There was a joke:
— What is there Internet Explorer on Windows for?
— Just to download Firefox!
The same I would say about Ansible and Saltstack. Indeed there is Salt-SSH, but it has some disadvantages versus Ansible for agentless configuration:
- doesn't work on Windows
- has bug with Jinja template
Saltstack is more robust and flexible than Ansible, (imho!!!) and my tactic is to install Saltstack and its configuration on nodes with Ansible.
Also this playbook will install Saltstack masters with fully fledged GitFS
(Git fileserver backend)
— compiles and installs Pygit2 as provider.
Pygit2 is the only provider supporting HTTPS and Authentication to GIT servers – as I found out, others
(GitPython and Dulwich) are lacking these features.
Ubuntu and Centos have inappropriate versions
in their repositories, that's why we need to compile libgit2, the pygit2's backbone, from source.
- if you want to run ansible playbook on Windows
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
dk_salt_master_addresses– array of salt masters, to be provided todk_salt_minion_configdk_salt_minion_config– location of minion's jinja-template in your playbookdk_salt_master_config– location of master's jinja-template in your playbook
The array can be fetched, say, from group [master] in the playbook's inventory:
[master]
10.24.53.2
10.24.53.4Just add pre_task:
pre_tasks:
- name: setting fact about masters IP addresses
set_fact:
master_ips: "{% set masters = [] %}{% for host in groups.master %}{% set masters = masters.append(hostvars[host].ansible_default_ipv4.address) %}{% endfor %}{{ masters | to_json }}"
when: (master_ips is not defined)and then, in the role definition:
roles:
- role: saltstack-installer
dk_salt_master_addresses: "{{master_ips}}"
dk_salt_minion_config: "{{ minion_config_file | default(None) }}"
dk_salt_master_config: "{{ master_config_file | default(None) }}"
dk_salt_minion_config should reside somewhere in your playbook. Example of minion config as Jinja template:
master: {{ dk_salt_master_addressess }}
id: {{ inventory_hostname }}
hash_type: sha256
master_tries: -1
auth_tries: 15
auth_safemode: true
mine_interval: 3
startup_states: highstate
grains:
role: {{ roles | to_json }}
cluster: test-1
{% if public_cname is defined -%}
public_network:
ip: {{ ansible_host }}
cname: {{ public_cname }}
{% endif %}
This role doesn't depend on other roles.
---
- name: Install Salt minions on hosts
hosts: all
gather_facts: true
become: false
roles:
- role: saltstack-installer
dk_salt_master_addresses: "{{master_ips}}"
dk_salt_minion_config: "{{ minion_config_file | default(None) }}"
dk_salt_master_config: "{{ master_config_file | default(None) }}"MIT
Denis Kalinin, http://github.com/denis-kalinin