After you think you have installed the master and minions, you must accept the minion keys. On master:
sudo salt '*' test.ping
or execute shell commands on multiple systems simultaneously with:
salt '*' cmd.run 'ls -l /etc'
Just as when we used ansible, we shouldn't use 'raw' shell commands for everything. Salt has many 'execution functions' that we should use:
Can target hosts by:
salt -G 'os:Ubuntu' test.ping
targets host running UbuntuA Top file describes where states should be applied (maybe analogous to ansible inventory file). States and top file work together.
Should be place in /srv/salt/top.sls
Create a top file like:
#top.sls
base:
'*':
- common
'ns*':
- nettools
sudo salt '*' state.apply
Defined using yaml (kind of analogous to playbooks)
apache: # ID declaration
pkg: # state declaration
- installed # function declaration
Two space indentation
#/srv/salt/examples.sls
install vim:
pkg.installed:
- name: vim
sudo salt 'ns1*' state.apply examples
remove vim:
pkg.removed:
- name: vim
These do the same thing:
/opt/another_new_directory:
file.directory:
- user: root
- group: root
- mode: 755
create my_new_directory:
file.directory:
- name: /opt/my_new_directory
- user: root
- group: root
- mode: 755
apache2:
pkg.installed
foo:
service.running:
- name: apache2
tom:
user.present:
- shell: /bin/bash
- home: /home/tom
- groups:
- sudo
pete:
user.absent
salt-run manage.up
salt-key -L
just listed keys that we had accepted or not, it doesn't show the state of our minions.Salt comes with an interface to derive information about the underlying system. This is called the grains interface, because it presents salt with grains of information. Grains are collected for the operating system, domain name, IP address, kernel, OS type, memory, and many other system properties.
salt '*' grains.ls
#lists grains availablesalt '*' grains.items
#shows the actual datasalt -G 'os:Ubuntu' test.ping
#targets host running Ubuntusalt '*' grains.item zmqversion
#shows just this grain detailcan create custom grains (have to configure on each minion)
Pillar is an interface for Salt designed to offer global values that can be distributed to minions. (Similar to grains, but configured on the server)
See the link here
Created in /srv/pillar
#core.sls
foo: bar
users:
- larry
- moe
- curly
some_more_data: data
Also created in /srv/pillar/top.sls
base:
'*':
- core
View variables with sudo salt '*' pillar.items
Created in /srv/salt
#make_users.sls
{% for user in pillar['users'] %}
add_{{ user }}:
user.present:
- name: {{ user }}
{% endfor %}
or
{% for user in pillar['users'] %}
{{ user }}:
user.present
{% endfor %}
You can see your rendered jinja by doing:
sudo salt 'minion-2' state.show_sls make_users
Won't actually execute it
If you are getting the following error:
You may be able to solve it by doing a sudo pip install --upgrade pyOpenSSL
Sometimes we may want to make sure a certain state exists before applying another one.
apache:
pkg.installed: []
service.running:
- require:
- pkg: apache
/var/www/index.html: # ID declaration
file: # state declaration
- managed # function
- source: salt://webserver/index.html # function arg
- require: # requisite declaration
- pkg: apache # requisite reference
Not every state supports watch
. If the file we are watching changes, we will restart the service below.
/etc/httpd/extra/httpd-vhosts.conf:
file.managed:
- source: salt://webserver/httpd-vhosts.conf
apache:
pkg.installed: []
service.running:
- watch:
- file: /etc/httpd/extra/httpd-vhosts.conf
- require:
- pkg: apache
SLS modules may require programming logic or inline execution. This is accomplished with module templating. The default module templating system used is Jinja2.
{% for usr in ['moe','larry','curly'] %}
{{ usr }}:
user.present
{% endfor %}
Would generate:
moe:
user.present
larry:
user.present
curly:
user.present
Example with salt grains;
apache:
pkg.installed:
{{% if grains['os'] == 'RedHat' %}}
- name: httpd
{{% elif grains['os'] == 'Ubuntu' %}}
- name: apache2
{{% endif %}}