Table of Contents
Salt
salt configuration python
Instalacion
Servidor
Instalacion normal:
sudo aptitude update; sudo aptitude install salt-master
Para tener la ultima version en ubuntu:
echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add - sudo apt-get update apt-get install salt-master
Cliente
Instalacion normal:
sudo aptitude update; sudo aptitude install salt-minion
Para tener la ultima version en ubuntu:
echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add - sudo apt-get update apt-get install salt-minion
(Cliente y servidor) Instalacion manual de zeromq
1. Instalar paquetes:
sudo aptitude install python-pip pkg-config python-dev
2. Instalar zeromq
2.1. Descargar:
sudo su cd /usr/local wget -c --tries=0 http://download.zeromq.org/zeromq-4.0.3.tar.gz tar xvfz zeromq-4.0.3.tar.gz
2.2. Instalar:
./configure make sudo make install
3. Instalar libsodium
3.1. Descargar:
sudo su cd /usr/local wget -c --tries=0 https://download.libsodium.org/libsodium/releases/libsodium-0.4.5.tar.gz tar xvfz libsodium-0.4.5
3.2. Instalar:
./configure make make check sudo make install sudo ldconfig
4. Instalar pyzmq
sudo pip install --upgrade pyzmq
Claves
Aceptar las claves del cliente
El cliente se tiene que registrar contra el servidor. Este proceso se realiza una sola vez por cada cliente:
1. (Cliente) Especificar el nombre del servidor. Editar:
sudo cp /etc/salt/minion /etc/salt/minion.bak; sudo vim /etc/salt/minion
Y anyadir la siguiente linea:
master: salt.example.com
2. (Servidor) Listar las peticiones de claves pendientes:
sudo salt-key -L
Unaccepted Keys: client-1.example.com Accepted Keys: Rejected:
3. (Servidor) Aceptar una clave en particular:
sudo salt-key -a client.example.com
The following keys are going to be accepted: Unaccepted Keys: client.example.com Proceed? [n/Y] Y Key for minion client.example.com accepted.
4. (Servidor) Probar:
sudo salt '*' test.ping
client.example.com: True
Regenerar claves del cliente
Este procedimiento es util cuando por ejemplo se clona una Maquina Virtual y se quiere registrar el cliente contra el maestro.
1. (Cliente) para salt:
sudo service salt-minion stop
2. (Cliente) eliminar claves tanto propias como del servidor:
sudo rm -fr /etc/salt/pki/minion/*
3. (Cliente) ajustar el id de minion, por ejemplo especificando el mismo valor que el hostname:
sudo vim /etc/salt/minion_id
cliente-2.example.com
4. (Cliente) arrancar salt:
sudo service salt-minion start
5. (Servidor) ya deberia poder ver la nueva peticion:
sudo salt-key -L
Accepted Keys: cliente.example.com Unaccepted Keys: cliente-2.example.com Rejected Keys:
6. (Servidor) solo queda aceptar las claves:
sudo salt-key -a cliente-2.example.com
The following keys are going to be accepted: Unaccepted Keys: cliente-2.example.com Proceed? [n/Y] Y Key for minion cliente-2.example.com accepted
Configuracion
Servidor
sudo cp /etc/salt/master cp /etc/salt/master.bak; sudo vim /etc/salt/master
file_roots: base: - /etc/salt/states renderer: py log_level: debug pillar_roots: base: - /etc/salt/pillar
Para ejecutar salt-master como usuario no-privilegiado:
1. Para salt:
sudo service salt-master stop ps aux | grep salt
2. Cambiar permisos (en este caso yo uso '/etc/salt' para almacenar states, etc…):
sudo chown -R usuario:usuario /var/cache/salt /var/log/salt /etc/salt/pki /etc/salt
3. Reiniciar salt:
sudo service salt-master start
Cliente
sudo cp /etc/salt/minion cp /etc/salt/minion.bak; sudo vim /etc/salt/minion
master: salt.example.com
States
Son los modulos en los que se definen las acciones, mas o menos complejas, a realizar por parte de los clientes, o 'minions'. Seria el equivalente a los modulos en puppet.
Ejemplo con python como parser (y la ruta ajustada en el archivo de configuracion, ver mas arriba):
/etc/salt/states/virt_what/init.sls
#!py def run(): ''' Install the virt-what package ''' return {'virt-what': {'pkg': ['installed']}}
Ejecucion:
sudo salt '*' state.sls virt_what
Salida (salt 0.17.4-1)
jamgo@salt-1:~$ sudo salt '*' state.sls virt_what client.example.com: ---------- State: - pkg Name: virt-what Function: installed Result: True Comment: The following packages were installed/updated: virt-what. Changes: virt-what: { new : 1.12-1 old : } Summary ------------ Succeeded: 1 Failed: 0 ------------ Total: 1
Pillars
Ejemplo sencillo
(Salt < 0.16.2 usar 'pillar.data'):
sudo salt '*' pillar.items
Salida:
client.example.com: ---------- master: ---------- auth_mode: 1 auto_accept: False cachedir: /var/cache/salt/master client_acl: ---------- client_acl_blacklist: ---------- cluster_masters: cluster_mode: paranoid conf_file: /etc/salt/master config_dir: /etc/salt cython_enable: False daemon: False default_include: master.d/*.conf enable_gpu_grains: False enforce_mine_cache: False environment: None ext_job_cache: ext_pillar: extension_modules: /var/cache/salt/master/extmods external_auth: ---------- external_nodes: failhard: False file_buffer_size: 1048576 file_client: local file_ignore_glob: None file_ignore_regex: None file_recv: False file_roots: ---------- base: - /etc/salt/states fileserver_backend: - roots fileserver_limit_traversal: False gitfs_base: master gitfs_remotes: gitfs_root: hash_type: md5 hgfs_branch_method: branches hgfs_remotes: hgfs_root: id: client.example.com interface: 0.0.0.0 ipv6: False job_cache: True keep_jobs: 24 key_logfile: /var/log/salt/key log_datefmt: %H:%M:%S log_datefmt_logfile: %Y-%m-%d %H:%M:%S log_file: /var/log/salt/master log_fmt_console: [%(levelname)-8s] %(message)s log_fmt_logfile: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s log_granular_levels: ---------- log_level: debug loop_interval: 60 master_ext_job_cache: master_roots: ---------- base: - /srv/salt-master master_tops: ---------- max_open_files: 100000 minion_data_cache: True nodegroups: ---------- open_mode: False order_masters: False outputter_dirs: peer: ---------- permissive_pki_access: False pidfile: /var/run/salt-master.pid pillar_opts: True pillar_roots: ---------- base: - /srv/pillar pillar_version: 2 pki_dir: /etc/salt/pki/master pub_hwm: 1000 publish_port: 4505 publish_session: 86400 range_server: range:80 reactor: renderer: py ret_port: 4506 root_dir: / runner_dirs: saltversion: 0.17.4 search: search_index_interval: 3600 serial: msgpack sock_dir: /var/run/salt/master state_auto_order: True state_output: full state_top: salt://top.sls state_verbose: True syndic_master: syndic_wait: 1 timeout: 5 token_dir: /var/cache/salt/master/tokens token_expire: 43200 user: root verify_env: True win_gitrepos: - https://github.com/saltstack/salt-winrepo.git win_repo: /srv/salt/win/repo win_repo_mastercachefile: /srv/salt/win/repo/winrepo.p worker_threads: 5
Especificar por minion id
/etc/salt/pillar/top.sls
base: '*': - users 'test-2.*': - data
Grains
Listar
sudo salt '*' grains.ls
client.example.com: - biosreleasedate - biosversion - cpu_flags - cpu_model - cpuarch - defaultencoding - defaultlanguage - domain - fqdn - fqdn_ip4 - fqdn_ip6 - gpus - host - id - ip_interfaces - ipv4 - ipv6 - kernel - kernelrelease - localhost - lsb_distrib_codename - lsb_distrib_description - lsb_distrib_id - lsb_distrib_release - manufacturer - master - mem_total - nodename - num_cpus - num_gpus - os - os_family - osarch - oscodename - osfinger - osfullname - osrelease - path - productname - ps - pythonpath - pythonversion - saltpath - saltversion - saltversioninfo - serialnumber - server_id - shell - virtual
"pull" de configuracion por parte del cliente
http://docs.saltstack.com/topics/troubleshooting/index.html#using-salt-call
http://docs.saltstack.com/topics/tutorials/quickstart.html
http://docs.saltstack.com/topics/tutorials/standalone_minion.html
Enlaces
- Lista de state modules:
Errores
2014-01-03 22:25:05,116 [salt.master ][WARNING ] You have a version of ZMQ less than ZMQ 3.2! There are known connection keep-alive issues with ZMQ < 3.2 which may result in loss of contact with minions. Please upgrade your ZMQ!
SOLUCION seguir procedimiento cliente_y_servidor_instalacion_manual_de_zeromq