SaltStack (or Salt) is the tool that sends instructions and provisioning data from the 'salt-master', or the master server, to it's 'minions', or slave servers.
Salt-Cloud is the tool that allows you to automatically setup and provision the Salt software to cloud servers, such as Amazon or DigitalOcean. Salt-Cloud also automated the process of adding minions and the authentication and acceptance of keys on the master. Salt-Cloud is installed as part of Salt now, except on some RHEL systems (Fedora, CentOS) where Salt and Salt-Cloud are two separate installs.
By default everything is installed in:
/etc/salt
Any state or .sls files are installed to:
/srv/salt
The salt
directory may need to be created.
The basic config for a provider goes in:
/etc/salt/cloud.providers.d
Current config for DO is:
# /etc/salt/cloud.providers.d/digital-ocean.conf
do:
provider: digital_ocean
personal_access_token: <personal-access-token from DO API V2>
ssh_key_file: /home/username/.ssh/id_rsa
ssh_key_names: ID
Spacing is VERY important in YAML, NO tabs!
After config, profiles can be added. A profile determines the settings of the minion to be created on the provider. For example, for Digital Ocean the region, size and distro must be selected. Example:
# /etc/salt/cloud.profiles.d/digital-ocean.conf
ny3:
provider: do
image: ubuntu-12-04-x64
size: 512MB
location: New York 1
private_networking: true
At this point, you can run:
sudo salt-cloud -p ny3 minion-name
Note: -p
denotes the profile name from the profile file - multiple profiles can be configured. The minion name is used as the Digital Ocean hostname.
At this point, you can create multiple providers, multiple profiles and multiple minions. There is much more that can be done with Salt-Cloud, but at this point you can use Salt itself to provision to servers. Some basic commands:
To show which minions have fully accepted keys listed on the salt-master:
sudo salt-key -L
To run a test ping of connected minions:
sudo salt '*' test.ping
To get status of connected minions:
sudo salt-run manage.status
To run states or modules, you can create YAML files that define applications and states. By default these go in:
/srv/salt
For example, to install a webserver on one or many minions, create the file:
/srv/salt/nginx.sls
With the following content:
nginx:
pkg:
- installed
apache2:
pkg:
- removed
Execute the file by running:
sudo salt 'minion-name' state.sls nginx
Alternatively, this command should work too:
sudo salt '*' state.apply nginx
Commands can be sent via .sls
files, but also on the fly, using cmd.run
. The structure is as follows:
sudo salt '*' cmd.run 'ls -la /etc'
This will run the ls -la
command on all minions. To target a single minion:
sudo salt 'minion-name' cmd.run 'ls -la /etc'
In order to make formulas and commands more cohesive, a single file can be created to determine which states to apply to which minions or groups of minions. This file is called top.sls
. A sample top.sls
file:
base:
'*':
- vim
- scripts
- users
'*web*':
- apache
- python
- django
'*db*':
- mysql
This should be fairly self-explanatory; The packages vim, scripts and users will run on all minions, minions whose names contain web
will get apache, python and django, and minions whose names contain db
will get mysql.
Obviously much more can be done with salt states, but this is the fastest route from install to up and running.