Bootstrapping salt on new hosts
82 views
Skip to first unread message
Jeff Abrahamson
Jan 15, 2018, 12:12:37 PM1/15/18
to salt-...@googlegroups.com
In the docs I see some very nice instructions on hand-setup of salt, but
I haven't found any advice on best practice for automated host-up
scripts. So this is kind of a reality check if what I'm doing is
totally missing something or more or less on target.
We've historically been using fabric for host orchestration. So I've a
new fabric target, salt_host_up(), that assumes the host exists, has an
ubuntu image deployed, and has DNS and reverse DNS but nothing else.
The function remote executes the following on my new host:
add salt-stack gpg key
create /etc/apt/sources.list.d/saltstack.list
sudo apt-get update
sudo apt-get install salt-minion
copy a file to /etc/salt/minion
service salt-minion restart
and then remote executes on the server
accept the new key on the master
sudo salt 'the-new-host' state.highstate
That last bit I'm a bit unclear on, since I haven't quite figured out
how to securely automate accepting the new minion key. So that's manual
for now. (And, anyway, I'm describing something I'm still working on,
so maybe I missed a detail.)
Is there a better way?
--
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255
http://p27.eu/jeff/
I haven't found any advice on best practice for automated host-up
scripts. So this is kind of a reality check if what I'm doing is
totally missing something or more or less on target.
We've historically been using fabric for host orchestration. So I've a
new fabric target, salt_host_up(), that assumes the host exists, has an
ubuntu image deployed, and has DNS and reverse DNS but nothing else.
The function remote executes the following on my new host:
add salt-stack gpg key
create /etc/apt/sources.list.d/saltstack.list
sudo apt-get update
sudo apt-get install salt-minion
copy a file to /etc/salt/minion
service salt-minion restart
and then remote executes on the server
accept the new key on the master
sudo salt 'the-new-host' state.highstate
That last bit I'm a bit unclear on, since I haven't quite figured out
how to securely automate accepting the new minion key. So that's manual
for now. (And, anyway, I'm describing something I'm still working on,
so maybe I missed a detail.)
Is there a better way?
--
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255
http://p27.eu/jeff/
Sjoerd Oostdijck
Jan 16, 2018, 7:09:46 AM1/16/18
to salt-...@googlegroups.com
On a fresh box you can run the salt bootstrap script from here:
https://github.com/saltstack/salt-bootstrap
Then what I do is call salt-api to register my new minion with the
master. Since I’m using centos I’ve got this scripted in the post
install of my anaconda installation.
See here for some info:
https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#key
Good luck,
-Sjoerd.
Sjoerd Oostdijck
Senior Systems Engineer - RIPE NCC
https://github.com/saltstack/salt-bootstrap
Then what I do is call salt-api to register my new minion with the
master. Since I’m using centos I’ve got this scripted in the post
install of my anaconda installation.
See here for some info:
https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#key
Good luck,
-Sjoerd.
Senior Systems Engineer - RIPE NCC
Jeremy McMillan
Jan 16, 2018, 8:19:34 PM1/16/18
to Salt-users
Saltify would do what you're currently using fabric to do. This works best when you have a known enumeration of IP addresses and hostnames and/or minion ids that you can use to drive saltify.
Reply all
Reply to author
Forward
0 new messages