Skip to main content

Salt diaries: deploying salt on a small network

This post is the first in a series documenting the deployment of Salt on a small network ( ~ 100 hosts, initially targeting only linux-based ones which account for roughly half of it).

Due to the low number of hosts I have gone for a single master layout. The linux hosts are for the greatest part running Centos 5.[4,5] in both x86 and x64 favors, and just a couple running SLES.

Installing salt master

The easiest way to install salt on Centos is to pull in the epel repository :

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

then install salt with yum:

yum install -y salt-master

Since minions by default will attempt to connect to the salt master by resolving an host named salt I configured a salt cname record for the salt master host in the dns server. At this point the master can be started with:

/etc/init.d/salt-master start

Note: I don't have firewall or SELinux enabled. In particular SELinux is problaly not yet supported at all.

Installing salt minions

The procedure for minions is basically the same for master with the difference that the package to install in salt-minion instead of salt-master:

yum install -y salt-minion && /etc/init.d/salt-minion start

Moving back to the master, the salt-key command can be used to check that minions have connected to the it and their keys are pending for acceptance. In a couple of cases the minions reported localhost.localdomain instead of the correct hostname. To fix it I had to edit /etc/hosts on the minion, remove the real hostname (in both unqualified and qualified form) from 127.0.0.1 and ::1 lines, and then restart salt-minion.
The mismatched key can be removed from the master with:

salt-key -r localhost.localdomain

Testing

Before moving on I wanted to make sure that everything is working as expected, so I ran this command on the master:

salt -v '*' test.ping

If the minions are running correctly you should get a True response as each minion attempts to ping the master. I used the -v option so that the master reports minions that did not respond. If some of your minions are busy and/or on slow networks consider raising the timeout with:

salt -t 60 -v '*' test.ping

That's it for now, in the next post I will get a basic states configuration working to make sure that all minions have a minimum configuration applied.

See all my Salt-related posts

Comments

Popular posts from this blog

Indexing Apache access logs with ELK (Elasticsearch+Logstash+Kibana)

Who said that grepping Apache logs has to be boring?

The truth is that, as Enteprise applications move to the browser too, Apache access logs are a gold mine, it does not matter what your role is: developer, support or sysadmin. If you are not mining them you are most likely missing out a ton of information and, probably, making the wrong decisions.
ELK (Elasticsearch, Logstash, Kibana) is a terrific, Open Source stack for visually analyzing Apache (or nginx) logs (but also any other timestamped data).

From 0 to ZFS replication in 5m with syncoid

The ZFS filesystem has many features that once you try them you can never go back. One of the lesser known is probably the support for replicating a zfs filesystem by sending the changes over the network with zfs send/receive.
Technically the filesystem changes don't even need to be sent over a network: you could as well dump them on a removable disk, then receive  from the same removable disk.

Detect missed executions with OpenNMS

Everyone knows that OpenNMS is a powerful monitoring solution, but not everyone knows that since version 1.10 circa it embeds the Drools rule processing engine. Drools programs can then be used to extend the event handling logic in new and powerful ways.

The following example shows how OpenNMS can be extended to detect missed executions for recurring activities like backups or scheduled jobs.