Hello Salt!

03 Nov 2020 - Pentti

Purpose of this assignment was to install Salt and run simple commands from master to minion(s). For creating minions I used vagrant which helps to create multiple VM instances with straight forward commands.

As a starting point I had fresh installation of virtualized Ubuntu 20.04 Server installed on top of my Windows 10 OS.

Initialization

To get started, I had to install Salt first, but I noticed that Salt wasn’t included in the packages provided by Ubuntu 20.04. For that reason I had to navigate myself to SaltStack instuctions and use following commands to be able to use the repository:

$ wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -<br>
$ echo 'deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main' > /etc/apt/sources.list.d/saltstack.list

After that I just had to update packages and install Salt-master

$ sudo apt update -y  
$ sudo apt install salt-master

Setting up a minion

For creating minion(s) I used Vagrant. At first I tested Salt with only one minion. For setting up Vagrant I used following commands:

$ sudo apt install vagrant  
$ vagrant init ubuntu/trusty32  
$ vagrant up
...
$vagrant ssh

At this point I ran into problems when I wanted to test my connection to the master vm. I could ping my host, but Salt couldn’t establish connect to the master host. After debugging the problem I came to conclusion that I needed to add a host-only adapter for my host VM. However it wasn’t as simple as thought and it took some more googling to find out that the second adapter is not configured by default.

By using command

$ ifconfig -a

I was able to see that there was interface called enp0s8 without associated IP address.

To associate the IP address I was required active the second adapter on the host computer by adding following lines to end of
/etc/network/interfaces file:

auto enp0s8  
iface enp0s8 inet static  
address 192.168.56.10  
netmask 255.255.255.0

To the modifications take place, I had to restart the adapter and for that user ifupdown. Another solution would have been restarting the VM.

$ sudo apt-get install ifupdown  
$ sudo ifup enp0s8

Now I could see that there is the IP assigned for the required adapter enp0s8.

$ ip -h addr
...
inet 192.168.56.10/24 brd 192.168.56.255 scope global enp0s8

At this point, next step for me was to boot a vagrant instance and initiate connection via ssh

$ vagrant up  
$ vagrant ssh

Before anything, I wanted to be sure that the connection to the master really works. For that I used netcat

$ nc -vz 192.168.56.10 4505  
Connection to 192.168.56.10 4505 port \[tcp/\*\] succeeded!

And now I could finally update the system and install salt-minion

$ sudo apt-get update  
$ sudo apt-get install salt-minion  

To confirm salt-minion is succesfully running without errors, I checked it’s status:

$ sudo systemctl status salt-minion
...
Active: active (running) since Thu 2020-11-05 15:54:33 UTC; 11s ago

Now on the master I was be able to see unaccepted key in the salt-key list

$ sudo salt-key  
...
Unaccepted Keys:
slave_vagrant

Before accepting the key, and as stated in the SaltStack documentation, keys should be verified. To verify keys I used commands:

on master

pena@webserver:~$ sudo salt-key -F
Local Keys:
...
Unaccepted Keys:
slave_vagrant:  b6:c7:a3:12:eb:ce:00:d2:74:74:2f:ed:3e:af:b8:33:b1:a7:63:09:29:40:52:de:5b:94:e8:e4:2a:f3:47:35

on minion

$ sudo salt-call key.finger --local
local:
b6:c7:a3:12:eb:ce:00:d2:74:74:2f:ed:3e:af:b8:33:b1:a7:63:09:29:40:52:de:5b:94:e8:e4:2a:f3:47:35

Now that I had confirmed that the fingers match, I accepted the key:

$ sudo salt-key -A
...
$ sudo salt-key
Accepted Keys:
slave_vagrant

Testing very basic Salt commands

Now that I had working Salt connection and accepted key I was ready to start excuting commands:

I started with basic command cmd.run pwd:

$ sudo salt '*' cmd.run 'pwd'
     slave_vagrant:  
         /root

Another command I tried out was grains.get

$ sudo salt '*' cmd.run grains.get os  
     slave_vagrant:
         Ubuntu

Salt states

After I had confirmed that salt commands work, it was time to move using Salt states. Firstly I wanted to create simple hello world example. To get started I created hello folder to /srv/salt

$ sudo -p mkdir /srv/salt/hello

and created init.sls and helloworld.txt files with following content:

init.sls

     /tmp/helloworld.txt:  
       file.managed:  
         -  source: salt://hello/helloworld.txt

helloworld.txt

Hello World!

To test this in action, I executed command:

$ sudo salt '*' state.apply hello

with following result:

master

...
ID: checkvimrepo
Function: file.managed
Result: True
Comment: File /tmp/helloworld.txt updated
...
         diff:
             New file
         mode:
             0644

Summary for slave_vagrant
------------
Succeeded: 1 (changed=1)
Failed:    0

slave

$ cat /tmp/helloworld.txt
Hello world!

Multiple slaves with vagrant

To succesfully set up multiple VMs wasn’t as simple as I would have tought, but eventually after couple hours of trial and error I was able to come up with a configuration which updates the system, installs salt-minion, adds master ip and generated id to the minion configuration and restarts the minion afterwards.

Vagrant.configure("2") do |config|

(1..5).each do |i|
    config.vm.define "slave#{i}" do |slave|
      slave.vm.box = "bento/ubuntu-16.04"
      slave.vm.hostname = "slave#{i}"
    end
  end

  config.vm.provision "shell", inline: <<-SHELL
    apt-get purge man-db -y
    apt-get update -y
    apt-get install salt-minion -y
    echo -e "master: 192.168.56.10\nid: slave$(echo ${RANDOM} | md5sum | cut -c-8) \nhash_type: sha256" > /etc/salt/minion
    systemctl restart salt-minion
  SHELL

end

After launching all the VMs I could see that there are 5 unaccepted keys waiting on the master computer:

$ sudo salt-key 
...
Unaccepted Keys:
slave41348277  
slave68cdb73c
slave15d5673
slaveea3e5107
slaveeb7dac6f

After accepting the keys I was able to test the state I created earlier:

$ sudo salt '*' state.apply hello

and test that it worked correctly

$ sudo salt '*' cmd.run 'cat /tmp/helloworld.txt'
slave41348277:
    Hello World!  
slave68cdb73c
    Hello World! 
slave15d5673
    Hello World! 
slaveea3e5107
    Hello World! 
slaveeb7dac6f

Everything works as intented!