view · edit · history · print

SaltStack

CentOS 6.2

Saltstack is a framework to remotely manage up to 10000 systems on 1 master node. Salt now also has some cloud capabilities that complement other cloud solutions. The underlying technology is freaking awesome (zeromq)! Salt is modular, and can do MUCH more than just remote commands: the included Augeas configuration editing API tool allows VERY granular control over configuration files, there are modules for many different tasks (what about changing/adding a crontab on all servers?), it can also do Windows too  and you can write your own modules.

Is this a good tool? Well, they must be doing something right if Amazon and LinkedIn are relying on this! 

[root@sapocvm1 bin]# cat myproxy 
echo "Run this script sourced from the current shell!"
echo ". ./proxy.sh"
echo "press enter to continue or ctrl-c to abort"
read
echo -n "proxy username: "
read US
echo -n "proxy passdw: "
read PW
export http_proxy=http://${US}:${PW}@httppx.company.com:8080
export https_proxy=http://${US}:${PW}@httppx.company.com:8080
export ftp_proxy=http://${US}:${PW}@ftppx.company.com:21

[root@sapocvm1 etc]# yum-debug-dump
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
 * base: centos.uib.no
 * extras: centos.vianett.no
 * updates: centos.uib.no
Output written to: /etc/yum_debug_dump-sapocvm1-2013-12-12_11:54:45.txt.gz
...
yum-debug-dump version 1
%%%%SYSTEM INFO
  uname: 2.6.32-220.el6.x86_64, x86_64
  rpm ver: RPM version 4.8.0
  python ver: 2.6.6 (r266:84292, Dec  7 2011, 20:48:22) [GCC 4.4.6 20110731 (Red Hat 4.4.6-3)]
%%%%YUM INFO
  arch: ia32e
  basearch: x86_64
  releasever: 6
  yum ver: 3.2.29
  enabled plugins: refresh-packagekit,fastestmirror
  global excludes: 
%%%%RPMDB PROBLEMS
...

# example of installing the master
[root@sapocvm1 etc]# rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@sapocvm1 bin]# yum install salt-master
[root@sapocvm1 salt]# service salt-master restart
# at this stage you could already use the slow and error-prone ssh method…
[root@sapocvm1 salt]# salt-ssh '*' -r 'uname -r'
10.97.173.161:
    2.6.32-279.19.1.el6.x86_64
10.97.173.160:
    2.6.32-279.19.1.el6.x86_64
# but wait…

# when you install the agent: speed - and possibilities - are endless!
[root@sapocvm2 etc]# rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@sapocvm2 bin]# yum install salt-minion
[root@sapocvm2 bin]# echo “master: sapocvm1” >> /etc/salt/minion
[root@sapocvm2 salt]# service salt-minion restart
[root@sapocvm1 var]# salt-key -A
[root@sapocvm1 salt]# salt '*' cmd.run 'uname -r'
sapocvm3:
    2.6.32-220.el6.x86_64
sapocvm2:
    2.6.32-220.el6.x86_64

Random commands

[root@sapocvm1 ]# salt-key --list-all
Accepted Keys:
sapocvm2
sapocvm3
Unaccepted Keys:
Rejected Keys:

[root@sapocvm1 salt]# salt '*' test.ping

[root@sapocvm1 salt]# salt-run jobs.list_jobs

[root@sapocvm1 salt]# salt -v 'sapocvm2' test.ping
Executing job with jid 20140427201556293568
-------------------------------------------
sapocvm2:
    Minion did not return

[root@sapocvm1 salt]# salt '*' cmd.run 'echo "$(hostname):: $(df -Ph /var|tail -n1)"'
sapocvm2:
    sapocvm2:: /dev/sda1        52G  3.2G   49G   7% /
sapocvm3:
    sapocvm3:: /dev/sda1        52G  3.2G   49G   7% /

[root@sapocvm1 salt]# salt '*' puppet.fact kernel
sapocvm3:
    Linux
sapocvm2:
    Linux

[root@sapocvm1 salt]# salt '*' puppet.facts
sapocvm2:
    ----------
    architecture:
        x86_64
    augeasversion:
        1.0.0
    boardmanufacturer:
        Intel Corporation
    boardproductname:
        440BX Desktop Reference Platform
etc...

[root@sapocvm1 salt]# salt '*' cmd.run 'mount' --out=txt
sapocvm2: /dev/sda1 on / type ext4 (rw)
sapocvm2: proc on /proc type proc (rw)
...
sapocvm2: sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
sapocvm3: /dev/sda1 on / type ext4 (rw)
sapocvm3: proc on /proc type proc (rw)
...

[root@sapocvm1 salt]# echo "hello" > /tmp/salttestfile
[root@sapocvm1 salt]# salt-cp '*' /tmp/salttestfile /tmp/salttestfile
{'sapocvm2': {'/tmp/salttestfile': True},
 'sapocvm3': {'/tmp/salttestfile': True}}
[root@sapocvm1 salt]# salt '*' cmd.run 'ls -ld /tmp/salttestfile'
sapocvm2:
    -rw-r--r--. 1 root root 0 Apr 27 21:17 /tmp/salttestfile
sapocvm3:
    -rw-r--r--. 1 root root 0 Apr 27 21:17 /tmp/salttestfile
# vi /etc/salt/master, add "file_recv: True", restart master service.
# PS: this does NOT work on empty files!!
[root@sapocvm1 salt]# salt '*' cp.push /tmp/salttestfile
...
[root@sapocvm1 salt]# find /var/cache/salt/master/minions/*/files/ -type f
/var/cache/salt/master/minions/sapocvm2/files/tmp/salttestfile
/var/cache/salt/master/minions/sapocvm2/files/etc/fstab
/var/cache/salt/master/minions/sapocvm3/files/tmp/salttestfile
/var/cache/salt/master/minions/sapocvm3/files/etc/fstab

[root@sapocvm1 salt]# salt '*' grains.items
sapocvm3:
  biosreleasedate: 07/02/2012
  biosversion: 6.00
  cpu_model: Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz
  cpuarch: x86_64
  defaultencoding: UTF8
...
[root@sapocvm1 salt]# salt '*' grains.item cpu_model num_cpus --out=txt
sapocvm3: {'num_cpus': 1, 'cpu_model': 'Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz'}
sapocvm2: {'num_cpus': 1, 'cpu_model': 'Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz'}

[root@sapocvm1 salt]# salt '*' sys.doc cmd.run
...

References

more shelling out...

[root@sapocvm1 salt]# salt '*' cmd.exec_code python 'import sys; print sys.version'
...i can do "code"...

[root@sapocvm1 salt]# salt '*' cmd.retcode "file /bin/bash"
sapocvm3:
    0
sapocvm2:
    0
...return codes - yay...

[root@sapocvm1 salt]# salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"'
...run this shit...

[root@sapocvm1 salt]# salt '*' cmd.which ksh
...do we have Korn?...

For config management... we prefer Puppet.

admin · attr · attach · edit · history · print
Page last modified on April 28, 2014, at 05:56 AM