Blog

SaltStack Tutorial

  • (5.0)
  • | 1116 Ratings

Introduction


SaltStack holds a very important place in the IT industry. It helps the IT organizations to secure and maintain each infrastructural element that they use for executing digital business processes. SaltStack develops software which can help companies to automate and secure their digital infrastructure at a vast scale.  


Enroll now for the ultimate SaltStack Training from Mindmajix.

Earlier, tools like Chef and Puppet were used for the configuration management, and these tools support very slow data processing. Fortunately, with the help of Saltstack, we are able to overcome all these limitations.  In this tutorial, we will study in detail about the SaltStack, features it supports, and its importance in the digital environment.  The purpose of this tutorial is to represent how SaltStack can be helpful for business IT infrastructure management and security.


SaltStack Tutorial


As per the sources, 2821 companies are using the SaltStack, most of them are into IT. 



What is SaltStack


Saltstack is an orchestration and configuration management tool which allows the system administrators to perform automation of server management. SaltStack provides high-speed data connectivity and faster communication between the different systems present in the IT organization. Its multithreaded design allows the users to run thousands of tasks simultaneously. 


Why Saltstack?


SaltStack Architecture is developed for providing speed and scale.  This is the reason why this architecture is used for managing the thousands of servers at Google, LinkedIn and many more companies. 


For example - If a user has thousands of servers and user wants to perform functions on every server. A user would be required to log in to every server and perform function one at a time. This process will be very complicated and time-consuming as functions like software installation and configuration based on particular criteria may consume a lot of time.  


To overcome this problem, SaltStack Architecture has been introduced as one can perform different functions just by typing one command. Thus, SaltStack is a single solution to overcome all such issues

SaltStack Tutorial


Most of the Saltstack customers are from the United States. The other users of SaltStack software resides in UK, Canda, India, Brazil, Netherlands, Australia, Germany and, France. 


Features of SaltStack


SaltStack supports many useful features that were not present in the previously used Configuration management tools. Some of the important SaltStack features are mentioned below:


Fault tolerance


Salt Minions are able to connect to multiple masters at a particular moment by the configuration of master configuration parameters as all the available master’s YAML list.  Every master is allowed to give commands to the Salt infrastructure. 


Flexible


Saltstack supports a very flexible management approach.  The approach can be deployed for following the popular system management models like Agent only, Server only, Agent and Server or all of them within a similar environment. 


Scalable Configuration Management


With the help of Saltstack, one can effectively manage thousands of minions per master. 


Parallel Execution model    


The parallel execution model of Saltstack enable the commands to parallely execute the remote systems. 


Python API


SaltStack supports the simple programming interface. It is easily extensible and modular thus, it is easy to mold to the different applications. 


Easy to Set Up


SaltStack is very easy to set up. The single remote execution architecture provided by Saltstack allow to effectively manage the different requirements of the different servers. 


Language Agnostic


Saltstack templating engines, file type or configuration files support the different types of languages. 


SaltStack - Architecture


The SaltStack Architecture is designed to work efficiently with numerous servers -  ranging from the Local Network systems to the deployment made over the various data centers. SaltStack Architecture is basically a Server/Client model having required functionalities which are built into the single set processes. 


SaltStack Architecture


Components of SaltStack


SaltMaster: The salt master is a master daemon, this daemon is used for sending configurations and commands to the Salt Slaves.  SaltMaster is basically a machine which manages the infrastructure and server's dictate policies. A single master is capable of handling the multiple Masters. 


Salt Minions: Salt Minions are the slave daemons. Salt minions receive the configuration and commands from the master daemon. The slave daemons are installed on every managed machine and configured to interact with the master daemon.   It is the responsibility of Salt Minion to execute the instructions sent by the salt master, report job success and provide data related to the underlying host. 


Execution: Ad-hoc commands and modules are executed against one or more salt minion from the command line which delivers real-time monitoring. 


Formula: Formulas are basically the salt states which are already written.  Formulas are just like the open-ended Salt States and can be used for performing the task like installation of the package,  configuration of a service, set up users or permissions and many more.


SaltStack Tutorial


Grains: Grains is an interface designed for providing the information related to Minions,  this information is static. When the Salt Minion begins, Grains also get loaded which simply indicates that information available in grains cannot be changed. Thus, the information in Grains could be related to the operating system for the running kernel. Grains is case sensitive. 


Pillar: A pillar is an interface designed for generating or storing the highly sensitive information specific to particular slave daemons, such as passwords and cryptographic keys.  It stores the information in a key/value pair and the management of data is done just like salt state tree. 


Top file: It is used for matching the Salt States and Pillar Data to Slave Daemons. 


Runners: It is a module present inside the Salt Master and responsible for performing tasks like reading data from the external APs,  connection status, job status, query connected Salt Minions and many more. 


Returners: This component is responsible for returning the data from Salt Minion to the other system. 


Reactor: A reactor is liable to trigger the reactions at the time when any of the events occur in the SaltStack environment. 


Salt Cloud: Salt cloud provides a user with a powerful interface that helps to communicate with salt Minion. 


SaltSSH: This component is used to Run the Salt commands on Secure shell on the systems without any interference of Salt Minion. 


So, these are the components included in the Salt Architecture which manages its working. 


Checkout SaltStack Blogs


SaltStack Competitors


Salt, Chef, Puppet, and Ansible are the topmost Orchestration and Configuration management tools. Each of them follows a distinct path to server automation.  They were developed for an easy configuration and management of thousands of servers. 


Among all of them, Salt is considered to be the best. Let’s understand this concept in more detail that how the Salt is a strong competitor for Chef, Ansible, and Puppet. 


SaltStack Tutorial


Platform and Support


The list of platforms which are supported by the SaltStack and its competitors is provided below:


  • SaltStack - SaltStack is supported by the different versions of Linux, MacOS, Windows, and, Unix. 
  • Puppet - It is supported by  Scientific Linux, Red Hat Enterprise, CentOS, Oracle Linux,  SUSE Linux Enterprise Server  and, Ubuntu. 
  • Ansible- Ansible is supported by  Scientific Linux via Extra Packages for Enterprise Linux (EPEL), Fedora distribution of Linux and some other operating system. 
  • Chef - Chef is supported by various platforms like Microsoft Windows, RHEL/CentOS, Solaris, FreeBSD,  AIX and Ubuntu. It is a Python-based configuration management tool that supports the ZeroMQ messaging system which enable users to collect and execute the data in a faster manner.  Saltstack architecture is highly scalable and delivers very reliable performance. It uses the ‘Push Model’ to execute the commands through Secure Shell Protocol. The default configuration system used by SaltStack is Jinja templates and YAML.

  • Origin Language 
    • SaltStack - Python. 
    • Puppet- Ruby. 
    • Ansible - Python.
    • Chef- Ruby. 

  • Supported Language 
    • SaltStack Supports every language. 
    • Puppet supports Ruby. 
    • Ansible supports every language.
    • Chef supports Ruby. 

Web User Interface 


  • SaltStack - The web user-interface of SaltStack offers the view of jobs running, event logs and minion status. 
  • Puppet- Web UI of Puppet manage the inventorying, reporting and the real-time node management. 
  • Ansible - The Web UI of Ansible allows to configure the users, groups, and inventories. It also applies the playbooks to inventories. 
  • Chef - Chef’s Web UI allows the users to find the inventory nodes, view to node activities and assign the roles. 

Management Tools 


  • SaltStack - SaltStack Enterprise is the main tool used for the management of Cloud Orchestration and the IT operations. It also managed DevOps. 
  • Puppet - Puppet supports two tools- Puppet Enterprise and the Open Source Puppet. Puppet Enterprise provides functionalities of the Open Source Puppet and along with that, it also provides API, GUI and Command line tools for managing the nodes. 
  • Ansible - The main tool used by Ansible for management is Ansible 1.3. 
  • Chef - CFE Engine is the configuration management tool used by the Chef.

Performance


  • SaltStack - SaltStack is designed for providing high scalability and improved performance.  The communication system of Salt develops a continuous data pipeline between the Master daemon and Slave daemon by using ZeroMQ. 
  • Puppet - It is secure to use and deliver high performance. In puppet, you do not require agents. 
  • Ansible - It is secure to use, deliver high performance and does not involve any agent. 
  • Chef - While using the Chef server, users often struggle to search as the search process is quite slow and not requested by the clients in a concurrent manner. 

Price and Value 


  • SaltStack- It is open source, free version.  The SaltStack Enterprise can cost up to $150 per machine every year. 
  • Puppet - Puppet is also free, open source version. The Puppet Enterprise may cost up to $1000 per machine every year. 
  • Ansible - Free and open-source version. Ansible is available as free of cost for 10 machines and after that, you need to pay up to $250 per machine every year depending upon the support you requires. 
  • Chef - It is an open source version. The  Enterprise Chef is free for the five machines, $120 for twenty machines and $300 for fifty machines per month. 

Usage


  • SaltStack - SaltStack is being used by the Rackspace and Cisco. Saltstack is capable of integration with any of the cloud-based platforms. 
  • Puppet - Puppet is used by Twitter, Paypal, Zynga, New York Stock Exchange, Google and many more. 
  • Ansible - Ansible can be deployed to cloud environment, virtualization environments, DigitalOcean, Amazon Web services, Google Cloud Platform, Cloud Stack and many more. 
  • Chef- Chef can be integrated with cloud-based platforms like Amazon EC2, OpenStack, Internap. Microsoft Azure, Google Cloud Platform and Rackspace.

SaltStack Tutorial


SaltStack Installation 


If you are setting up the SaltStack Environment for the first time, then, you must install the SaltMaster on dedicated VM or Server. After that,  you need to install the Salt Minion on every system which you want to manage by using the SaltStack. 


For the SaltStack installation, a user must complete the following requirements:


  • A Linux  Server ( having  the latest Ubuntu Server)
  • Root or Sudo access to the Linux Server.

To install the updates, use the following command. 


‘ sudo apt-get update’. 


Install SaltMaster 


You can install the SaltMaster by using the given ‘apt-get’ command. 


Command - ‘ sudo apt-get install salt-master’. 


Install Salt Minion 


For the installation of Salt Minion, you can use the following command.


Command - ‘sudo apt-get install salt-minion’.


Install Salt syndic 


Install the Salt Syndic with the help of ‘apt-get’ command. 


Master Configuration 


The Salt-Master configuration can be done with the help of ‘Master Configuration File’.  The Master Configuration file is present by default at /etc/salt/master directory. A notable exception can be ‘FreeBSD’ where the master configuration file is present at /usr/local/etc/salt directory. 


Configuration

Interface
By default ‘0.0.0.0’ ( for all the interface). 

 The local interface must have an IP address. For example - interface <192.162.0.1>


Once you have updated the configuration file, you need to restart the Salt Master with a given command.  ‘sudo service salt-master restart’. 


Minion Configuration 


Salt Minion Configuration is an easy process.  Basically, one value is required to be set as the Master Value so that Minion can easily find where the master is located. 


By default, the Salt Minion Configuration is present in the ‘/etc/salt/minion’ directory. In case of exception, configuration is in  ‘/usr/local/etc/salt/minion


Configuration: 

  • #master: salt.
  • master: .

After updating the configuration file, restart the Salt Minion by using the given command. ‘ sudo service salt-minion restart’. 



Frequently Asked SaltStack Interview Questions


Key Management


For managing all the communication between the SaltMaster and Salt Minion, AES Encryption is used.  Below the authenticated keys are mentioned which can be used for the communication between the Salt Master and Salt Minion. 


‘Salt-key- L’.

Outcomes produced by this key:

Accepted Keys:
Denied Keys:
Unaccepted Keys:
<local system name>
Rejected Keys:

If you want to change the state of minion, you can use ‘-d’ key and later you can accept or reject the keys. 


A user can accept all the keys by using the following command: ‘sudo salt-key - A’. 


The following keys will be  accepted:

Unaccepted Keys:
<local system name>
Proceed? [n/Y] y

Key for minion bala-Inspiron-N4010 accepted.


Issue command - ‘Salt Key Listing’:


It will produce the output as :

Accepted Keys:
<local system name>
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Sending Commands

You can use ‘test.ping’ command for the communication between SaltMaster and Salt Minion. 

Command - ‘sudo salt ‘*’ test.ping’. 


The output it will generate is

<local system name>
True. 

Here, ‘*’ sign is representing all the minions.   As we have a single minion that is test.ping, it will execute the ping commands and analyze if the ping is successful or not. 


SaltStack - Creating a Simple Environment


Now we will be creating a simple SaltStack Environment which is discussed along with simple steps:


Install VirtualBox Environment 


Virtualbox is known as Cross-Platform Virtualization application.  This application allows users to run multiple operating systems simultaneously. Virtualbox runs on Linux, Solaris, Windows, and Macintosh. It supports and hosts a different Guest Operating System. 


 To Download VirtualBox, visit: https://www.virtualbox.org/wiki/Downloads


Install Vagrant 


Vagrant provides an easy to configure, portable and reproducible work environment. 

Download and install Vagrant from https://www.vagrantup.com

Once you have installed it, you need to configure it.  For that, create a file with a name Vagrantfile in the folder and describe the machine type and properties. 

Command to run Vagrant - vagrant up

Command to stop Vagrant-  vagrant halt


Download the Demo Environment


SaltStack offers a demo environment as Vagrant Setup.  This environment is hosted in GitHub. 

Command to download the setup - cd /cd/to/path  git clone https://github.com/UtahDave/salt-vagrant-demo


Start Environment 


Command to start the demo environment - cd /cd/to/path/salt-vagrant-demo vagrant up

The response will display after executing the command as : result. 


Now, 3 servers are running. One server configured with the Salt Master and two with the Salt Minion. 


Run Salt Master 


Command to login to the SaltMaster - vagrant ssh master

Command to move to the root user - sudo su


Salt master is connected successfully.  Below are some basic salt commands.


A command to verify the Salt Minion connection and check the status of connection - salt-key —list-all


The output will be - 

Accepted Keys:
minion1
minion2
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Verify Salt Minion 


As all the keys are accepted, now you can send a command from Salt Master to check whether the Minions are listening or not. 


Command to verify the Minions - salt '*' test.ping


The output will be - 


minion1:
   True
minion2:
   True

The output is indicating that minions are listening. 


SaltStack - Access Control System


SaltStack Access Control System allows the users to execute the task within the authorization.  This system is used for configuring access to Non-Administrative Control Interfaces.  A user can apply the process to different systems. 


Access Control System helps the Non-Administrative users in the Salt commands’ execution. 


There are three types of Salt Interfaces: 


  • Publisher ACL system
  • External Auth system
  • Peer system

Publisher ACL system


This system provides access to the users other than root for Salt command execution on Salt Minions from the SaltMaster. The configuration of Publisher ACL system is done in the Master Configuration file through ‘publisher_acl’ configuration option. 


For example- 

publisher_acl:
   user1:
      - .*

   user2:
      - web*:
         - test.*
         - pkg.

Here, user 1  can execute anything whereas, user 2  can execute the only pkg and test ( only on the ‘web*minions’. 


External Auth system


This system is used for providing access for executing the Salt commands on a particular minion via External Authorization Systems such as LDAP, PAM and many more. This file is defined in the Master file as mentioned below:


external_auth:
   pam:
      user1:
         - 'web*':
            - test.*
            - network.*
      user2:
         - .*

User 1 can execute functions in the network or test modules on the Salt Minions which matches the ‘web*’ target. 

User 2 can execute anything.


Option ‘-a’ is provided by the salt server for enabling the external authentication. 

For example - salt -a pam web\* test.ping


Peer system


Salt Minions are allowed to pass their commands through the Peer Interface.  The configuration of Peer Interface can be done via the Master Configuration file. It allows SaltMinions to send the commands by using peer configuration from the master and also allow the minions to execute the runner using the peer-run configuration from the master. 


Below both configurations and explained briefly:


Peer Configuration-


This configuration is defined in the SaltMaster File as mentioned below:


peer:
   .*:
      - .*

The command is enabling the configuration for all the minions. It is advised to execute this command only in a secure environment. 


Peer Run Configuration 


This configuration let the minion execute the runner from the master through peer r-run option. 


For example - 

peer_run:
   .*:
      - .*

This command will allow access to all minions to all runner. 


How to execute the commands? 


For executing ‘test.ping’ on all the minions, you can use ‘salt-call’ command including the ‘publish.publish’ module. 


For example-  salt-call publish.publish \* test.ping


For executing the runner, you can use the below-mentioned command. salt-call publish.runner manage.up


Salt File Server


The SaltStack which comes along with a simple file server that is used for distributing the file to different Salt Minions is known as Salt File Server.  It is basically a stateless ZeroMQ server which is developed into the Master. 


The main purpose of Salt File Server is to represent the files for their  use in the Salt State System.  The Salt File Server can be used for transferring the general file to Salt Minions from the SaltMaster. 


SaltStack - Git as a File Server


Git is basically an Open Source Distributed Version Control System which is used for keeping the track of modifications made in the file. Salt sends the files using Git File Server from the Git Repositories. 


A user can configure the Git to ‘fileserver-backend’ list option and if the user wants to configure more than one repository, it can be done by using the gitfs_remotes option.


Benefits of SaltStack


There are a number of benefits of using the SaltStack, and they are mentioned below:


  • Robust: Saltstack is a simple, powerful, robust configuration management framework which can work efficiently with thousands of systems simultaneously without hassle. 
  • Authentication: SaltStack supports secure authentication. It uses Secure Shell protocol for the authentication purpose. 
  • Secure: It maintains data security by using encrypted protocols. 
  • Fast: Saltstack is very lightweight, fast communication bus which is a base for the remote execution engines.
  • Virtual Machine Automation: Saltstack uses Virtual Could Controller capabilities for the virtual machine automation. 
  • Infrastructure as data, not code: Saltstack delivers model-driver configuration management, simple deployment and commands execution framework.

Introduction to ZeroMQ 


SaltStack works on the ZeroMQ library. ZeroMQ is an embeddable networking and fast messaging library.  Its basic implementation is done in C or C++ and the native implementation for different languages include.Net and JAVA.


It is a peer to peer, a brokerless messaging process which allow users to design a complex communication process in a simple manner. 


There are five basic patterns followed by ZeroMQ:


  1. Synchronous Request/Response: It is used to send the request and receive the revert for every sent request. 
  2. Asynchronous Request/Response : A requestor will send the request message to start the conversation and wait for the revert. A provider will wait for the incoming messages and revert back as a response message.
  3. Publish/Subscribe: It is used to distribute the data from a single process to different recipients.  For example- From Publisher to Subscribers. 
  4. Push/Pull: It is responsible for sharing the data with all nodes connected. 
  5. Exclusive Pair: It is used to connect the two peers in order to make a pair. 

ZeroMQ is a flexible tool which allows to exchange the messages among various clusters and multi-system environment. It is a  default transport library presented in Salt. 


Conclusion 


The aforementioned information is providing all the details about the SaltStack Architecture. This architecture has resolved the user’s issue of executing multiple commands on the different servers simultaneously, thanks to its remote execution capabilities.  Salt Configuration Management develops a Master-Minion model to bring the components of infrastructure in line with a provided policy quickly, flexibly, and easily. 

Subscribe For Free Demo

Free Demo for Corporate & Online Trainings.

Ravindra Savaram
About The Author

Ravindra Savaram is a Content Lead at Mindmajix.com. His passion lies in writing articles on the most popular IT platforms including Machine learning, DevOps, Data Science, Artificial Intelligence, RPA, Deep Learning, and so on. You can stay up to date on all these technologies by following him on LinkedIn and Twitter.


DMCA.com Protection Status

Close
Close