Skip to main content

SaltStack targeting: storing roles in pillar

This is an attempt to record my thoughts and describe a solution with regard on how to target/classify minions in a SaltStack environment.
SaltStack logo

An interesting discussion on the topic can be found in this (rather old) thread on the Salt-User mailing list:

https://groups.google.com/forum/#!topic/salt-users/R_jgNdYDPk0

Basically I share the same concern of the thread author Martin F. Kraft, who in an attempt to put and end to this madness ended up writing reklass.

Roles seem to be easy enough to understand and provide for a clear separation between the actual infrastructure and the desired configuration state, while allowing extensibility and customization (a more specific role can override some settings from another role).


OTOH SaltStack approach is more oriented towards targeting (perhaps because of its remote execution roots?) and offers no simple centralized way of classifying minions. In fact, until pillar targeting was introduced there was no simple way of doing it besides the catch-22 idea of using salt to customize the minion conf file with a grain specifying its roles (which, btw requires a mid-flight restart, if used in a highstate).

My solution, at the moment is the following:
  1. specify roles as pillar data
  2. target minions in highstate using said roles
  3. optionally install a mine function to push minion roles back to the master (for inventory, dns, linking, you-name-it purposes)
  4. name minions using a dev/prod/staging prefix to simplify the handling of multiple environments

Whenever the role assignment changes the new configuration can be easily pushed to all minions by running the following two commands (can be assembled in an orchestrate state):

salt '*' saltutil.pillar_refresh
salt '*' mine.flush
salt '*' mine.update

without a master or minion restart.

Comments

Popular posts from this blog

From 0 to ZFS replication in 5m with syncoid

The ZFS filesystem has many features that once you try them you can never go back. One of the lesser known is probably the support for replicating a zfs filesystem by sending the changes over the network with zfs send/receive.
Technically the filesystem changes don't even need to be sent over a network: you could as well dump them on a removable disk, then receive  from the same removable disk.

Indexing Apache access logs with ELK (Elasticsearch+Logstash+Kibana)

Who said that grepping Apache logs has to be boring?

The truth is that, as Enteprise applications move to the browser too, Apache access logs are a gold mine, it does not matter what your role is: developer, support or sysadmin. If you are not mining them you are most likely missing out a ton of information and, probably, making the wrong decisions.
ELK (Elasticsearch, Logstash, Kibana) is a terrific, Open Source stack for visually analyzing Apache (or nginx) logs (but also any other timestamped data).

Mirth: recover space when mirthdb grows out of control

I was recently asked to recover a mirth instance whose embedded database had grown to fill all available space so this is just a note-to-self kind of post.
Btw: the recovery, depending on db size and disk speed, is going to take long.

The problem A 1.8 Mirth Connect instance was started, then forgotten (well neglected, actually). The user also forgot to setup pruning so the messages filled the embedded Derby database until it grew to fill all the available space on the disk. The SO is linux.

The solution First of all: free some disk space so that the database can be started in embedded mode from the cli. You can also copy the whole mirth install to another server if you cannot free space. Depending on db size you will need a corresponding amount of space: in my case a 5GB db required around 2GB to start, process logs and then store the temp files during shrinking.

Then open a shell as the user that mirth runs as (you're not running it as root, are you?) and cd into the mirth home. …