7th December 2022

What is SaltStack? Asset Inventory

It is an installation management software. Salt minions receive simultaneous commands from the master and process all kinds of commands and submit a report to the master at the end of the process. Saltstack shows real-time logs, error queries and more directly to the workstation.

What is SaltStack
What is SaltStack

 

What is SALT?

In 2011, SaltStack technical founder Thomas Hatch was tasked with managing large, complex data centre infrastructures, and none of the existing systems management or configuration management tools gave the ability to quickly automate arbitrary tasks common in maintaining digital infrastructure. So he built a high-speed remote execution tool and decided to open the project.
However, the project needed a name. As Thomas watched The Lord of the Rings, they noticed that in a scene between Gimli and the dwarf and his two hobbies, Peregrin Took and Meriadoc Brandybuck, Gimli, which hobbyists glued to salted pigs, was eating salted pork. Tom thought, “Well, everything is better with Salt,” and his name was born.
Organizations use Salt to discover, monitor, respond, organize, automate and secure assets across on-premises, hybrid, cloud and IoT systems. There is an important difference that sets Salt apart from its competitors. Salt is designed to scale and can easily manage tens of thousands of managed systems per master.
The Salt project has a huge and dynamic community of 2500+ developers affiliated to the codebase and nearly 100,000 commitments since its inception.

Architectural

The core of the pure ecosystem consists of two critical components. Salt Master and Salt Minion. Other components play a supporting role in keeping the ecosystem running.
The diagram below provides a high-level architectural view of an example Salt architecture:

In the past few years, IT infrastructure has increasingly fragmented between on-premises, hybrid, cloud and IoT assets. Because of this, it has become quite complex for organizations to gain visibility into their infrastructures and to understand where assets are deployed or sit and what is inside of them.
One of the first things Salt helps organizations is asset inventory. It has been developed into four main modules to help organizations manage their assets.

SaltStack Architectural
SaltStack Architectural

 

Asset Inventory

Salt Minion

Salt Minion is a Python-based endpoint that can be deployed on all major * nix and Windows operating systems. Minions are connected to the Master and can be asked to perform various tasks by running commands from the Master in an easy-to-understand YAML file or directly from the Master.

LEARN MORE  What is MBR and GPT? What's the Difference Between Them?

A SaltMaster can do the operations that will be applied to Minions with the command below.

For example;
omer@saltmaster: ~ $ sudo salt \ * pkg.list_pkgs

A Salt Master can request a Minion to configure the state of an asset in a specific way.

In the example below, (ssh & curl packages) has been requested to be installed.

install_packages: pkg.installed: - pkgs: - ssh - curl

In addition to providing accurate asset inventory with installed Minions, it can query public and private cloud providers for a list of assets deployed in the cloud infrastructure using Salt and also Salt Cloud.

Salt Cloud

Salt Cloud integrates out of the box with more than two dozen public and private cloud providers, including all major ones such as Google Cloud Platform, AWS, and Microsoft Azure. As a result, it’s easy to inventory all assets across suppliers with a single command.
Here is a quick printout for a query against AWS for a list of all examples:

omer@saltmaster: ~ $ sudo salt-cloud -Q
web0001: ———- id: i-3ef7988c image: ami-1aasdec5f
name: web0001 private_ips: 192.168.65.143 public_ips: 54.18.31.1111111
size: t1.rsc state: running

The same approach applies to other cloud providers. Integrations are not just limited to querying cloud instances. They can also deploy instances, delete them, and even deploy a very complex application in the cloud.

Salt SSH (agentless)

Salt also supports agentless mode over SSH for non-Salt Minions assets. The good thing about Pure SSH’s design is that it supports the same system normalization functions supported by Salt Minions.

For example, a person can run the same commands supported by Salt Minions. Here is an example

omer@saltmaster: ~ $ sudo salt-ssh \ * pkg.list_pkgs

Salt Proxy

Finally, for entities where agents cannot be deployed or SSH is not possible, Salt Proxy Minion offers the option to account for such devices. It is designed to connect to network devices or IoT devices such as Philips Hue light bulbs.

SaltStack Commands

Salt Master: The basic management system that we can call the server.

LEARN MORE  What is Microsoft Exchange Server? Installing Exchange Server 2016

Salt Minions: A managed system that we can describe as a client.

Salt Cloud: Bootstrap command to cloud nodes.

Salt Ssh: Runs commands without minions.

Execution Modules: AD Hoc commands (The name given to the direct connection between computers without using any Access Point or Router).

Grains: Static information about minions.

Pillar: Stores the information defined as a safe user in the master and assigns it to minions.

SaltStak disk
SaltStak disk

 

How to Install SaltStack

Master

$ curl -L https://bootstrap.saltstack.com -o install_salt.sh $ sudo sh install_salt.sh -P -M -N

Slave

$ curl -L https://bootstrap.saltstack.com -o install_salt.sh OR $ wget https://bootstrap.saltstack.com -O install_salt.sh $ sudo sh install_salt.sh –P

 

Install SaltStack
Install SaltStack

 

This is the fastest setup. For individual installation;

On the Salt Master
$ curl -L https://bootstrap.saltstack.com -o install_salt.sh $ sudo sh install_salt.sh -P -M
Ten Each Salt Minion
$ curl -L https://bootstrap.saltstack.com -o install_salt.sh $ sudo sh install_salt.sh -P
$ apt-get install salt-api
$ apt-get install salt-cloud
$ apt-get install salt-master
apt-get install salt-minion
$ apt-get install salt-ssh
$ apt-get install salt-syndic

Master Conf file

You can make the following settings to set the Master and Minion Configurations files.

/etc/salt/master
- #interface: 0.0.0.0
+ interface: 192.168.65.143 (We enter our own IP)
Minion Conf file
nano /etc/salt/minion
- #master: salt
+ master: 192.168.65.143 (We are entering our own IP)

These need external key configuration but don’t need them. It will be much faster with initial setups.

Monitor (Beacons)

Salt Minions files can be configured to monitor processes, services, and many other things. They can also generate events when certain criteria are met, such as failed logins, unauthorized changes to critical files or processes, unexpected changes in CPU load or disk usage.

For example;
# File : /etc/salt/minion 
beacons:
service:
– services:
redis-server:
onchangeonly: True
beacons:
diskusage:
– /: 63%
– /mnt/nfs: 90%

The Salt Beacon capability is the event-generating element of SaltStack event-based automation and is invaluable when combined with the Salt Reactor.

Orchestrate

Salt’s true power begins to emerge when the building blocks that makeup Salt are used to organize and deploy complex applications by running a single command. Thanks to the editing feature, it is now possible to define the infrastructure as code.
Here is an example of deploying web infrastructure with Redis installed:

deploy_web_infra_servers:
salt.state:
– tgt: ‘*web*’
– sls:- httpd
– python
– python.python-lxml
– require:
– salt: deploy_redis_servers
deploy_project_group:
salt.function:
– name: group.add
– tgt: ‘*’- arg:
– web-team
– require:
– salt: deploy_web_infra_servers

This can be run with a simple command;

omer@saltmaster:~$ sudo salt-run state.orch orchestrate.web-infrastructure

 

LEARN MORE  What is PowerShell? What Should Be PowerShell Security?

Respond (Reactor)

Perhaps its most powerful feature is its ability to react and act on events using the Pure Reactor system. The Pure Reactor can be configured to perform predefined actions based on specific event criteria. For example, restart the MySQL service if it has stopped. This power helps organizations achieve a state of event-based automation.

Salt Master and Salt Minions are linked via an event-bus.
When a Salt Master requests Salt Minions to perform an action, such as running a command or installing a package, when complete, the Salt Minion records the success or failure of that operation on the event bus.
Salt Beacons can also record their activities on the event bus.
The Salt Reactor system can be configured to take one or more actions depending on the type of event, such as starting a process when it stops or sending an alert to Slack.
It can write a relevant command that supports a DevOps workflow that sends a message to Slack after a build is complete.

finishes:
alert slack:
local.slack_notify.post_message
– tgt: buildserver
– kwarg:
channel: “Development”
api_key: peWcBiMOS9HrZG15peWcBiMOS9HrZG15″
message: “Build {{ data[‘build_id’] }} finished with status: {{ data[‘status’] }}”

It can be called upon to react to an extremely powerful and complex series of events. The only limiting factor is the creativity of the end-user.

Respond (Reactor)
Respond (Reactor)

 

Automate

It only helps organizations automate routine IT tasks such as adding or removing users and updating servers with a single command. All this is possible with the robust remote execution framework. The remote execution framework consists of 477 execution modules shipped with Salt.
Pkg” is the name of the execution module and “install” is the function called in this module. When the command is run, “vim” is loaded to all available minions. Salt is smart enough to automatically detect the operating system and calls it “yum” for “RedHat OS” and “apt” for Debian.

Automate
Automate

One thought on “What is SaltStack? Asset Inventory

Leave a Reply

Your email address will not be published. Required fields are marked *