Getting Started with Salt Stack-the Other Configuration Management System Built with Python

Copy Configuration Files for Specific Packages

In order to install the libpam-cracklib package, you need only the first three lines of this file. You could stop here, and libpam-cracklib would be installed with the default configuration supplied by your package manager. You then would need to log in to the machine on which it is installed and configure it for your particular needs. This defeats the purpose of using configuration management, and Salt offers a solution to this as well.

Salt can act as a secure file server and copy files to remote minions. In this same servers.sls file, add the following lines:


/etc/pam.d/common-password:
  file:
    - managed
    - source: salt://servers/common-password
    - require:
      - pkg: libpam-cracklib

Take note of line 4; this is where you tell Salt your particular file's location, and the lines after that tell Salt what package is required for this file. The line - source: salt:// maps to your /srv/salt directory on your master.

After you've saved your servers.sls file, make a new directory under /srv/salt called servers. This is where you will store your configuration file for the libpam-cracklib.

When you are installing packages and configuration files, you may want to install them first on a test server, and then configure them to your liking. Then you can copy the configuration files into your /srv/salt location. This way, you can verify that the configuration is functioning properly before deploying it to multiple servers.

Now your configuration will be available to Salt, and you can place this configuration on every minion, along with installing the libpam-cracklib package. Your /srv/salt directory should look something like this now:


/srv/salt
            top.sls
            servers.sls
          /servers
                  common-password

I'm using the libpam-cracklib here as an example, but this technique will work for any software that has configuration files associated with it. For instance, you easily could modify your Apache httpd.conf file to include your server's hostname and configure virtual hosts.

With all of your sls files in place and configuration files ready to go, the last step is to tell Salt to configure your machine remotely. The state.highstate command is what triggers this synchronization. Using the previous syntax to target all machines, enter this from the command line:


sudo salt '*' state.highstate

Hopefully, after a brief amount of time, your minion will return a success that looks something like this:


>>
  State: - pkg
  Name:      libpam-cracklib
  Function:  installed
      Result:    True
      Comment:   Package libpam-cracklib installed
      Changes:   wamerican: {'new': '7.1-1', 'old': ''}
                 cracklib-runtime: {'new': '2.8.18-3build1', 'old': ''}
                 libcrack2: {'new': '2.8.18-3build1', 'old': ''}
                 libpam-cracklib: {'new': '1.1.3-7ubuntu2', 'old': ''}
                   
----------
  State: - file
  Name:      /etc/pam.d/common-password
  Function:  managed
      Result:    True
      Comment:   File /etc/pam.d/common-password updated
      Changes:   diff: --- 
+++ 
@@ -22,7 +22,7 @@
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
-password   requisite   pam_cracklib.so retry=3 minlen=8 difok=3
+password   requisite   pam_cracklib.so retry=3 minlen=14 difok=3 dcredit=1 ucredit=1 lcredit=1 ocredit=1
 password   [success=1 default=ignore]   pam_unix.so obscure use_authtok try_first_pass sha512
 # here's the fallback if no module succeeds
 password   requisite   pam_deny.so

As you can see, Salt installed the libpam-cracklib package and then copied the common-password file from the master to the minion in the /etc/libpam-cracklib directory.

This was a fairly simple example on just one minion, but if you've ever had to install a LAMP-based Web server, imagine the amount of time you can save simply by using Salt's configuration management. Storing these settings in text files allows you to duplicate and create identical servers quickly.

Summary

You now have the ability to execute remote commands on multiple machines at once and store your configurations in easily maintained text files. You can install software packages specific to a type of server too.

With a little effort in the beginning, you can create one or many servers with your own specific configurations in the amount of time it takes for the packages to download to each machine. Salt doesn't execute these sequentially either. The commands are mostly implemented simultaneously on each machine, and if one minion happens to fail, the others will continue their progress.

Installing Salt can pay off big dividends later by allowing you to create specific-use servers based on a tested and repeatable configuration.

Visit the Salt Project page for more detail, and be sure to check the links for the mailing list, user-contributed documentation and examples. You'll find the community very welcoming and eager to lend assistance with any issues you encounter.

______________________

Ben Hosmer is a DEVOP with RadiantBlue Technologies where he develops and maintains Drupal sites and administers various servers. He is an open-source advocate and helps spread the use of Linux and other open-source software within the US government.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Phyton or Java?

Lula's picture

Phyton is a good language for development.And Java? Is better? cheats

Reply to comment | Linux Journal

vacation package disney hawaii's picture

Itѕ liκе уou rеаd my mіnd!
You aрpеar to know ѕo much about this, lіke you ωrоte the boοk
in іt oг somethіng. I thіnκ that you
сould do ωіth a few pics to ԁrіve
the message hοmе a littlе bit, but οthег than that, thiѕ is еxcеllеnt blog.
A greаt reаd. I'll certainly be back.

How would you deploy multiple

CK's picture

How would you deploy multiple folders, say your application files. can we use something http://www.hairwigs.de/ like RSYNC ? I know Puppet has such a module. Salt also has a CI module in Github. Would anyone know more ?

Perücken

Anonymous's picture

Ok, but...

Lula's picture

Phyton is a good language for development. cheats

I have read this marvelous

archeagegolds.net's picture

I have read this marvelous post. Thanks for sharing information about it. Thank you for giving me another point of view on this topic. Now I can easily complete my article
Archeage Gold | ffxiv gil

It sounds perfect for my

www.buyepc4u.com's picture

It sounds perfect for my goals,
Thanks & Regards
James

Reply to comment | Linux Journal

plaje vacanta's picture

Do you mind if I quote a few of your posts as long as I provide credit
and sources back to your webpage? My website is in the exact same niche as yours and my
visitors would certainly benefit from a lot of the information you present
here. Please let me know if this alright with you.
Cheers!

Very useful

Tom Walker's picture

I am a beginner and this was a great intro to Salt.

I found the article via this article on deploying Django with Salt:
http://www.barrymorrison.com/2013/Mar/11/deploying-django-with-salt-stack/

Watching a Project Folder

Anonymous's picture

How would you deploy multiple folders, say your application files. can we use something like RSYNC ? I know Puppet has such a module. Salt also has a CI module in Github. Would anyone know more ?

Critical typo

Joshua Dotson's picture

Hi. I fairly certain that I found a typo in the top.sls example. The second line should end with a colon.

base:
'*':
- servers

Thanks,
Joshua
Founder, Wrale Ltd

agreed.

Dog Crate Lover's picture

Yup Joshua,

I see that too... but it seems a bit blatant..

A minor error in your first page...

Anonymous's picture

I don't believe you meant to say: "Note: I use the terms Salt and Salt interchangeably throughout this article"

A dive into Salt Stack

Joel Jacobson's picture

Doubts related to remote server configuration using Salt

Karlos.Vanger's picture

Hello,

You've mentioned that system package manager should be available with the package that we are trying to install. Is there any way to perform tasks like source compiling as we do while accessing the machine remotely via SSH. And thank you very much for the fantastic Blog.

Thanks,
Karthik

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix