<h1 style='font-family: helvetica',align = 'center'>SaltStack Administration </h1>
<h2 style='font-family: helvetica',align='center'>Created 2017/02/01 by Braun Brelin</h2>


## What is DevOps?
- All about bringing together developers and operations teams
- Automating the environment
- Measuring application performance


### Automate everything
- Automate code testing
- Automate workflows
- Automate infrastructure

 ### Constant iteration of development
- Write new features and bug fixes in small chunks
- Automatically create, test and monitor new software additions


### Synchronize environments
- Identical environments for development, test and production


### Monitor yourself
- Adopt iterative processes to monitor and measure code and operations daily.
- Improve ability to quickly respond to customer concerns and market conditions. 

### Write code rather than perform manual actions
- Teams write code to automate configuration management
- Teams write code to handle triggered events.
- Teams write code to allow them to scale their environment


### Use source code control
- Manage and document all changes to application code
- Manage and document all changes to configurations and documentation.

### Adopt proper discipline
- Use devops to develop processes in place to manage your environment and your applications
- Put an end to controlled chaos that is the lot of most IT departments
- Understand the control the impact of unforseen events and disasters. 

### Reduce time to market
- Use devops to reduce the time it takes to bring new features and bug fixes from weeks and months to days and hours.
- Deploy frequently using an Agile like methodology.

## What does Saltstack allow us to do?
- Describe our infrastructure with code.
- Makes our infrastructure scalable
- Makes our infrastructure reliable.
- Gives us consistent environments. 
- Better Security
- Ability to quickly duplicate our environments. 
- Simplifies auditing and tracking capabilities

### Managing infrastructure as code
- Gives us revision control
- Allows use of bug tracking and ticketing systems. 
- Ability to do peer review before changes happen.
- Gives us infrastucture design patterns. 
- Test infrastucture changes the same way we test application changes.

### Monitoring and Metrics
- Allows to track every possible resource
- Gives us alerts on all services, availability and response times
- Capture, learn and improve
- Share access and data with everyone on the team
- Plan metrics and monitoring into the application lifecycle.
- Easily integrate third party monitoring and logging tools.

## What is SaltStack?
- A tool to turn your infrastructure into software. 
- Automates packing and provisioning of code to your IT environment.
- A massive finite state machine
- Configuration manger for your operations devops and cloudops environments. 



## Saltstack components
 - Salt Master
 - Salt Minions
 - Execution Modules
 - States 
 - Grains
 - Pillars
 - Top File
 - Runners
 - Returners
 - Reactors
 - Salt Cloud
 - Salt SSH 

### Salt Master
- Central Management Server
- Used to send commands and configuration data to salt minions running on managed systems.

### Salt Minion
- Software that runs on a managed system. 
- Receives commands and configuration data from the Salt master


### Execution Modules
- Ad hoc commands executed from the command line against one or more managed systems.
- perform real-time monitoring, status and inventory
- Run one-off commands or scripts
- Deploying critical updates.

### States
- A representation of a system configuration. Can be declarative or imperative.

### Grains
- Static system information about the managed system.
- Examples include the operating system. CPU, Memory, and other properties.
- You can define customized grains (properties) for your systems.

### Pillars
- User defined properties.  
- Stored securely on the salt master.
- Assignable to one or more minions using targets
- Examples include network ports, file paths, passwords, configuration parameters



### Top file
- Matches states and pillar data to minions


### Runners
- Modules that execute on the salt master to perform tasks. 
- Examples include runners that report job status, connection status, and query minions

### Returners
- Modules that can return data to various sources, such as a database.
- Returners can run on the Salt minions or the Salt master.

### Reactor
- Component that can be programmed to trigger reactions to specific events. 


### Salt Cloud
- Allows provisioning of systems on cloud providers or hypervisors 
- Immediately brings these systems under salt management. 

### Salt SSH
- Allows us to run Salt commands over SSH for systems that do not have a minion provisioned.

## Architectural overview of remote execution
Salt is a highly configurable, scalable and robust application that allows one master to manage thousands of minions simultaneously with almost no performance loss.  This means that the time required to update many minions is at worst a logarithmic function rather than a linear or exponential function.    

All Salt minions receive commands at the same time.  Salt can use multiple protocols to achieve this, however the recommended (and default) protocol is the ZeroMQ message queuing system.  While Salt can interface with many types of data stores, it's real win is being able to query minions in real time.  

While Salt mainstains a master/slave relationship between the master and the minions, communication with the minions is mostly a set of instructions or commands to run.  The minion is responsible for doing the heavy lifting and returning the results back to the master.

Salt normalizes commands between different hardware platforms.  All commands and states are the same regardless of the underlying operating system being run on the minion. 

Salt will run wherever you can install Python.  If a minion cannot run Python, then Salt provides a *proxy minion* that can interface with the real minion and issue commands on behalf of the master un the minion's native protocol. Additionally, the proxy parses and returns all output from the minion back to the master. 

Salt can perform all of its functions without requiring or using a programming language (Although you will get its best performance if you know some of the Python programming language).   

Everything in Salt is extensible.  You can even change the underlying network protocol.  You can create your own modules as well.  Following is an example of the remote execution architecture diagram. 

In [1]:
%pwd


'/home/bbrelin/src/repos/saltstack/docs'

<a href = '../graphics/Remote%20Method%20Execution%20Architecture.png'> </a>

## Salt Installation and Configuration
- Getting Salt
- Source Installation
- Packaged Installation
- Salt Bootstrap
- Salt Master Network Ports
- Minion Firewall
- Basic Minion Configuration
- Salt Security
- Lab 1.  Installing Salt

### Getting Salt
- Installing from source on Linux.
- Installing on Ubuntu via apt.

### Installing from source
Make sure that you have git installed on your system. 
Then run the following command
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
git clone https://github.com/saltstack/salt<br>
</p>
</td>
</tr>
</table>
<br><br><br><br><br>
Cloning the repository is enough to start working with Salt and contributing to the source code. You may wish, however to fetch additional tags from git.  Salt needs to be able to report the correct version for itself. 
First, we need to add the git repository as an upstream source.
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
git remote add upstream https://github.com/saltstack/salt<br>
</p>
</td>
</tr>
</table>
<br><br><br><br><br>
Then fetch tags with the 'git fetch' utility.
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
git fetch --tags upstream<br>
</p>
</td>
</tr>
</table>
<br><br><br><br><br>

As of this writing, Saltstack only works with Python version 2.  However, Python 3 is now in wide deployment.  This means that we'll want a virtual environment set up.<br><br>
We can then create a new virtual environment with virtualenv.
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
virtualenv --system-site-packages -p /path/to/your/python2/installation /path/to/your/virtualenv
</p>
</td>
</tr>
</table>
<br><br><br><br><br>
Once you have virtualenv installed, run it like so:
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
source /path/to/your/virtualenv/bin/activate
</p>
</td>
</tr>
</table>
<br><br><br><br><br>
A quick note to Arch Linux users, Python 3 is the default environment.  Use virtualenv2 rather than virtualenv. 
If you're using another distribution besides Debian or Ubuntu, and you are installing M2Crypto via pip, then you must make sure that you have the gcc C compiler installed. 

Now you can install Salt into your virtual environment. 
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
pip install pyzmq PyYAML pycrypto msgpack-python jinja2 psutil futures tornado
pip install -e ./salt   # the path to the salt git clone from above
</p>
</td>
</tr>
</table>
<br><br><br><br><br>
Note:  Don't install the M2Crypto library from pip if you're using Debian or Ubuntu.  They have a patched version of OpenSSL and you need that version before you can use M2Crypto. Instead of using pip, use apt like so:
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
apt-get install python-m2crypto
</p>
</td>
</tr>
</table>
<br><br><br><br><br>

Once you have your virtual environment running, copy the salt master and salt minion configuration files into your virtual environment. 
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
mkdir -p /path/to/your/virtualenv/etc/salt<br>
cp ./salt/conf/master ./salt/conf/minion /path/to/your/virtualenv/etc/salt/
<br>
</p>
</td>
</tr>
</table>
<br><br><br>

Now, you'll need to edit your master configuration file.

1.    Uncomment and change the user: root value to your own user.
2.    Uncomment and change the root_dir: / value to point to /path/to/your/virtualenv.
3.    If you are running version 0.11.1 or older, uncomment, and change the pidfile: /var/run/salt-master.pid value to point to /path/to/your/virtualenv/salt-master.pid.
4.    If you are also running a non-development version of Salt you will have to change the publish_port and ret_port values as well.



And also edit the minion configuration file. <br>
1. Repeat the edits you made in the master config for the user and root_dir values as well as any port changes.
2. If you are running version 0.11.1 or older, uncomment, and change the pidfile: /var/run/salt-minion.pid value to point to /path/to/your/virtualenv/salt-minion.pid.
3. Uncomment and change the master: salt value to point at localhost.
4. Uncomment and change the id: value to something descriptive like "saltdev". This isn't strictly necessary but it will serve as a reminder of which Salt installation you are working with.
5. If you changed the ret_port value in the master config because you are also running a non-development version of Salt, then you will have to change the master_port value in the minion config to match.

Start up the master and the minion, accept the minion's RSA key and verify that your local Salt installation is working. 

<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
cd /path/to/your/virtualenv<br>
salt-master -c ./etc/salt -d<br>
salt-minion -c ./etc/salt -d<br>
salt-key -c ./etc/salt -L<br>
salt-key -c ./etc/salt -A<br>
salt -c ./etc/salt '*' test.ping<br>
<br>
</p>
</td>
</tr>
</table>
<br><br><br><br><br><br><br><br><br><br>
Note that running the salt master and the minion with the *-l debug* option adds debugging output. If you want the output to go to the console rather than the log file, remove the -d option from the run commands. 

### Installing from Ubuntu with apt

Saltstack has a PPA to allow installation of Salt on Ubuntu.
Run the following command as root
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltmaster:~# apt-get --yes -q install python-software properties<br>
root@saltmaster:~# add-apt-repository ppa:saltstack/salt<br>
You are about to add the following PPA to your system:<br>
 Salt, the remote execution and configuration management tool.<br>
 More info: https://launchpad.net/~saltstack/+archive/salt<br>
Press [ENTER] to continue or ctrl-c to cancel adding it<br>
</p>
</td>
</tr>
</table>
<br><br><br><br><br><br><br><Br><br><br>
You must press the [Enter] key, otherwise it won't add the repository

Make sure you update Apt's package index.
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltmaster:~# apt-get --yes -q update<br>
</p>
</td>
</tr>
</table>
<br><br><br>
Also, install the Python development package. 
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltmaster:~# apt-get -y python-dev<br>
</p>
</td>
</tr>
</table>
<br><br><br>
<p align='left'>Then install the salt-master package.</p> 
<table align='left', width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltmaster:~# apt-get --yes -q install salt-master<br>
</p>
</td>
</tr>
</table>

Now we can configure the salt master. Let's do a real example of a simple configuration. 
1. Edit the /etc/salt/master configuration file and configure the interface parameter. 
Change it's value to the IP address of the salt master. 
<br>
2. Change the base directory for the salt states files.  The default is /srv/salt.  Change that to 
/salt/states/base.  To do that, uncomment and edit the *file_roots:* parameter with the new value.
3.  Create a new development environment in the top.sls file by adding the following:<br>
<table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
file_roots:<br>
    base:<br>
    \- /salt/states/base <br>
    development:<br>
    \- /salt/states/dev<br>
 </p>
 </td></tr></table>
 <br> <br> <br> <br> <br> <br> <br>
 <p align='left'>4.  Set the pillar_roots
 <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
pillar_roots:<br>
    base:<br>
    \- /salt/pillars/base <br>
 </p>
 </td></tr></table>
 <br> <br> <br> <br> <br>
 Don't forget to create the directories specified in the salt master file!
 

Once we have the master configured, we can then create a minion on a remote machine.  Note that we'll have to log in to the remote system to set up its configuration.  Once that is done, however, you may never need to log into it again.


Start by installing the required python libraries onto the minion.

<table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltminion:~# apt-get --yes -q install python-software-properties
 </p>
 </td></tr></table>
 <br> <br> <br> <br> <br>
 Add the repository to apt. 
 <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltminion:~# add-apt-repository ppa:saltstack/salt<br>
You are about to add the following PPA to your system:<br>
Salt, the remote execution and configuration management tool.<br>
More info: https://launchpad.net/~saltstack/+archive/salt<br>
Press [ENTER] to continue or ctrl-c to cancel adding it<br>
 </td></tr></table>
 <br> <br> <br> <br> <br><br><br><br><br>
 Update apt with apt-update
 <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltminion:~# apt-get --yes -q update
 </p>
 </td></tr></table>
 <br> <br> <br> <br> <br>
 Finally, install the salt-minion package
 <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
root@saltminion:~# apt-get --yes -q install salt-minion
 </p>
 </td></tr></table>
 <br> <br> <br> <br> <br>
 Repeat this process for every minion you wish to configure. 

Finally, the last thing we need to do is to configure the salt minion.  The only thing we really  need to do here is to set the IP address of the salt master.  A very nice workaround is to simply edit the minion's /etc/host file and have the default server name 'salt' resolve to the salt master's IP address.  Then simply push down a new, updated salt minion configuration file.  No manual editing of the salt minion's config file is needed. 

Restart the salt-minion.  Note that it is going to try and communicate with the salt-master, however, it will fail because the key hasn't been accepted yet.  The procedure for this is the same a the one noted above for installing via the source code. 

### Installing with bootstrap
A third way of installing salt is by using the bootstrap bash script provided by SaltStack. There are multiple ways of downloading this script. 

Via Curl.
<table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
 </p>
 </td></tr></table>
 <br><br><br><br>
 Via Wget
 <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com
 </p>
 </td></tr></table>
 <br><br><br><br>
 Via Python <br>
 <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
python -m urllib "https://bootstrap.saltstack.com" > bootstrap-salt.sh
 </p>
 </td></tr></table>
 <br><br><br><br>
 Once you have the script, by whichever method you choose, run it like so:
  <table align='left',width='700px'>
<tr>
<td>
<p style='font-family:courier'>
sudo sh bootstrap-salt.sh
 </p>
 </td></tr></table>
 <br><br><br><br>
 This will download and install the latest stable version of SaltStack. Once done, we can now configure the master and create minions as we see fit. 

Let's now do an example of implementing a package with Salt.  We'll install a webserver called *nginx* though salt. 


## Running Salt
<table align='left', width = '700px'>
<tr>
<td>
<p style='font-family:courier'>
salt-master
</p>
</td>
</tr>
</table>