Skip to content

Instantly share code, notes, and snippets.

@elmariofredo

elmariofredo/SaltStack-Cheat-Sheet.md

Last active January 11, 2020 22:54
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save elmariofredo/8964467 to your computer and use it in GitHub Desktop.
Save elmariofredo/8964467 to your computer and use it in GitHub Desktop.
Download ZIP
Minimal saltstack with could setup with simple cheat sheet style notes(don't forget to create AWS key named MainKey.pem to /etc/salt/ and chmod 0400 /etc/salt/MainKey.pem)
Raw
etc-salt-cloud.profiles.d-ubuntu.conf
ubuntu_aws_small:
provider: dev
image: ami-a73264ce
size: m1.small
ssh_interface: private
ssh_username: ubuntu
Raw
etc-salt-cloud.providers.d-dev.conf
dev:
minion:
master: hq.east.example.com
grains:
type: dev
ssh_interface: private_ips
id: IDDDDDDDDDDD
key: 'yourkey'
# Make sure this key is owned by root with permissions 0400.
private_key: /etc/salt/MainKey.pem
keyname: MainKey
securitygroup: Dev
# ec2-user/ubuntu
ssh_username: ubuntu
provider: ec2
Raw
etc-salt-master
fileserver_backend:
- roots
- git
gitfs_remotes:
- git://github.com/saltstack-formulas/openssh-formula.git
Raw
SaltStack-Cheat-Sheet.md

Read first!

http://docs.saltstack.com/topics/troubleshooting/

http://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html

http://docs.saltstack.com/topics/tutorials/walkthrough.html

http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html

OS X

http://docs.saltstack.com/topics/installation/osx.html

  • brew install salt
  • sudo launchctl limit maxfiles 4096 8192
  • sudo mkdir /etc/salt
  • echo "max_open_files: 8192" | sudo tee -a /etc/salt/master

Ubuntu

  • sudo add-apt-repository ppa:saltstack/salt
  • sudo apt-get update
  • apt-get install salt-master
  • apt-get install salt-cloud
  • chmod 0400 /etc/salt/MainKey.pem
  • apt-get install python-pip
  • pip install GitPython
  • ssh -T git@github.com
  • start salt-master

Examples

http://saltstarters.org/

Example commands

See http://docs.saltstack.com/en/latest/topics/targeting/compound.html

# salt '*' sys.doc
# salt -E '.*' cmd.run 'ls -l | grep foo'
# salt -L foo.bar.baz,quo.qux cmd.run 'ps aux | grep foo'
# salt '*' grains.items
# salt -G 'os:Fedora' test.ping
# salt '*' pillar.items
# salt 'supply.*' network.ip_addrs
# salt '*' saltutil.refresh_pillar
# salt '*' pillar.item mine_functions
# salt '*' mine.get '*' grains.items
# salt -C 'G@circle:live and G@data_volume_attached:True'
# salt '*' state.sls sfym.app
# salt -C 'E@^((?!frontline).)*$' cmd.run 'dpkg --purge nginx'
# salt -C 'E@^((?!frontline).)*$' cmd.run 'rm -rf /etc/nginx/'
# salt '*' state.highstate test=True

Use formulas

These are kind of packages for salt http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html all you need to do is include them and their dependencies in gitfs_remotes in /etc/salt/master file.

Upgrade and restart minions

  • salt '*' pkg.list_upgrades
  • salt '*' pkg.upgrade
  • salt '*' system.reboot

Troubleshoot

Verify yaml validity

# salt '*' state.show_sls apache
# salt '*' state.show_highstate

Show verbose log

for master

# stop salt-master
# salt-master -l debug

for minion

# stop salt-minion
# salt-minion -l debug

Guides

http://docs.saltstack.com/en/latest/topics/troubleshooting/

or

  • stop master/minion
  • rm -rf /var/cache/salt
  • start master/minion

Never ending job

or with error "The function "state.highstate" is running as PID 28604 and was started at 2014, Apr 28 13:02:34.845199 with jid 20140428130234845199"

  • salt 'server' saltutil.running
  • salt 'server' saltutil.kill_job 20140428130234845199

Failed to authenticate, is this user permitted to execute commands?

see saltstack/salt#12248

# killall salt-master
# start salt-master
# cat >> /etc/security/limits.conf
root soft nofile 20000
root hard nofile 30000

State files(*.sls)

http://docs.saltstack.com/en/latest/ref/states/highstate.html#state-declaration

Gui Beta

https://github.com/saltstack/halite

Raw
srv-pillar-base_pkgs.sls
base_pkgs:
- wget
- vim
- htop
- git
Raw
srv-pillar-openssh.sls
sshd_config:
Port: 50022
PasswordAuthentication: no
X11Forwarding: no
RSAAuthentication: yes
PubkeyAuthentication: yes
UsePAM: yes
Raw
srv-salt-base_pkgs.sls
base_pkgs:
pkg.installed:
- names:
{% for pkg in pillar.base_pkgs %}
- {{ pkg }}
{% endfor %}
Raw
srv-salt-top.sls
base:
'*':
- base_pkgs
- openssh.config
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment