Getting Started with Salt Stack-the Other Configuration Management System Built with Python

Copy Configuration Files for Specific Packages

In order to install the libpam-cracklib package, you need only the first three lines of this file. You could stop here, and libpam-cracklib would be installed with the default configuration supplied by your package manager. You then would need to log in to the machine on which it is installed and configure it for your particular needs. This defeats the purpose of using configuration management, and Salt offers a solution to this as well.

Salt can act as a secure file server and copy files to remote minions. In this same servers.sls file, add the following lines:

/etc/pam.d/common-password:
  file:
    - managed
    - source: salt://servers/common-password
    - require:
      - pkg: libpam-cracklib

Take note of line 4; this is where you tell Salt your particular file's location, and the lines after that tell Salt what package is required for this file. The line - source: salt:// maps to your /srv/salt directory on your master.

After you've saved your servers.sls file, make a new directory under /srv/salt called servers. This is where you will store your configuration file for the libpam-cracklib.

When you are installing packages and configuration files, you may want to install them first on a test server, and then configure them to your liking. Then you can copy the configuration files into your /srv/salt location. This way, you can verify that the configuration is functioning properly before deploying it to multiple servers.

Now your configuration will be available to Salt, and you can place this configuration on every minion, along with installing the libpam-cracklib package. Your /srv/salt directory should look something like this now:

/srv/salt
            top.sls
            servers.sls
          /servers
                  common-password

I'm using the libpam-cracklib here as an example, but this technique will work for any software that has configuration files associated with it. For instance, you easily could modify your Apache httpd.conf file to include your server's hostname and configure virtual hosts.

With all of your sls files in place and configuration files ready to go, the last step is to tell Salt to configure your machine remotely. The state.highstate command is what triggers this synchronization. Using the previous syntax to target all machines, enter this from the command line:

sudo salt '*' state.highstate

Hopefully, after a brief amount of time, your minion will return a success that looks something like this:

>>
  State: - pkg
  Name:      libpam-cracklib
  Function:  installed
      Result:    True
      Comment:   Package libpam-cracklib installed
      Changes:   wamerican: {'new': '7.1-1', 'old': ''}
                 cracklib-runtime: {'new': '2.8.18-3build1', 'old': ''}
                 libcrack2: {'new': '2.8.18-3build1', 'old': ''}
                 libpam-cracklib: {'new': '1.1.3-7ubuntu2', 'old': ''}
                   
----------
  State: - file
  Name:      /etc/pam.d/common-password
  Function:  managed
      Result:    True
      Comment:   File /etc/pam.d/common-password updated
      Changes:   diff: --- 
+++ 
@@ -22,7 +22,7 @@
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
-password   requisite   pam_cracklib.so retry=3 minlen=8 difok=3
+password   requisite   pam_cracklib.so retry=3 minlen=14 difok=3 dcredit=1 ucredit=1 lcredit=1 ocredit=1
 password   [success=1 default=ignore]   pam_unix.so obscure use_authtok try_first_pass sha512
 # here's the fallback if no module succeeds
 password   requisite   pam_deny.so

As you can see, Salt installed the libpam-cracklib package and then copied the common-password file from the master to the minion in the /etc/libpam-cracklib directory.

This was a fairly simple example on just one minion, but if you've ever had to install a LAMP-based Web server, imagine the amount of time you can save simply by using Salt's configuration management. Storing these settings in text files allows you to duplicate and create identical servers quickly.

Summary

You now have the ability to execute remote commands on multiple machines at once and store your configurations in easily maintained text files. You can install software packages specific to a type of server too.

With a little effort in the beginning, you can create one or many servers with your own specific configurations in the amount of time it takes for the packages to download to each machine. Salt doesn't execute these sequentially either. The commands are mostly implemented simultaneously on each machine, and if one minion happens to fail, the others will continue their progress.

Installing Salt can pay off big dividends later by allowing you to create specific-use servers based on a tested and repeatable configuration.

Visit the Salt Project page for more detail, and be sure to check the links for the mailing list, user-contributed documentation and examples. You'll find the community very welcoming and eager to lend assistance with any issues you encounter.