Server Management Assingment 1 – Hello Salt

H1

Assignment given by Tero Karvinen

a) Lue virallisesta Salt Getting Started Guide -kirjasta luvut Understanding SaltStack (noi n 8 alasivua) ja SaltStack Fundamentals (6 alasivua, ei tarvitse asentaa demoympäristöä) ja SaltStack Configuration Management: Functions (1 alasivu). (Tätä lukutehtävää ei tarvitse raportoida).

b) Silmäile Laineen 2017 varastossa olevia salt -asetuksia. (Tätä lukutehtävää ei tarvitse raportoida).

c) Asenna Salt Master ja Slave pull-arkkitehtuurilla (eli master on server). Voit laittaa herran ja orjan myös samalle koneelle. Kokeile suorittamalla salt:illa komentoja etänä.

d) Kokeile jotain Laineen esimerkistä lainattua tilaa tai tee jostain tilasta oma muunnelma. Muista testata lopputuloksen toimivuus. Huomaa, että varastossa on myös keskeneräisiä esimerkkejä, kuten Battlenet-asennus Windowsille.

e) Kerää laitetietoja koneilta saltin grains-mekanismilla.

f) Oikeaa elämää. Säädä Saltilla jotain pientä, mutta oikeaa esimerkiksi omalta koneeltasi tai omalta virtuaalipalvelimelta. (Kannattaa kokeilla Saltia oikeassa elämässä, mutta jos se ei onnistu, rakenna jotain oikeaa konettasi vastaava virtuaaliympäristö ja tee asetus siinä).

g) Vapaaehtoinen: asenna ja konfiugroi jokin palvelin Saltilla. (package-file-server)


Testing Environment

For this assignment I used Laptop Asus model RS17S and live-usb with Ubuntu 18.04. When I am using live-usb so to download some programs I have to go Software & Updates and check the Community-maintained free and open-source software (niverse)

Selection_001.png


a) First assignment I had to is to read from Salt Getting Started first 8 subpages from Understanding SaltStack

b) I had to watch from Laine’s Salt-setting.

c) Getting started with Salt

I had to install salt-master and salt-minion. I decided to do set my server as a master and local computer as a slave. For this I had to install ssh so I can connect to my server.

$ sudo apt-get install ssh

$ ssh robert@(ip-address)

Installing master and minion

Then I had to install salt-master and salt-minion. For my master I only needed to install master because it will be the master computer. And for minions to know who is their master I needed my ip-address.

$ sudo apt-get install salt-master

$ hostname -I

(ip-address)

I also had firewall on so I needed to open 4505/tcp and 4506/tcp holes for the master. If firewall isn’t installed then this part can be ignored.

$ sudo ufw allow 4505/tcp

$ sudo ufw allow 4506/tcp

Installing minion

Then on my minion (local pc or I opened a new terminal) I had to install the salt-minion and tell it/them (if you have more minions) who is the master or assign ip-address. Because I am doing this on an live-usb I have to assign an id because if I have more than one minion they would have the same name.

$ sudo apt-get update

$ sudo apt-get install salt-minion

After installation I had to assign the id. I added a new line (doesn’t matter where because others are comments) master: ip-addres and id: minion1 (I gave name for my minion minion1).

$ sudoedit /etc/salt/minion

After this lines added I restarted minion.

$ sudo systemctl restart salt-minion.service

Accepting minion/s

Then master has to accept minions key to control them. First I checked what are unaccepted keys and then I accepted them if I want to.

$ sudo salt-key

Selection_003.png

If you don’t see any unaccepted keys then youhave to restart the master:

$ sudo systemctl restart salt-master.service

After this you should see unaccepted keys. Then you can accept keys.

$ sudo salt-key -A

Selection_004.png

Testing commands

I tested with a simple command that minion is connected to my master.

$ sudo salt ‘*’ test.ping

Selection_005.png

It cave me True so my minion had connected to my master and listens to it.

d) For this assignment I had to try Laine’s example of salt commands or make my own changes.

First I decided to try the firewall command.

Firstly I had to make a file where all the masters files and commands will go. File is located in /srv/.

$ sudo mkdir -p /srv/salt/

Then I had to create .sls file that will execute the commands and pass them to slaves or minions.

$ sudoedit firewall.sls

robert@512mb: -srv-salt_006.png

Then I created firewall folder and inside I created to files that will change firewall rules. For this I had to use sudoedit for this because this reguires sudo permissionto change anything. I created two files, user6.rules and user.rules.

$ sudoedit user.rules

$ sudoedit user6.rules

robert@512mb: -srv-salt-firewall_007.png

robert@512mb: -srv-salt-firewall_008.png

Testing commands for minions

Now I had to apply the command to my minions. I had to apply the .sls file to master and to its minions. (Here you dont have to write firewall.sls because it will recognize the file and ‘*’ mean that it will apply to master and to every minion)

$ sudo salt ‘*’ state.apply firewall

After a while I got in a bottom a Succeeded so it means that it ran the file and made the changes. I went also to check on the minion or the slave computer that had it made the changes in the ufw files.

$ cd /etc/ufw/

And there are two files (user.rules & user6.rules) that I can read with the cat or less commands

$ sudo cat(/less) user.rules

$ sudo cat(/less) user6.rules

Selection_010.png

This is the file what it looks after the firewall.sls command. It had added the rules that I wanted so I can say that it worked.

e) Exploring salt

This assignment I had to collect device information about my machines with the grains -command.

I can get all the information about the machine with just one command

$ sudo salt ‘*’ grains.items

But this command gives a lot of information and there are many that I even don’t know what they are used or what they mean.

I also can see information individually just adding the item I want to see at the end, like this:

$ sudo salt ‘*’ grains.item cpu_model

512mb:
———-
cpu_model:
Intel(R) Xeon(R) CPU E5-2630L v2 @ 2.40GHz
minion 1:
———-
cpu_model:
Intel(R) Pentium(R) CPU N3700 @ 1.60GHz

f) Salt in real life

Here I had to use salt in real life or try to do something I would do in real life. So I wanted to install programs that I would use daily. Programs I use are for example Shutter and VLC (I couldn’t thing what I could download for this assignment but these two programs I use and I wanted to start off with something simple).

I have previously created /srv/salt/ directory so I don’t have to created it again but I have to make files that will install vlc and shutter.

$ sudoedit top.sls

robert@512mb: -srv-salt_002.png

$ sudoedit media.sls

robert@512mb: -srv-salt_003.png

After I created files I had to top file to my minion.

$ sudo salt ‘minion 1’ state.highstate

Selection_001.png

At the end I got Succeeded: 1 so it was a successful installation.

Shutter I know was Installed because I used to take snipping tools for my blogs and vlc I checked by opening terminal and typing:

$ vlc

VLC media player_004.png

Both programs got installed so it was a success!

g)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s