Assignment given by Tero Karvinen
a) Lue virallisesta Salt Getting Started Guide -kirjasta luvut Understanding SaltStack (noi n 8 alasivua) ja SaltStack Fundamentals (6 alasivua, ei tarvitse asentaa demoympäristöä) ja SaltStack Configuration Management: Functions (1 alasivu). (Tätä lukutehtävää ei tarvitse raportoida).
b) Silmäile Laineen 2017 varastossa olevia salt -asetuksia. (Tätä lukutehtävää ei tarvitse raportoida).
c) Asenna Salt Master ja Slave pull-arkkitehtuurilla (eli master on server). Voit laittaa herran ja orjan myös samalle koneelle. Kokeile suorittamalla salt:illa komentoja etänä.
d) Kokeile jotain Laineen esimerkistä lainattua tilaa tai tee jostain tilasta oma muunnelma. Muista testata lopputuloksen toimivuus. Huomaa, että varastossa on myös keskeneräisiä esimerkkejä, kuten Battlenet-asennus Windowsille.
e) Kerää laitetietoja koneilta saltin grains-mekanismilla.
f) Oikeaa elämää. Säädä Saltilla jotain pientä, mutta oikeaa esimerkiksi omalta koneeltasi tai omalta virtuaalipalvelimelta. (Kannattaa kokeilla Saltia oikeassa elämässä, mutta jos se ei onnistu, rakenna jotain oikeaa konettasi vastaava virtuaaliympäristö ja tee asetus siinä).
g) Vapaaehtoinen: asenna ja konfiugroi jokin palvelin Saltilla. (package-file-server)
For this assignment I used Laptop Asus model RS17S and live-usb with Ubuntu 18.04. When I am using live-usb so to download some programs I have to go Software & Updates and check the Community-maintained free and open-source software (niverse)
b) I had to watch from Laine’s Salt-setting.
c) Getting started with Salt
I had to install salt-master and salt-minion. I decided to do set my server as a master and local computer as a slave. For this I had to install ssh so I can connect to my server.
$ sudo apt-get install ssh
$ ssh robert@(ip-address)
Installing master and minion
Then I had to install salt-master and salt-minion. For my master I only needed to install master because it will be the master computer. And for minions to know who is their master I needed my ip-address.
$ sudo apt-get install salt-master
$ hostname -I
I also had firewall on so I needed to open 4505/tcp and 4506/tcp holes for the master. If firewall isn’t installed then this part can be ignored.
$ sudo ufw allow 4505/tcp
$ sudo ufw allow 4506/tcp
Then on my minion (local pc or I opened a new terminal) I had to install the salt-minion and tell it/them (if you have more minions) who is the master or assign ip-address. Because I am doing this on an live-usb I have to assign an id because if I have more than one minion they would have the same name.
$ sudo apt-get update
$ sudo apt-get install salt-minion
After installation I had to assign the id. I added a new line (doesn’t matter where because others are comments) master: ip-addres and id: minion1 (I gave name for my minion minion1).
$ sudoedit /etc/salt/minion
After this lines added I restarted minion.
$ sudo systemctl restart salt-minion.service
Then master has to accept minions key to control them. First I checked what are unaccepted keys and then I accepted them if I want to.
$ sudo salt-key
If you don’t see any unaccepted keys then youhave to restart the master:
$ sudo systemctl restart salt-master.service
After this you should see unaccepted keys. Then you can accept keys.
$ sudo salt-key -A
I tested with a simple command that minion is connected to my master.
$ sudo salt ‘*’ test.ping
It cave me True so my minion had connected to my master and listens to it.
d) For this assignment I had to try Laine’s example of salt commands or make my own changes.
First I decided to try the firewall command.
Firstly I had to make a file where all the masters files and commands will go. File is located in /srv/.
$ sudo mkdir -p /srv/salt/
Then I had to create .sls file that will execute the commands and pass them to slaves or minions.
$ sudoedit firewall.sls
Then I created firewall folder and inside I created to files that will change firewall rules. For this I had to use sudoedit for this because this reguires sudo permissionto change anything. I created two files, user6.rules and user.rules.
$ sudoedit user.rules
$ sudoedit user6.rules
Testing commands for minions
Now I had to apply the command to my minions. I had to apply the .sls file to master and to its minions. (Here you dont have to write firewall.sls because it will recognize the file and ‘*’ mean that it will apply to master and to every minion)
$ sudo salt ‘*’ state.apply firewall
After a while I got in a bottom a Succeeded so it means that it ran the file and made the changes. I went also to check on the minion or the slave computer that had it made the changes in the ufw files.
$ cd /etc/ufw/
And there are two files (user.rules & user6.rules) that I can read with the cat or less commands
$ sudo cat(/less) user.rules
$ sudo cat(/less) user6.rules
This is the file what it looks after the firewall.sls command. It had added the rules that I wanted so I can say that it worked.
e) Exploring salt
This assignment I had to collect device information about my machines with the grains -command.
I can get all the information about the machine with just one command
$ sudo salt ‘*’ grains.items
But this command gives a lot of information and there are many that I even don’t know what they are used or what they mean.
I also can see information individually just adding the item I want to see at the end, like this:
$ sudo salt ‘*’ grains.item cpu_model
Intel(R) Xeon(R) CPU E5-2630L v2 @ 2.40GHz
Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
f) Salt in real life
Here I had to use salt in real life or try to do something I would do in real life. So I wanted to install programs that I would use daily. Programs I use are for example Shutter and VLC (I couldn’t thing what I could download for this assignment but these two programs I use and I wanted to start off with something simple).
I have previously created /srv/salt/ directory so I don’t have to created it again but I have to make files that will install vlc and shutter.
$ sudoedit top.sls
$ sudoedit media.sls
After I created files I had to top file to my minion.
$ sudo salt ‘minion 1’ state.highstate
At the end I got Succeeded: 1 so it was a successful installation.
Shutter I know was Installed because I used to take snipping tools for my blogs and vlc I checked by opening terminal and typing:
Both programs got installed so it was a success!