====== Salt ====== salt configuration python ===== Instalacion ===== ==== Servidor ==== Instalacion normal: sudo aptitude update; sudo aptitude install salt-master Para tener la ultima version en ubuntu: echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add - sudo apt-get update apt-get install salt-master ==== Cliente ==== Instalacion normal: sudo aptitude update; sudo aptitude install salt-minion Para tener la ultima version en ubuntu: echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add - sudo apt-get update apt-get install salt-minion ==== (Cliente y servidor) Instalacion manual de zeromq ==== 1. Instalar paquetes: sudo aptitude install python-pip pkg-config python-dev 2. Instalar zeromq 2.1. Descargar: sudo su cd /usr/local wget -c --tries=0 http://download.zeromq.org/zeromq-4.0.3.tar.gz tar xvfz zeromq-4.0.3.tar.gz 2.2. Instalar: ./configure make sudo make install 3. Instalar libsodium 3.1. Descargar: sudo su cd /usr/local wget -c --tries=0 https://download.libsodium.org/libsodium/releases/libsodium-0.4.5.tar.gz tar xvfz libsodium-0.4.5 3.2. Instalar: ./configure make make check sudo make install sudo ldconfig 4. Instalar pyzmq sudo pip install --upgrade pyzmq ===== Claves ===== ==== Aceptar las claves del cliente ==== El cliente se tiene que registrar contra el servidor. Este proceso se realiza **una sola vez por cada cliente**: 1. (Cliente) Especificar el nombre del servidor. Editar: sudo cp /etc/salt/minion /etc/salt/minion.bak; sudo vim /etc/salt/minion Y anyadir la siguiente linea: master: salt.example.com 2. (Servidor) Listar las peticiones de claves pendientes: sudo salt-key -L Unaccepted Keys: client-1.example.com Accepted Keys: Rejected: 3. (Servidor) Aceptar una clave en particular: sudo salt-key -a client.example.com The following keys are going to be accepted: Unaccepted Keys: client.example.com Proceed? [n/Y] Y Key for minion client.example.com accepted. 4. (Servidor) Probar: sudo salt '*' test.ping client.example.com: True ==== Regenerar claves del cliente ==== Este procedimiento es util cuando por ejemplo se clona una Maquina Virtual y se quiere registrar el cliente contra el maestro. 1. (Cliente) para salt: sudo service salt-minion stop 2. (Cliente) eliminar claves tanto propias como del servidor: sudo rm -fr /etc/salt/pki/minion/* 3. (Cliente) ajustar el id de minion, por ejemplo especificando el mismo valor que el hostname: sudo vim /etc/salt/minion_id cliente-2.example.com 4. (Cliente) arrancar salt: sudo service salt-minion start 5. (Servidor) ya deberia poder ver la nueva peticion: sudo salt-key -L Accepted Keys: cliente.example.com Unaccepted Keys: cliente-2.example.com Rejected Keys: 6. (Servidor) solo queda aceptar las claves: sudo salt-key -a cliente-2.example.com The following keys are going to be accepted: Unaccepted Keys: cliente-2.example.com Proceed? [n/Y] Y Key for minion cliente-2.example.com accepted ===== Configuracion ===== ==== Servidor ==== sudo cp /etc/salt/master cp /etc/salt/master.bak; sudo vim /etc/salt/master file_roots: base: - /etc/salt/states renderer: py log_level: debug pillar_roots: base: - /etc/salt/pillar Para ejecutar salt-master como usuario no-privilegiado: 1. Para salt: sudo service salt-master stop ps aux | grep salt 2. Cambiar permisos (en este caso yo uso '/etc/salt' para almacenar states, etc...): sudo chown -R usuario:usuario /var/cache/salt /var/log/salt /etc/salt/pki /etc/salt 3. Reiniciar salt: sudo service salt-master start ==== Cliente ==== sudo cp /etc/salt/minion cp /etc/salt/minion.bak; sudo vim /etc/salt/minion master: salt.example.com ===== States ===== Son los modulos en los que se definen las acciones, mas o menos complejas, a realizar por parte de los clientes, o 'minions'. Seria el equivalente a los modulos en puppet. Ejemplo con python como parser (y la ruta ajustada en el archivo de configuracion, ver mas arriba): /etc/salt/states/virt_what/init.sls #!py def run(): ''' Install the virt-what package ''' return {'virt-what': {'pkg': ['installed']}} Ejecucion: sudo salt '*' state.sls virt_what Salida (salt 0.17.4-1) jamgo@salt-1:~$ sudo salt '*' state.sls virt_what client.example.com: ---------- State: - pkg Name: virt-what Function: installed Result: True Comment: The following packages were installed/updated: virt-what. Changes: virt-what: { new : 1.12-1 old : } Summary ------------ Succeeded: 1 Failed: 0 ------------ Total: 1 ===== Pillars ===== ==== Ejemplo sencillo ==== (Salt < 0.16.2 usar 'pillar.data'): sudo salt '*' pillar.items Salida: client.example.com: ---------- master: ---------- auth_mode: 1 auto_accept: False cachedir: /var/cache/salt/master client_acl: ---------- client_acl_blacklist: ---------- cluster_masters: cluster_mode: paranoid conf_file: /etc/salt/master config_dir: /etc/salt cython_enable: False daemon: False default_include: master.d/*.conf enable_gpu_grains: False enforce_mine_cache: False environment: None ext_job_cache: ext_pillar: extension_modules: /var/cache/salt/master/extmods external_auth: ---------- external_nodes: failhard: False file_buffer_size: 1048576 file_client: local file_ignore_glob: None file_ignore_regex: None file_recv: False file_roots: ---------- base: - /etc/salt/states fileserver_backend: - roots fileserver_limit_traversal: False gitfs_base: master gitfs_remotes: gitfs_root: hash_type: md5 hgfs_branch_method: branches hgfs_remotes: hgfs_root: id: client.example.com interface: 0.0.0.0 ipv6: False job_cache: True keep_jobs: 24 key_logfile: /var/log/salt/key log_datefmt: %H:%M:%S log_datefmt_logfile: %Y-%m-%d %H:%M:%S log_file: /var/log/salt/master log_fmt_console: [%(levelname)-8s] %(message)s log_fmt_logfile: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s log_granular_levels: ---------- log_level: debug loop_interval: 60 master_ext_job_cache: master_roots: ---------- base: - /srv/salt-master master_tops: ---------- max_open_files: 100000 minion_data_cache: True nodegroups: ---------- open_mode: False order_masters: False outputter_dirs: peer: ---------- permissive_pki_access: False pidfile: /var/run/salt-master.pid pillar_opts: True pillar_roots: ---------- base: - /srv/pillar pillar_version: 2 pki_dir: /etc/salt/pki/master pub_hwm: 1000 publish_port: 4505 publish_session: 86400 range_server: range:80 reactor: renderer: py ret_port: 4506 root_dir: / runner_dirs: saltversion: 0.17.4 search: search_index_interval: 3600 serial: msgpack sock_dir: /var/run/salt/master state_auto_order: True state_output: full state_top: salt://top.sls state_verbose: True syndic_master: syndic_wait: 1 timeout: 5 token_dir: /var/cache/salt/master/tokens token_expire: 43200 user: root verify_env: True win_gitrepos: - https://github.com/saltstack/salt-winrepo.git win_repo: /srv/salt/win/repo win_repo_mastercachefile: /srv/salt/win/repo/winrepo.p worker_threads: 5 ==== Especificar por minion id ==== /etc/salt/pillar/top.sls base: '*': - users 'test-2.*': - data ===== Grains ===== ==== Listar ==== sudo salt '*' grains.ls client.example.com: - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - defaultencoding - defaultlanguage - domain - fqdn - fqdn_ip4 - fqdn_ip6 - gpus - host - id - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - localhost - lsb_distrib_codename - lsb_distrib_description - lsb_distrib_id - lsb_distrib_release - manufacturer - master - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osrelease - path - productname - ps - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - serialnumber - server_id - shell - virtual ===== "pull" de configuracion por parte del cliente ===== http://docs.saltstack.com/topics/troubleshooting/index.html#using-salt-call http://docs.saltstack.com/topics/tutorials/quickstart.html http://docs.saltstack.com/topics/tutorials/standalone_minion.html ===== Enlaces ===== * Lista de state modules: http://docs.saltstack.com/ref/states/all/ ===== Errores ===== 2014-01-03 22:25:05,116 [salt.master ][WARNING ] You have a version of ZMQ less than ZMQ 3.2! There are known connection keep-alive issues with ZMQ < 3.2 which may result in loss of contact with minions. Please upgrade your ZMQ! **SOLUCION** seguir procedimiento [[salt#cliente_y_servidor_instalacion_manual_de_zeromq]]