Tech - Spread the Salt evenly - Part 2

Overview

In the previous post, we saw how to setup the salt master and minions. Now, let's see how we can use Salt to maintain a consistent state in the infrastructure. The state here could mean - software, configuration, permissions etc.

Salt Concepts Covered

In this post, the following concepts are covered -
  • Formulas (States) - A declarative or imperative representation of a system configuration.
  • Top File - Matches formulas and Salt pillar data to Salt minions.

State Management

One of the key concepts in Salt, is state management. State management in Salt ensures that the applications and infrastructure is managed centrally (as you would using other tools such as Chef, Ansible, Puppet). In addition, state management also ensures that if someone changes the configuration in a minion, state management will rest it back to what it should be. This way, Salt ensures that all changes to application, infrastructure, configuration, permission etc. are managed centrally through Salt master.

In the salt master server, create a folder called /srv/salt. In this folder, we are going to create the salt state management files. In this folder, create a file called top.sls -

# contents of the top.sls file
base:
  '*':
    - packages
    - beacons

Add a file called packages.sls -

# contents of the packages.sls file
python-pip:
  pkg.installed

pynotify:
  pip.installed:
    - require:
      - pkg: python-pip

Add the last file in this folder, beacons.sls -

# contents of the beacons.sls file
/etc/salt/minion.d/beacons.conf:
  file.managed:
    - source:
      - salt://files/minion.d/beacons.conf
    - makedirs: True

Create a folder called /srv/salt/files/minion.d. In this folder, create a file called beacons.conf -

# contents of the beacons.conf file. beacons monitor minion nodes
beacons:
  sh: {}

Finally, run the following command - 'sudo salt '*' state.apply'. This command will take the top.sls and apply the state defined in it.

This will now set the 'state' in all the machines running the salt minion agents. This means that the pynotify package is installed in all machines and also create the '/etc/salt/minion.d/beacons.conf' file. We will come to the beacon in the next post.

Summary

Salt can be used to ensure that infrastructure components - web/application servers, firewalls, other system configuration are maintained consistently. Any change to the infrastructure has to be made through salt and this way configuration "drift" is avoided.

In the next post, we will look at how the infrastructure can be proactively monitored and managed using beacons and reactors.

Comments

Popular posts from this blog

Azure Chronicles - VM Security

Tech - Sprinkle some Salt - Part 1

Cloudera Quick Start VM in Hyper-V