new
salt/job/job_id/ret/minion_id
salt/presence/present
salt/presence/change
Common cloud events
salt/cloud/vm_name/creating
salt/cloud/vm_name/requesting
salt/cloud/vm_name/querying
salt/cloud/vm_name/waiting_for_ssh
salt/cloud/vm_name/deploying
salt/cloud/vm_name/created
salt/cloud/vm_name/destroying
salt/cloud/vm_name/destroyed
Salt API events
salt/netapi/url_path
Building reactors
Configuring reactors
Writing reactors
Calling execution modules
Calling runner modules
Calling wheel modules
Writing more complex reactors
Sending out alerts
Using webhooks
Reactors calling reactors
Using Thorium
A word on engines
Looking at Thorium basics
Enabling Thorium
Setting up the Thorium directory tree
Writing Thorium SLS files
Using requisites
Using the register
Looking forward
Using the queue system
Learning how queues work
Adding to the queue
Listing queues
Listing items in a queue
Processing queue items
Deleting items from a queue
Using queues with the reactor
Spreading out State runs
Dividing tasks among minions
Summary
6. Taking Advantage of Salt Information Systems
Understanding pillar_roots
Templating pillar_roots
Calling out to other modules
Using Salt's external pillars
Configuring the etcd pillar
Using git_pillar
Using the mysql pillar
Some final thoughts on external pillars
Using multiple external pillars
Caching pillar data
Understanding SDB
Securely storing passwords
Staying simple
Using SDB URIs
Configuring SDB
Performing SDB lookups
Getting data
Setting data
Deleting data
Comparing pillars and SDB
Where the data is generated
Differences in drivers
Salt Cloud and others
Summary
7. Taking Salt Cloud to the Next Level
Examining the Salt Cloud configuration
Global configurations
Provider and profile configuration
Providers
Profiles
Extending configuration blocks
Using SDB with Salt Cloud
Using SDB with OpenStack
Using SDB with AWS/EC2
Using SDB with other cloud providers
Building custom deploy scripts
Understanding the Salt Bootstrap script
Installing from prebuilt packages
Installing from Git
Looking back at legacy deploy scripts
Writing your own deploy scripts
Passing arguments to scripts
Using file maps
Taking a look at cloud maps
Using reactors with Salt Cloud
Setting up the event tags
Working with autoscale reactors
Cloud cache
Using cloud cache events
Setting up a schedule
Catching cloud cache events
Summary
8. Using Salt with REST
Looking at Salt's HTTP library
Why a Salt-specific library?
Using the http.query function
GET versus POST
Decoding return data
Using the http.query state
Using http.query with reactors
Understanding the Salt API
What is the Salt API?
Setting up the Salt API
CherryPy
Tornado
WSGI
Creating SSL certificates
Configuring authentication
The external authentication module
Taking your first steps with the Salt API
Issuing one-off commands
Working with webhooks
Reacting with Thorium
Security considerations
More complex authentication
Summary
9. Understanding the RAET and TCP Transports
Comparing RAET and ZeroMQ
Starting with HTTP
SSH - the old favorite
Using ZeroMQ
ZeroMQ and security
The need for RAET
Flow-based programming
The pieces of the puzzle
Black boxes
Shared storage
Concurrent scheduling
Driving with RAET
Configuring RAET
The RAET architecture
The basics
The RAET scheduler
Estates and yards
Looking at asynchronous programming
Cooks in a restaurant
Examining the TCP transport
Using the TCP transport
Summary
10. Strategies for Scaling
All about syndication
Different folks, different strokes
No need for micromanaging
Configuring syndication
High availability with multiple masters
Built-in high-availability configuration
Old-school high availability
The round-robin DNS
IP-based load balancing
Synchronizing files
Base configuration files
Synchronizing the nonexternal files
Using rsync
Using the event reactor
Incorporating external data sources
The external job cache
Using returners on the minions
Using the master job cache
External filesystems
GitFS
base
root
mountpoint
user and password
insecure_auth
pubkey, privkey, and passphrase
Other source-control backends
SVNFS
root and mountpoint
trunk
branches
tags
HGFS
S3FS
One environment per bucket
Multiple environments per bucket
AzureFS
External pillars
cmd_yaml/cmd_json
git
redis
mysql
Using the master API
The Salt keys
Configuration
The file and pillar roots
Using the wheel reactor
Using wheel with Thorium
Testing the load in the infrastructure
Using the minionswarm.py script
Swarm internals
Summary
11. Monitoring with Salt
Monitoring basics
Establishing a baseline
Reading the system vitals in Salt
status.loadavg
status.cpustats
status.meminfo
status.vmstats
disk.usage and status.diskusage
status.w
status.all_status and status.custom
Monitoring with returners
Deciding on a returner
Using monitoring states
Defining a monitoring state
Monitoring with web calls
Working with beacons
Monitoring file changes
Beacon intervals
Setting up alerts
Alerting in state files
Alerting from beacons
Watching file changes
Monitoring bad logins
Using aggregate data with Thorium
Summary
12. Exploring Best Practices
Future-proofing your infrastructure
Setting up your directories
Standard directory locations
.sls versus init.sls
Shallow versus deep
Subdividing further
The SLS efficiency
Includes and extends
Using includes
Using extends
Using templates to simplify SLS files
Working with loops
Decisions, decisions
Using the built-in states
Naming conventions
Generic names
Explicit names
Templates and variables
Nested variables
Referring to variables in templates
Summary
13. Troubleshooting Problems
What the...?
Addressing the problem source
Where is the trouble?
Master-to-minion communication
Network and CPU congestion
Checking minion load
Querying the Salt job data
Using debug and trace modes
info
warn
error
debug/trace
Running services in debug mode
Using salt-call locally
Working with YAML
YAML basics
dict
list
YAML idiosyncrasies
Spacing
Numbers
Booleans
List items
Troubleshooting YAML
Asking the community for help
The salt-users mailing list
Asking questions
The Salt issue tracker
Researching before posting
Formatting your issues
Requesting features
#salt on IRC
Final community thoughts
Summary
Mastering SaltStack Second Edition
Mastering SaltStack Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2015
Second edition: November 2016
Production reference: 1211116
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78646-739-3
www.packtpub.com
Credits
Foreword
The Mastering SaltStack book is one of my favorite Salt books. This book will get you past the basics of Salt and into what makes it a truly powerful automation framework. Tools like Salt Reactor, Thorium and Salt-SSH allow you to get the most out of Salt. The best ways to take Salt to the next level are revealed in this book, in an easy-to-understand way that will help you solve your problems.
Joseph Hall is likely the best person to write this book. He is not only a close friend, but has also been involved with the Salt project from the very beginning, including the early design of the Salt States system. Joseph is the second person to write code for Salt (apart from me). He was the first engineer hired by SaltStack.
Thomas S. Hatch
Founder and CTO, SaltStack
About the Author
Starting as a support technician and progressing to being a web programmer, QA engineer, systems administrator, Linux instructor, and cloud engineer, Joseph Hall has touched just about every area of the modern technology world. He is currently a senior cloud and integrations engineer at SaltStack. Joseph enjoys working with some of the best minds in the business with his coworkers and SaltStack's partners. He is also the author of Extending SaltStack, Packt Publishing.
You can find him on LinkedIn at https://www.linkedin.com/in/techhat and on GitHub at https://github.com/techhat.
About the Reviewer
Peng Yao is an operations engineer. He is the founder and coordinator of the China SaltStack User Group. He translated Mastering SaltStack to Chinese.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Preface
I'm very excited to have been given the chance to put this book together. I've been given the rare opportunity to watch Salt grow from an idea in the brain of Tom Hatch to an award-winning open source project, and onward to the flagship product of an award-winning open source company. Salt has become an incredibly powerful framework, which I wish I'd had access to years ago.
Every day, I learn something new about Salt. This book is a collection of a number of those things, aimed at the advanced user. Don't see it as the last word on any of the topics that it covers. Instead, see it as a guide on your journey to use this tool to its fullest potential.
As you read through this book, I hope that the ideas and examples in it inspire you to update and innovate your infrastructure.
What this book covers
Chapter 1, Essentials Revisited, takes a step back to a few of the basics inside of Salt. These concepts are critical to understanding many of the concepts discussed in this book, and many of them will be explored further in later chapters.
Chapter 2, Diving into Salt Internals, goes in depth with the management of Salt’s own configuration files, how Salt’s loader system works, before finally discussing the state compiler.
Chapter 3, Managing States, builds upon the state concepts from the previous chapter and goes on to discuss how Salt states can be compiled together to form a more cohesive solution for your organization.
Chapter 4, Exploring Salt SSH, will provide you with a basic understanding of Salt’s SSH transport layer, before jumping into a more technical overview of the underlying components.
Chapter 5, Managing Tasks Asynchronously, explores some of the subsystems in Salt that are designed for handling tasks, which interact with each other to achieve an end goal.
Chapter 6, Taking Advantage of Salt Information Systems, looks at some of the subsystems in Salt that are designed entirely for data management. The functionality of these subsystems can be utilized by the master or minion, and sometimes both.
Chapter 7, Taking Salt Cloud to the Next Level, brings you an understanding of how Salt interacts with public clouds and how you can extend that interaction to achieve a more cohesive infrastructure definition.
Chapter 8, Using Salt with REST, covers using Salt to communicate over HTTP, both as a client and as a server. With these APIs in place, Salt can either be a cog in another system or be the system that manages the cogs.
Chapter 9, Understanding the RAET and TCP Transports, follows a very technical discussion of various transport layers, both inside and outside of Salt. If you are looking to move beyond the ZeroMQ transport, this chapter is for you.
Chapter 10, Strategies for Scaling, explores a number of subsystems designed to allow Salt to manage large-scale data centers. Even if you are managing a small infrastructure now, I would encourage you to take a look at the options available here: they may just help you rethink your existing infrastructure anyway.
Chapter 11, Monitoring with Salt, explores many of the ways that Salt can be used to extend your own monitoring system and even bring its own monitoring tools to the party.
Chapter 12, Exploring Best Practices, helps you know how to most effectively use Salt in a way that will not only lead to easy management for you, but also for those who work with or follow you.
Chapter 13, Troubleshooting Problems, talks about some of the ways that things can go wrong in Salt and what to do when that happens.
What you need for this book
While this book covers a lot of ground, the focus is on Salt. It is recommended that you use the latest version of Salt available to you, though most of the information is also relevant to older versions.
A number of other products and services are mentioned in this book and its examples. While the examples will be useful with those products and services, they are designed to still be generic enough to demonstrate the intended information without requiring the purchase or installation of or subscription to third-party entities.
Any hardware or platform that can support Salt may be used for the examples in this book that pertain to minion operations. The Salt master is not yet supported in a Windows environment, so any master-oriented examples will require a Linux or Unix environment.
Who this book is for
This book is ideal for IT professionals and ops engineers who already manage groups of servers but would like to expand their knowledge and gain expertise with SaltStack. This book explains the advanced features and concepts of Salt. A basic knowledge of Salt is required in order to get to grips with advanced Salt features.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: Unix distributions will often use the /usr/local/etc/salt/ directory instead, while Windows uses the C:\salt\ directory .
A block of code is set as follows:
name: apache
os: RedHat, Debian, Ubuntu, Suse, FreeBSD
os_family: RedHat, Debian, Suse, FreeBSD
version: 201607
release: 1
minimum_version: 2015.8
top_level_dir: apache
summary: Formula for installing Apache
description: Formula for installing the Apache web server
optional: mod_perl
recommended: mod_ssl
Any command-line input or output is written as follows:
# mkdir -p /srv/salt/devenv/
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: On the main screen of the repository, you will see a button titled Clone or download.
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at copyright@packtpub.com with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at questions@packtpub.com, and we will do our best to address the problem.
Chapter 1. Essentials Revisited
Salt is a very powerful remote automation framework. Before we delve into the more advanced topics that this book covers, it would be wise to go back and review a few essentials. In this chapter, we will cover the following topics:
Using remote execution
Basic SLS file tree structure
Using states for configuration management
Basics of grains, pillars, and templates
This book assumes that you already have root access on a device with a common distribution of Linux installed. The machine used in the examples in this book is running Ubuntu 14.04, unless stated otherwise. Most examples should run on other major distributions, such as recent versions of Fedora, RHEL 5/6/7, Suse, or Arch Linux.
Executing commands remotely
The underlying architecture of Salt is based on the idea of executing commands remotely. This is not a new concept; all networking is designed around some aspect of remote execution. This could be as simple as asking a remote web server to display a static Web page, or as complex as using a shell session to interactively issue commands against a remote server.
Under the hood, Salt is a more complex example of remote execution. But whereas most Internet users are used to interacting with only one server at a time (so far as they are aware), Salt is designed to allow users to explicitly target and issue commands to multiple machines directly.
Master and minions
Salt is based around the idea of a master, which controls one or more minions. Commands are normally issued from the master to a target group of minions, which then execute the tasks specified in the commands and return any resulting data back to the master.
Targeting minions
The first facet of the salt command is targeting. A target must be specified with each execution, which matches one or more minions. By default, the type of target is a glob, which is the style of pattern matching used by many command shells. Other types of targeting are also available, by adding a flag. For instance, to target a group of machines inside a particular subnet, the -S option is used:
# salt -S 192.168.0.0/24 test.ping
The following are most of the available target types, along with some basic usage examples. Not all target types are covered here; Range, for example, extends beyond the scope of this book. However, the most common types are covered.
Glob
This is the default target type for Salt, so it does not have a command line option. The minion ID of one or more minions can be specified, using shell wildcards if desired.
When the salt command is issued from most command shells, wildcard characters must be protected from shell expansion:
# salt '*' test.ping # salt \* test.ping
When using Salt from an API or from other user interfaces, quoting and escaping wildcard characters is generally not required.
Perl Compatible Regular Expression (PCRE)
Short Option: -E
Long Option: --pcre
When more complex pattern matching is required, a Perl Compatible Regular Expression (PCRE) can be used. This type of targeting was added to the earliest versions of Salt, and was meant largely to be used inside shell scripts. However, its power can still be realized from the command line:
# salt -E '^[m|M]in.[e|o|u]n$' test.ping
List
Short Option: -L
Long Option: --list
This option allows multiple minions to be specified as a comma-separated list. The items in this list do not use pattern matching such as globbing or regular expressions; they must be declared explicitly:
# salt -L web1,web2,db1,proxy1 test.ping
Subnet
Short Option: -S
Long Option: --ipcidr
Minions may be targeted based on a specific IPv4 or an IPv4 subnet in CIDR notation:
# salt -S 192.168.0.42 test.ping # salt -S 192.168.0.0/16 test.ping
As of Salt version 2016.3, IPv6 addresses cannot be targeted by a specific command line option. However, there are other ways to target IPv6 addresses. One way is to use grain matching.
Grain
Short Version: -G
Long Version: --grain
Salt can target minions based on individual pieces of information that describe the machine. This can range from the OS to CPU architecture to custom information (covered in more detail later in this chapter). Because some network information is also available as grains, IP addresses can also be targeted this way.
Since grains are specified as key/value pairs, both the name of the key and the value must be specified. These are separated by a colon:
# salt -G 'os:Ubuntu' test.ping # salt -G 'os_family:Debian' test.ping
Some grains are returned in a multi-level dictionary. These can be accessed by separating each key of the dictionary with a colon:
# salt -G 'ip_interfaces:eth0:192.168.11.38'
Grains which contain colons may also be specified, though it may look strange. The following will match the local IPv6 address (::1). Note the number of colons used:
# salt -G 'ipv6:::1' test.ping
Grain PCRE
Short Version: (not available)
Long Version: --grain-pcre
Matching by grains can be powerful, but the ability to match by a more complex pattern is even more so.
# salt --grain-pcre 'os:red(hat|flag)' test.ping
Pillar
Short Option: -I
Long Option: --pillar
It is also possible to match based on pillar data. Pillars are described in more detail later in the chapter, but for now we can just think of them as variables that look like grains.
# salt -I 'my_var:my_val' test.ping
Compound
Short Option: -C
Long Option: --compound
Compound targets allow the user to specify multiple target types in a single command. By default, globs are used, but other target types may be specified by preceding the target with the corresponding letter followed by the @ sign:
The following command will target the minions that are running Ubuntu, have the role pillar set to web, and are in the 192.168.100.0/24 subnet.
# salt -C 'G@os:Ubuntu and I@role:web and S@192.168.100.0/24' test.ping
Boolean grammar may also be used to join target types, including and, or, and not operators.
# salt -C 'min* or *ion' test.ping # salt -C 'web* or *qa and G@os:Arch' test.ping
Nodegroup
Short Option: -N
Long Option: --nodegroup
While nodegroups are used internally in Salt (all targeting ultimately results in the creation of an on-the-fly nodegroup), it is much less common to explicitly use them from the command line. Node groups must be defined as a list of targets (using compound syntax) in the Salt master's configuration before they can be used from the command line. Such a configuration might look like the following:
nodegroups:
webdev: 'I@role:web and G@cluster:dev' webqa: 'I@role:web and
G@cluster:qa' webprod: 'I@role:web and G@cluster:prod'
Once a nodegroup is defined and the master configuration reloaded, it can be targeted from Salt:
# salt -N webdev test.ping
Using module functions
After a target is specified, a function must be declared. The preceding examples all use the test.ping function but, obviously, other functions are available. Functions are actually defined in two parts, separated by a period:
Inside a Salt command, these follow the target, but precede any arguments that might be added for the function:
salt
For instance, the following Salt command will ask all minions to return the text, Hello world
:
salt '*' test.echo 'Hello world'
A number of execution modules ship with the core Salt distribution, and it is possible to add more. Version 2016.3 of Salt ships with around 400 execution modules. Not all modules are available for every platform; in fact, by design, some modules will only be available to the user if they are able to detect the required underlying functionality.
For instance, all functions in