Hard Drive Archive

You do have backups, do you?

Easy salt

Intro

I had idea to write this small post, quite a log time ago, but was busy.
Some people think that salt is difficult, but I can say one thing its easy in use. Yes, salt is easy in use, just hard to master. Main problem is, documentation point you at formulas but in reality pre-made formulas could be over complexed, and that pillar thing may not work for you from the start.

Just copy the file in the right location

And I prefer different approach. When you already have production configuration, you just need to install software, move files in the right location, and to reload/restart daemon/service.
For example, this how my postfix configuration(init.sls) looks like:

install_postfix_packages:
  pkg.installed:
    - pkgs:
      - postfix
      - postfix-pcre

/etc/postfix/generic:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://postfix/files/generic

/etc/postfix/smtp_header_checks:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://postfix/files/smtp_header_checks

/etc/postfix/password:
  file.managed:
    - user: root
    - group: root
    - mode: 600
    - source: salt://postfix/files/password

/etc/postfix/tls_policy:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://postfix/files/tls_policy

/etc/postfix/master.cf:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://postfix/files/master.cf

/etc/postfix/main.cf:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://postfix/files/main.cf

/etc/netdata/health_alarm_notify.conf:
    file.managed:
    - user: netdata
    - group: netdata
    - mode: 660
    - source: salt://postfix/files/health_alarm_notify.conf

reload_postfix:
  cmd.run:
        - name: |
            postmap /etc/postfix/generic
            postmap /etc/postfix/password
            postmap /etc/postfix/tls_policy
            systemctl restart postfix
            systemctl enable postfix

And I dig this “place the right files in right place” approach. Congratulations, you already can use salt.

Salt environments?

Its easy to explain with configuration file:

: salt master
...
file_roots:
  base:
    - /srv/salt/base
  development:
    - /srv/salt/development
  staging:
    - /srv/salt/staging
  production:
    - /srv/salt/production
...

So you can create postfix folder in /srv/salt/production, create init.sls and files folder in it. And run salt with salt 'hostname' state.sls postfix \ saltenv=production

Grains?

Basically, grains is all useful and non really useful information that makes you every host uniq. Good start: https://docs.saltstack.com/en/latest/topics/grains/

Real world examples:

/root/.duply//conf:
  file.managed:
    - user: root
    - group: root
    - mode: 600
    - source: salt://common/files/duply-conf
:cron
# min hour dom month dow command
0 4 * * * /usr/bin/duply /root/.duply/ full_verify_purge --force
0 */4 * * * /usr/bin/duply /root/.duply/ incr

Boom thats it!

The end

I hope information was useful and saved you a lot of time, reader. Salt is easy, just hard to master!

Written on July 14, 2017

No comments

You today

Comments are closed