No description, website, or topics provided.
SaltStack Python Shell PHP JavaScript HTML Groovy
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
_modules
apps
aws
bin
celery
docker
elasticsearch
filebeat
formulas
git
grafana
graphite
hubot
jenkins
kibana
kube
logstash
mysql
newrelic
nginx
nodejs
ntp
openvpn
ops
pillar-example
piwik-server
python
python3
rabbitmq-server
redis
salt
scripts
stackstorm
statsd
supervisor
users
vpnc
.gitignore
.gitmodules
README.md
SALT_VERSION
get_vpn_ip
hosts.sls
ldap-users.sls
setupsalt-master
setupsalt-masterless-minion
setupsalt-remote-minion
top.sls

README.md

Summit ESP Salt States

This repository contains all the of states we use to manage the various servers in use by some Summit ESP internal applications. For security and flexibility, many details have been abstracted into a Salt Pillar repository; however, there is an example of what this repository should look like located in the pillar-example directory of this repository.

Get the repo:

git clone https://github.com/SummitESP/salt-states.git /srv/salt
cd /srv/salt

##Provisioning Scripts##

We've included scripts to automate setting up your salt master, remote minions, or a masterless minion.

This repository is also considered to be version locked. All states and scripts included in the repository should work properly with the salt version defined in the SALT_VERSION file, which should be updated any time you choose to use a newer release of Salt.

You should also have your modified pillar files in place at /srv/pillar/ before continuing.

###setupsalt-master###

Use this script to set up a master server. It will install the Salt master, setup an OpenVPN server for secure communication between all managed machines, and set up a minon on the master to allow for managing the master itself via Salt states.

####Usage:#####

setup-master -h <master id> -i <master ip>

####Arguments:####

  • -h <master id> - (Optional) default: saltmaster - This flag allows you to define the name or salt id used to reference the master from from the minions and from the salt CLI.
  • -i <master ip> - (Optional) default: 127.0.2.1 - This is the IP address that will be placed in the /etc/hosts file of the master to refer to itself. This should be a 127.0.0.0/8 loopback address.

###setupsalt-remote-minon###

Use this script to remotely setup a Salt minion remotely. For this you must have a user with passwordless sudo access which can ssh into the machine.

This script queries the Salt master to decide which version of Salt to install, to insure that the versions always match.

We use Salt SSH to remotely control the minon server. You must tell Salt SSH about the new machine by adding it's login details to /srv/pillar/salt-ssh/roster.

Roster Example:

minion1:
    host: 192.168.1.220
    user: user1
    passwd: &zUhHWi7qpqu6Dr5
    sudo: True
minion2:
    host: 192.168.1.177
    user: root
    passwd: P@$sw0rd

This roster defines 2 minions, minion1 and minion2, with the host defining the IP address or hostname to the machine, the user and passwd to use for logging in and sudo indicating whether the user must call sudo to run commands as root. For more details on how to define a roster please see the roster documentation.

When using a user that requires sudo to run commands as root, that user must be able to do so with being prompted for their password. Check this by verifying that a line similar to one of those below is located in the sudoers file (preferably near the bottom), which you can view and edit with the visudo command.

# use this to give user1 passwordless sudo access
user1 ALL=(ALL) NOPASSWD:ALL

# use this to give all users in group1 passwordless sudo access
%group1 ALL=(ALL) NOPASSWD:ALL

####Usage:####

setupsalt-remote-minon <minion id>

####Arguments:####

  • <minion id> - (Required) Id of minion as refined in the roster file.

###setupsalt-masterless-minion###

Use this script to set up a minion which doesn't need a master. This is useful when working with an infrastructure of a single machine which a master might be overkill.

Once a masterless minion is setup you can run most standard Salt commands using salt-call tool instead of salt <minion id>.

####Usage:####

setupsalt-masterless-minion