SaltStack holds a very important place in the IT industry. It helps the IT organizations to secure and maintain each infrastructural element that they use for executing digital business processes. SaltStack develops software which can help companies to automate and secure their digital infrastructure at a vast scale.
Earlier, tools like Chef and Puppet were used for the configuration management, and these tools support very slow data processing. Fortunately, with the help of Saltstack, we are able to overcome all these limitations. In this tutorial, we will study in detail about the SaltStack, features it supports, and its importance in the digital environment. The purpose of this tutorial is to represent how SaltStack can be helpful for business IT infrastructure management and security.
As per the sources, 2821 companies are using the SaltStack, most of them are into IT.
Saltstack is an orchestration and configuration management tool which allows the system administrators to perform automation of server management. SaltStack provides high-speed data connectivity and faster communication between the different systems present in the IT organization. Its multithreaded design allows the users to run thousands of tasks simultaneously.
SaltStack Architecture is developed for providing speed and scale. This is the reason why this architecture is used for managing the thousands of servers at Google, LinkedIn and many more companies.
For example - If a user has thousands of servers and user wants to perform functions on every server. A user would be required to log in to every server and perform function one at a time. This process will be very complicated and time-consuming as functions like software installation and configuration based on particular criteria may consume a lot of time.
To overcome this problem, SaltStack Architecture has been introduced as one can perform different functions just by typing one command. Thus, SaltStack is a single solution to overcome all such issues
Most of the Saltstack customers are from the United States. The other users of SaltStack software resides in UK, Canda, India, Brazil, Netherlands, Australia, Germany and, France.
SaltStack supports many useful features that were not present in the previously used Configuration management tools. Some of the important SaltStack features are mentioned below:
Salt Minions are able to connect to multiple masters at a particular moment by the configuration of master configuration parameters as all the available master’s YAML list. Every master is allowed to give commands to the Salt infrastructure.
Saltstack supports a very flexible management approach. The approach can be deployed for following the popular system management models like Agent only, Server only, Agent and Server or all of them within a similar environment.
With the help of Saltstack, one can effectively manage thousands of minions per master.
The parallel execution model of Saltstack enable the commands to parallely execute the remote systems.
SaltStack supports the simple programming interface. It is easily extensible and modular thus, it is easy to mold to the different applications.
SaltStack is very easy to set up. The single remote execution architecture provided by Saltstack allow to effectively manage the different requirements of the different servers.
Saltstack templating engines, file type or configuration files support the different types of languages.
The SaltStack Architecture is designed to work efficiently with numerous servers - ranging from the Local Network systems to the deployment made over the various data centers. SaltStack Architecture is basically a Server/Client model having required functionalities which are built into the single set processes.
SaltMaster: The salt master is a master daemon, this daemon is used for sending configurations and commands to the Salt Slaves. SaltMaster is basically a machine which manages the infrastructure and server's dictate policies. A single master is capable of handling the multiple Masters.
Salt Minions: Salt Minions are the slave daemons. Salt minions receive the configuration and commands from the master daemon. The slave daemons are installed on every managed machine and configured to interact with the master daemon. It is the responsibility of Salt Minion to execute the instructions sent by the salt master, report job success and provide data related to the underlying host.
Execution: Ad-hoc commands and modules are executed against one or more salt minion from the command line which delivers real-time monitoring.
Formula: Formulas are basically the salt states which are already written. Formulas are just like the open-ended Salt States and can be used for performing the task like installation of the package, configuration of a service, set up users or permissions and many more.
Grains: Grains is an interface designed for providing the information related to Minions, this information is static. When the Salt Minion begins, Grains also get loaded which simply indicates that information available in grains cannot be changed. Thus, the information in Grains could be related to the operating system for the running kernel. Grains is case sensitive.
Pillar: A pillar is an interface designed for generating or storing the highly sensitive information specific to particular slave daemons, such as passwords and cryptographic keys. It stores the information in a key/value pair and the management of data is done just like salt state tree.
Top file: It is used for matching the Salt States and Pillar Data to Slave Daemons.
Runners: It is a module present inside the Salt Master and responsible for performing tasks like reading data from the external APs, connection status, job status, query connected Salt Minions and many more.
Returners: This component is responsible for returning the data from Salt Minion to the other system.
Reactor: A reactor is liable to trigger the reactions at the time when any of the events occur in the SaltStack environment.
Salt Cloud: Salt cloud provides a user with a powerful interface that helps to communicate with salt Minion.
SaltSSH: This component is used to Run the Salt commands on Secure shell on the systems without any interference of Salt Minion.
So, these are the components included in the Salt Architecture which manages its working.
Salt, Chef, Puppet, and Ansible are the topmost Orchestration and Configuration management tools. Each of them follows a distinct path to server automation. They were developed for an easy configuration and management of thousands of servers.
Among all of them, Salt is considered to be the best. Let’s understand this concept in more detail that how the Salt is a strong competitor for Chef, Ansible, and Puppet.
The list of platforms which are supported by the SaltStack and its competitors is provided below:
If you are setting up the SaltStack Environment for the first time, then, you must install the SaltMaster on dedicated VM or Server. After that, you need to install the Salt Minion on every system which you want to manage by using the SaltStack.
For the SaltStack installation, a user must complete the following requirements:
To install the updates, use the following command.
‘ sudo apt-get update’.
You can install the SaltMaster by using the given ‘apt-get’ command.
Command - ‘ sudo apt-get install salt-master’.
Install Salt Minion
For the installation of Salt Minion, you can use the following command.
Command - ‘sudo apt-get install salt-minion’.
Install Salt syndic
Install the Salt Syndic with the help of ‘apt-get’ command.
The Salt-Master configuration can be done with the help of ‘Master Configuration File’. The Master Configuration file is present by default at /etc/salt/master directory. A notable exception can be ‘FreeBSD’ where the master configuration file is present at /usr/local/etc/salt directory.
Interface By default ‘0.0.0.0’ ( for all the interface).
The local interface must have an IP address. For example - interface <22.214.171.124>
Once you have updated the configuration file, you need to restart the Salt Master with a given command. ‘sudo service salt-master restart’.
Salt Minion Configuration is an easy process. Basically, one value is required to be set as the Master Value so that Minion can easily find where the master is located.
By default, the Salt Minion Configuration is present in the ‘/etc/salt/minion’ directory. In case of exception, configuration is in ‘/usr/local/etc/salt/minion’
After updating the configuration file, restart the Salt Minion by using the given command. ‘ sudo service salt-minion restart’.
For managing all the communication between the SaltMaster and Salt Minion, AES Encryption is used. Below the authenticated keys are mentioned which can be used for the communication between the Salt Master and Salt Minion.
Outcomes produced by this key:
Accepted Keys: Denied Keys: Unaccepted Keys: <local system name> Rejected Keys:
If you want to change the state of minion, you can use ‘-d’ key and later you can accept or reject the keys.
A user can accept all the keys by using the following command: ‘sudo salt-key - A’.
The following keys will be accepted:
Unaccepted Keys: <local system name> Proceed? [n/Y] y
Key for minion bala-Inspiron-N4010 accepted.
Issue command - ‘Salt Key Listing’:
It will produce the output as :
Accepted Keys: <local system name> Denied Keys: Unaccepted Keys: Rejected Keys:
You can use ‘test.ping’ command for the communication between SaltMaster and Salt Minion.
Command - ‘sudo salt ‘*’ test.ping’.
The output it will generate is
<local system name> True.
Here, ‘*’ sign is representing all the minions. As we have a single minion that is test.ping, it will execute the ping commands and analyze if the ping is successful or not.
Now we will be creating a simple SaltStack Environment which is discussed along with simple steps:
Virtualbox is known as Cross-Platform Virtualization application. This application allows users to run multiple operating systems simultaneously. Virtualbox runs on Linux, Solaris, Windows, and Macintosh. It supports and hosts a different Guest Operating System.
To Download VirtualBox, visit: https://www.virtualbox.org/wiki/Downloads
Vagrant provides an easy to configure, portable and reproducible work environment.
Download and install Vagrant from https://www.vagrantup.com
Once you have installed it, you need to configure it. For that, create a file with a name Vagrantfile in the folder and describe the machine type and properties.
Command to run Vagrant - vagrant up.
Command to stop Vagrant- vagrant halt.
SaltStack offers a demo environment as Vagrant Setup. This environment is hosted in GitHub.
Command to download the setup - cd /cd/to/path git clone https://github.com/UtahDave/salt-vagrant-demo
Command to start the demo environment - cd /cd/to/path/salt-vagrant-demo vagrant up
The response will display after executing the command as : result.
Now, 3 servers are running. One server configured with the Salt Master and two with the Salt Minion.
Command to login to the SaltMaster - vagrant ssh master
Command to move to the root user - sudo su
Salt master is connected successfully. Below are some basic salt commands.
A command to verify the Salt Minion connection and check the status of connection - salt-key —list-all
The output will be -
Accepted Keys: minion1 minion2 Denied Keys: Unaccepted Keys: Rejected Keys:
As all the keys are accepted, now you can send a command from Salt Master to check whether the Minions are listening or not.
Command to verify the Minions - salt '*' test.ping
The output will be -
minion1: True minion2: True
The output is indicating that minions are listening.
SaltStack Access Control System allows the users to execute the task within the authorization. This system is used for configuring access to Non-Administrative Control Interfaces. A user can apply the process to different systems.
Access Control System helps the Non-Administrative users in the Salt commands’ execution.
There are three types of Salt Interfaces:
This system provides access to the users other than root for Salt command execution on Salt Minions from the SaltMaster. The configuration of Publisher ACL system is done in the Master Configuration file through ‘publisher_acl’ configuration option.
publisher_acl: user1: - .* user2: - web*: - test.* - pkg.
Here, user 1 can execute anything whereas, user 2 can execute the only pkg and test ( only on the ‘web*’ minions’.
This system is used for providing access for executing the Salt commands on a particular minion via External Authorization Systems such as LDAP, PAM and many more. This file is defined in the Master file as mentioned below:
external_auth: pam: user1: - 'web*': - test.* - network.* user2: - .*
User 1 can execute functions in the network or test modules on the Salt Minions which matches the ‘web*’ target.
User 2 can execute anything.
Option ‘-a’ is provided by the salt server for enabling the external authentication.
For example - salt -a pam web* test.ping
Salt Minions are allowed to pass their commands through the Peer Interface. The configuration of Peer Interface can be done via the Master Configuration file. It allows SaltMinions to send the commands by using peer configuration from the master and also allow the minions to execute the runner using the peer-run configuration from the master.
Below both configurations and explained briefly:
This configuration is defined in the SaltMaster File as mentioned below:
peer: .*: - .*
The command is enabling the configuration for all the minions. It is advised to execute this command only in a secure environment.
Peer Run Configuration
This configuration let the minion execute the runner from the master through peer r-run option.
For example -
peer_run: .*: - .*
This command will allow access to all minions to all runner.
How to execute the commands?
For executing ‘test.ping’ on all the minions, you can use ‘salt-call’ command including the ‘publish.publish’ module.
For example- salt-call publish.publish * test.ping
For executing the runner, you can use the below-mentioned command. salt-call publish.runner manage.up
The SaltStack which comes along with a simple file server that is used for distributing the file to different Salt Minions is known as Salt File Server. It is basically a stateless ZeroMQ server which is developed into the Master.
The main purpose of Salt File Server is to represent the files for their use in the Salt State System. The Salt File Server can be used for transferring the general file to Salt Minions from the SaltMaster.
Git is basically an Open Source Distributed Version Control System which is used for keeping the track of modifications made in the file. Salt sends the files using Git File Server from the Git Repositories.
A user can configure the Git to ‘fileserver-backend’ list option and if the user wants to configure more than one repository, it can be done by using the gitfs_remotes option.
There are a number of benefits of using the SaltStack, and they are mentioned below:
SaltStack works on the ZeroMQ library. ZeroMQ is an embeddable networking and fast messaging library. Its basic implementation is done in C or C++ and the native implementation for different languages include.Net and JAVA.
It is a peer to peer, a brokerless messaging process which allow users to design a complex communication process in a simple manner.
ZeroMQ is a flexible tool which allows to exchange the messages among various clusters and multi-system environment. It is a default transport library presented in Salt.
The aforementioned information is providing all the details about the SaltStack Architecture. This architecture has resolved the user’s issue of executing multiple commands on the different servers simultaneously, thanks to its remote execution capabilities. Salt Configuration Management develops a Master-Minion model to bring the components of infrastructure in line with a provided policy quickly, flexibly, and easily.
Free Demo for Corporate & Online Trainings.