Wednesday, August 08, 2012

Salt diaries: deploying salt on a small network

This post is the first in a series documenting the deployment of Salt on a small network ( ~ 100 hosts, initially targeting only linux-based ones which account for roughly half of it).

Due to the low number of hosts I have gone for a single master layout. The linux hosts are for the greatest part running Centos 5.[4,5] in both x86 and x64 favors, and just a couple running SLES.

Installing salt master

The easiest way to install salt on Centos is to pull in the epel repository :

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

then install salt with yum:

yum install -y salt-master

Since minions by default will attempt to connect to the salt master by resolving an host named salt I configured a salt cname record for the salt master host in the dns server. At this point the master can be started with:

/etc/init.d/salt-master start

Note: I don't have firewall or SELinux enabled. In particular SELinux is problaly not yet supported at all.

Installing salt minions

The procedure for minions is basically the same for master with the difference that the package to install in salt-minion instead of salt-master:

yum install -y salt-minion && /etc/init.d/salt-minion start

Moving back to the master, the salt-key command can be used to check that minions have connected to the it and their keys are pending for acceptance. In a couple of cases the minions reported localhost.localdomain instead of the correct hostname. To fix it I had to edit /etc/hosts on the minion, remove the real hostname (in both unqualified and qualified form) from 127.0.0.1 and ::1 lines, and then restart salt-minion.
The mismatched key can be removed from the master with:

salt-key -r localhost.localdomain

Testing

Before moving on I wanted to make sure that everything is working as expected, so I ran this command on the master:

salt -v '*' test.ping

If the minions are running correctly you should get a True response as each minion attempts to ping the master. I used the -v option so that the master reports minions that did not respond. If some of your minions are busy and/or on slow networks consider raising the timeout with:

salt -t 60 -v '*' test.ping

That's it for now, in the next post I will get a basic states configuration working to make sure that all minions have a minimum configuration applied.

See all my Salt-related posts

No comments: