====== Salt ======
salt configuration python
===== Instalacion =====
==== Servidor ====
Instalacion normal:
sudo aptitude update; sudo aptitude install salt-master
Para tener la ultima version en ubuntu:
echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list
wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add -
sudo apt-get update
apt-get install salt-master
==== Cliente ====
Instalacion normal:
sudo aptitude update; sudo aptitude install salt-minion
Para tener la ultima version en ubuntu:
echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list
wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add -
sudo apt-get update
apt-get install salt-minion
==== (Cliente y servidor) Instalacion manual de zeromq ====
1. Instalar paquetes:
sudo aptitude install python-pip pkg-config python-dev
2. Instalar zeromq
2.1. Descargar:
sudo su
cd /usr/local
wget -c --tries=0 http://download.zeromq.org/zeromq-4.0.3.tar.gz
tar xvfz zeromq-4.0.3.tar.gz
2.2. Instalar:
./configure
make
sudo make install
3. Instalar libsodium
3.1. Descargar:
sudo su
cd /usr/local
wget -c --tries=0 https://download.libsodium.org/libsodium/releases/libsodium-0.4.5.tar.gz
tar xvfz libsodium-0.4.5
3.2. Instalar:
./configure
make
make check
sudo make install
sudo ldconfig
4. Instalar pyzmq
sudo pip install --upgrade pyzmq
===== Claves =====
==== Aceptar las claves del cliente ====
El cliente se tiene que registrar contra el servidor. Este proceso se realiza **una sola vez por cada cliente**:
1. (Cliente) Especificar el nombre del servidor. Editar:
sudo cp /etc/salt/minion /etc/salt/minion.bak; sudo vim /etc/salt/minion
Y anyadir la siguiente linea:
master: salt.example.com
2. (Servidor) Listar las peticiones de claves pendientes:
sudo salt-key -L
Unaccepted Keys:
client-1.example.com
Accepted Keys:
Rejected:
3. (Servidor) Aceptar una clave en particular:
sudo salt-key -a client.example.com
The following keys are going to be accepted:
Unaccepted Keys:
client.example.com
Proceed? [n/Y] Y
Key for minion client.example.com accepted.
4. (Servidor) Probar:
sudo salt '*' test.ping
client.example.com: True
==== Regenerar claves del cliente ====
Este procedimiento es util cuando por ejemplo se clona una Maquina Virtual y se quiere registrar el cliente contra el maestro.
1. (Cliente) para salt:
sudo service salt-minion stop
2. (Cliente) eliminar claves tanto propias como del servidor:
sudo rm -fr /etc/salt/pki/minion/*
3. (Cliente) ajustar el id de minion, por ejemplo especificando el mismo valor que el hostname:
sudo vim /etc/salt/minion_id
cliente-2.example.com
4. (Cliente) arrancar salt:
sudo service salt-minion start
5. (Servidor) ya deberia poder ver la nueva peticion:
sudo salt-key -L
Accepted Keys:
cliente.example.com
Unaccepted Keys:
cliente-2.example.com
Rejected Keys:
6. (Servidor) solo queda aceptar las claves:
sudo salt-key -a cliente-2.example.com
The following keys are going to be accepted:
Unaccepted Keys:
cliente-2.example.com
Proceed? [n/Y] Y
Key for minion cliente-2.example.com accepted
===== Configuracion =====
==== Servidor ====
sudo cp /etc/salt/master cp /etc/salt/master.bak; sudo vim /etc/salt/master
file_roots:
base:
- /etc/salt/states
renderer: py
log_level: debug
pillar_roots:
base:
- /etc/salt/pillar
Para ejecutar salt-master como usuario no-privilegiado:
1. Para salt:
sudo service salt-master stop
ps aux | grep salt
2. Cambiar permisos (en este caso yo uso '/etc/salt' para almacenar states, etc...):
sudo chown -R usuario:usuario /var/cache/salt /var/log/salt /etc/salt/pki /etc/salt
3. Reiniciar salt:
sudo service salt-master start
==== Cliente ====
sudo cp /etc/salt/minion cp /etc/salt/minion.bak; sudo vim /etc/salt/minion
master: salt.example.com
===== States =====
Son los modulos en los que se definen las acciones, mas o menos complejas, a realizar por parte de los clientes, o 'minions'.
Seria el equivalente a los modulos en puppet.
Ejemplo con python como parser (y la ruta ajustada en el archivo de configuracion, ver mas arriba):
/etc/salt/states/virt_what/init.sls
#!py
def run():
'''
Install the virt-what package
'''
return {'virt-what': {'pkg': ['installed']}}
Ejecucion:
sudo salt '*' state.sls virt_what
Salida (salt 0.17.4-1)
jamgo@salt-1:~$ sudo salt '*' state.sls virt_what
client.example.com:
----------
State: - pkg
Name: virt-what
Function: installed
Result: True
Comment: The following packages were installed/updated: virt-what.
Changes: virt-what: { new : 1.12-1
old :
}
Summary
------------
Succeeded: 1
Failed: 0
------------
Total: 1
===== Pillars =====
==== Ejemplo sencillo ====
(Salt < 0.16.2 usar 'pillar.data'):
sudo salt '*' pillar.items
Salida:
client.example.com:
----------
master:
----------
auth_mode:
1
auto_accept:
False
cachedir:
/var/cache/salt/master
client_acl:
----------
client_acl_blacklist:
----------
cluster_masters:
cluster_mode:
paranoid
conf_file:
/etc/salt/master
config_dir:
/etc/salt
cython_enable:
False
daemon:
False
default_include:
master.d/*.conf
enable_gpu_grains:
False
enforce_mine_cache:
False
environment:
None
ext_job_cache:
ext_pillar:
extension_modules:
/var/cache/salt/master/extmods
external_auth:
----------
external_nodes:
failhard:
False
file_buffer_size:
1048576
file_client:
local
file_ignore_glob:
None
file_ignore_regex:
None
file_recv:
False
file_roots:
----------
base:
- /etc/salt/states
fileserver_backend:
- roots
fileserver_limit_traversal:
False
gitfs_base:
master
gitfs_remotes:
gitfs_root:
hash_type:
md5
hgfs_branch_method:
branches
hgfs_remotes:
hgfs_root:
id:
client.example.com
interface:
0.0.0.0
ipv6:
False
job_cache:
True
keep_jobs:
24
key_logfile:
/var/log/salt/key
log_datefmt:
%H:%M:%S
log_datefmt_logfile:
%Y-%m-%d %H:%M:%S
log_file:
/var/log/salt/master
log_fmt_console:
[%(levelname)-8s] %(message)s
log_fmt_logfile:
%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s
log_granular_levels:
----------
log_level:
debug
loop_interval:
60
master_ext_job_cache:
master_roots:
----------
base:
- /srv/salt-master
master_tops:
----------
max_open_files:
100000
minion_data_cache:
True
nodegroups:
----------
open_mode:
False
order_masters:
False
outputter_dirs:
peer:
----------
permissive_pki_access:
False
pidfile:
/var/run/salt-master.pid
pillar_opts:
True
pillar_roots:
----------
base:
- /srv/pillar
pillar_version:
2
pki_dir:
/etc/salt/pki/master
pub_hwm:
1000
publish_port:
4505
publish_session:
86400
range_server:
range:80
reactor:
renderer:
py
ret_port:
4506
root_dir:
/
runner_dirs:
saltversion:
0.17.4
search:
search_index_interval:
3600
serial:
msgpack
sock_dir:
/var/run/salt/master
state_auto_order:
True
state_output:
full
state_top:
salt://top.sls
state_verbose:
True
syndic_master:
syndic_wait:
1
timeout:
5
token_dir:
/var/cache/salt/master/tokens
token_expire:
43200
user:
root
verify_env:
True
win_gitrepos:
- https://github.com/saltstack/salt-winrepo.git
win_repo:
/srv/salt/win/repo
win_repo_mastercachefile:
/srv/salt/win/repo/winrepo.p
worker_threads:
5
==== Especificar por minion id ====
/etc/salt/pillar/top.sls
base:
'*':
- users
'test-2.*':
- data
===== Grains =====
==== Listar ====
sudo salt '*' grains.ls
client.example.com:
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- defaultencoding
- defaultlanguage
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gpus
- host
- id
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- localhost
- lsb_distrib_codename
- lsb_distrib_description
- lsb_distrib_id
- lsb_distrib_release
- manufacturer
- master
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osrelease
- path
- productname
- ps
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- serialnumber
- server_id
- shell
- virtual
===== "pull" de configuracion por parte del cliente =====
http://docs.saltstack.com/topics/troubleshooting/index.html#using-salt-call
http://docs.saltstack.com/topics/tutorials/quickstart.html
http://docs.saltstack.com/topics/tutorials/standalone_minion.html
===== Enlaces =====
* Lista de state modules:
http://docs.saltstack.com/ref/states/all/
===== Errores =====
2014-01-03 22:25:05,116 [salt.master ][WARNING ] You have a version of ZMQ less than ZMQ 3.2! There are known connection keep-alive issues with ZMQ < 3.2 which may result in loss of contact with minions. Please upgrade your ZMQ!
**SOLUCION** seguir procedimiento [[salt#cliente_y_servidor_instalacion_manual_de_zeromq]]