saltstack¶
"Software to automate the management and configuration of any infrastructure or application at scale." - http://github.com/saltstack/salt
- https://github.com/saltstack/salt
- https://docs.saltstack.com/en/latest/topics/tutorials
- https://docs.saltstack.com/en/latest/topics/development/index.html
Design characteristics¶
Common commands¶
All salt* commands require root access, so use sudo or log in as root.
salt: Salt allows for commands to be executed across a swath of remote systems in parallel. This means that remote systems can be both controlled and queried with ease.salt-call: The salt-call command is used to run module functions locally on a minion instead of executing them from the master. Salt-call is used to run a Standalone Minion, and was originally created for troubleshooting.salt-cloud: Salt Cloud is the system used to provision virtual machines on various public clouds via a cleanly controlled profile and mapping system.salt-cp: Salt copy copies a local file out to all of the Salt minions matched by the given target.salt-key: Salt-key executes simple management of Salt server public keys used for authentication.salt-minion: The Salt minion daemon, receives commands from a remote Salt master.salt-run: salt-run is the frontend command for executing Salt Runners. Salt runners are simple modules used to execute convenience functions on the master.salt-ssh: Salt SSH allows for salt routines to be executed using only SSH for transport.
State files¶
These are desired state files, not the view of the current state. These are where you describe how you want the system to be
Grains¶
Facts about a system. Similar to facter in puppet land.
Pillar¶
Hierarchical data to be interpolated into variables in state files. Similar to hiera in puppet land.
Examples¶
Configure output options¶
Unfortunately this only applies to the salt command, not salt-run, salt-key, etc..
View salt versions¶
For simple salt version:
For more specific versions:
Show all minions¶
Show all responding minions¶
Show all minions, listed by hostst that are up and hosts that are down¶
Example output:
Show any host that has had salt applied at some point¶
This shows only accepted keys. Without the jq part, rejected and denied keys would also show up in this list.
Accept a key that has not yet been accepted¶
After finding the hostname in the Unaccepted list returned by salt-key:
Show the version of an installed package on all hosts¶
Targeting hosts¶
Target using globs¶
Target using regular expressions¶
Target an IP subnet¶
Target a specific OS¶
https://docs.saltstack.com/en/latest/topics/targeting/compound.html
Run a command on a subset of hosts¶
Check ntp stats on hadoop hosts.
Many more complicated examples of remote command execution: https://docs.saltstack.com/en/latest/topics/execution/remote_execution.html
Show IP addresses¶
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html
Show available grains¶
This just lists the grain keys, not the values
Show grain data for a subset of hosts¶
This lists the keys and values
Show one grain for a subset of hosts¶
or...
Look up grain data while logged into a minion¶
While logged into a minion, you can view what pillar data would be applied:
Append a username to the accounts grain and apply the users saltstate¶
salt '*searchstring*' grains.append accounts user-to-add
salt '*searchstring*' state.sls users
salt '*searchstring*' user.list_users --out yaml > list_users.yaml
Or as a function to run locally