SaltStack targeting: storing roles in pillar
This is an attempt to record my thoughts and describe a solution with regard on how to target/classify minions in a SaltStack environment.
An interesting discussion on the topic can be found in this (rather old) thread on the Salt-User mailing list:
https://groups.google.com/forum/#!topic/salt-users/R_jgNdYDPk0
Basically I share the same concern of the thread author Martin F. Kraft, who in an attempt to put and end to this madness ended up writing reklass.
Roles seem to be easy enough to understand and provide for a clear separation between the actual infrastructure and the desired configuration state, while allowing extensibility and customization (a more specific role can override some settings from another role).
OTOH SaltStack approach is more oriented towards targeting (perhaps because of its remote execution roots?) and offers no simple centralized way of classifying minions. In fact, until pillar targeting was introduced there was no simple way of doing it besides the catch-22 idea of using salt to customize the minion conf file with a grain specifying its roles (which, btw requires a mid-flight restart, if used in a highstate).
My solution, at the moment is the following:
Whenever the role assignment changes the new configuration can be easily pushed to all minions by running the following two commands (can be assembled in an orchestrate state):
without a master or minion restart.
 |
| SaltStack logo |
An interesting discussion on the topic can be found in this (rather old) thread on the Salt-User mailing list:
https://groups.google.com/forum/#!topic/salt-users/R_jgNdYDPk0
Basically I share the same concern of the thread author Martin F. Kraft, who in an attempt to put and end to this madness ended up writing reklass.
Roles seem to be easy enough to understand and provide for a clear separation between the actual infrastructure and the desired configuration state, while allowing extensibility and customization (a more specific role can override some settings from another role).
OTOH SaltStack approach is more oriented towards targeting (perhaps because of its remote execution roots?) and offers no simple centralized way of classifying minions. In fact, until pillar targeting was introduced there was no simple way of doing it besides the catch-22 idea of using salt to customize the minion conf file with a grain specifying its roles (which, btw requires a mid-flight restart, if used in a highstate).
My solution, at the moment is the following:
- specify roles as pillar data
- target minions in highstate using said roles
- optionally install a mine function to push minion roles back to the master (for inventory, dns, linking, you-name-it purposes)
- name minions using a dev/prod/staging prefix to simplify the handling of multiple environments
Whenever the role assignment changes the new configuration can be easily pushed to all minions by running the following two commands (can be assembled in an orchestrate state):
salt '*' saltutil.pillar_refresh salt '*' mine.flush salt '*' mine.update
without a master or minion restart.