Salt is more than configuration management. In this post, we’ll show you how Salt allows you to command and control your cloud infrastructure. For this demonstration, we’ll show how you can manage droplets in Digital Ocean.
While Salt (and Salt Cloud) support the most popular operating systems, we’ll be using CentOS 7 for this exercise.
Just as Salt allows you to codify your infrastructure, Salt Cloud lets you codify your deployment footprint in a cloud of your choice. The number of supported clouds is, in a word, staggering. For this post, however, we’ll be using Digital Ocean.
If you’re following along with us, we recommend making yourself a droplet on Digital Ocean (or the public cloud of your choice) and working with that VM.
A provider is, in short, the cloud provider plus some details. In this case, it is the combination of “Digital Ocean” plus the region of our choice. For our example, we’ll be using
New York 3
A profile defines the footprint of a single VM - image plus size. There are many other options we can add in here but, for now, we’ll keep things simple.
Let’s gather all the information needed to successfully deploy our Droplet.
The best place to go for the latest instructions is Saltstack’s documentation. However, here’s a quick copy/paste for you:
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub cat >/etc/yum.repos.d/saltstack.repo<<EOL #################### # Enable SaltStack's package repository [saltstack-repo] name=SaltStack repo for RHEL/CentOS 7 baseurl=https://repo.saltstack.com/yum/rhel7 enabled=1 gpgcheck=1 gpgkey=https://repo.saltstack.com/yum/rhel7/SALTSTACK-GPG-KEY.pub EOL yum clean expire-cache yum install -y salt-master salt-cloud systemctl start salt-master
Programmatic access to Digital Ocean requires a Personal Access Token. You can generate one in the settings panel of your account. Once created, keep a note of it. For this demonstration, we’ll assume a fictional token of
You’ll need to define the SSH key you want Salt Cloud to use when it logs into newly-created droplets. Head over to your account’s security section of the settings and add this key.
For this demonstration, we’ll assume that the key has a name of
salt-cloud-demo in the Digital Ocean panel.
This key needs to not be encrypted because Salt Cloud will not decrypt your key for you.
Place the key in the location
If you need help generating your SSH key, here are some hints. Remember to not enter a pass phrase as Salt Cloud cannot decrypt the key.
$ ssh-keygen -t rsa -f digital-ocean.pem Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in digital-ocean.pem. Your public key has been saved in digital-ocean.pem.pub. The key fingerprint is: 9a:1a:37:7e:61:6c:52:84:8f:20:11:6c:aa:19:84:cf The key's randomart image is: +--[ RSA 2048]----+ |..oo . | |..+ . . . | |.= . . + | |o E . o | |.o oS | |o .o= | | . =+ . | | = .. | | . .. | +-----------------+ mv digital-ocean.pem /etc/salt/. chmod 600 /etc/salt/digital-ocean.pem
You want to paste the contents of
digital-ocean.pem.pub into the panel in your security settings.
The easiest way to find the regions available is by just going to Digital Ocean’s status page and viewing the list there. For this exercise, we’ll be using
New York 3
Create a file at
/etc/salt/cloud.providers.d/digital-ocean.conf with the following contents:
digital-ocean-nyc3: driver: digital_ocean personal_access_token: superspecialtoken location: New York 3 ssh_key_name: salt-cloud-demo ### Remember, this is the name in the Digital Ocean panel in your browser ssh_key_file: /etc/salt/digital-ocean.pem
For Digital Ocean, you can supply the ‘slug’. The simplest way to find this is to ask Salt Cloud to fetch a list of images and redirect that output to a text file, where you can search for your favorite image.
salt-cloud --list-images digital-ocean-nyc3 > do-images.txt
As an example, here’s the relevant section for the CentOS 7 image.
14782842: ---------- created_at: 2015-12-10T17:02:21Z distribution: CentOS id: 14782842 min_disk_size: 20 name: 7.1 x64 public: True regions: [u'nyc1', u'sfo1', u'nyc2', u'ams2', u'sgp1', u'lon1', u'nyc3', u'ams3', u'fra1', u'tor1'] slug: centos-7-0-x64 type: snapshot
This means we’ll be using
centos-7-0-x64 as our image ID.
Again, we can ask Salt Cloud to fetch a list of sizes.
salt-cloud --list-sizes digital-ocean-nyc3
Here’s the section for their
512mb: ---------- available: True disk: 20 memory: 512 price_hourly: 0.00744 price_monthly: 5.0 regions: [u'ams1', u'ams2', u'ams3', u'fra1', u'lon1', u'nyc1', u'nyc2', u'nyc3', u'sfo1', u'sgp1', u'tor1'] slug: 512mb transfer: 1.0 vcpus: 1
We will be using the
512mb size for this exercise.
Now that we have everything for our profile, make a file at
do-centos-7.0: # NOTE: This needs to be your real master's IP master: 192.168.1.1 provider: digital-ocean-nyc3 image: centos-7-0-x64 size: 512mb location: New York 3 ssh_username: root private_networking: False ipv6: False
Protip: Many options that we put here in the profile (such as
private_networking can, instead, be put in the provider config file. Doing that will apply those options to all profiles that fall under that provider.
Now that your provider and profile are configured, you’re ready to start launching droplets from the command line.
salt-cloud -p do-centos-7.0 salt-cloud-demo-01
Protip: With this command, Salt Cloud will attempt to bootstrap a Salt minion onto the new droplet (this is incredibly powerful for hands-free deployments). However, if you want to disable this behavior, add
--no-deploy to the end of the command.
You should now have a new droplet in Digital Ocean with a Salt minion on it.
[root@salt-cloud-master-01 salt]# salt-key Accepted Keys: salt-cloud-demo-01 Denied Keys: Unaccepted Keys: Rejected Keys: [root@salt-cloud-master-01 salt]# salt '*' test.ping salt-cloud-demo-01: True
Arguably the best way to install Nginx on CentOS is to use the repo that Ngninx maintains. That means we need to do two things:
1) Configure a Yum repo for the Nginx repository. 2) Install Nginx
Let’s work on #1.
By default, Salt stores state files in
/srv/salt. Make a directory
/srv/salt/yum and write the state file to configure the Nginx Yum repo.
mkdir -p /srv/salt/yum
#/srv/salt/yum/nginx.sls nginx-yum-repo: pkgrepo.managed: - humanname: nginx repo - baseurl: http://nginx.org/packages/centos/$releasever/$basearch/ - gpgcheck: 0 - enabled: 1
Great! Now on to #2.
Make a directory
/srv/salt/nginx and write the state file to install Nginx.
mkdir -p /srv/salt/nginx
# /srv/salt/nginx/install.sls include: - yum.nginx install-nginx: pkg.installed: - name: nginx service.running: - name: nginx - require: - pkg: install-nginx
We’re telling Salt to be sure to configure our Yum repository before attempting to install Nginx. After that’s done, we tell Salt to start Nginx for us. Let’s see if it works.
salt salt-cloud-demo-01 state.sls nginx.install
It will take a moment to return. When it does, you should see something like this:
Summary for salt-cloud-demo-01 ------------ Succeeded: 3 (changed=3) Failed: 0 ------------ Total states run: 3
When that’s finished, visit your droplets IP in your browser. You can find your droplet’s IP with:
salt salt-cloud-demo-01 network.ip_addrs
When you’re all done with your droplet, you can delete it with:
salt-cloud -d salt-cloud-demo-01
This is a lot of work just to install Nginx, yes. But what we’ve built for ourselves here is a platform. Don’t want to use Nginx? Want to use Apache httpd? Change out your automation. Want to use Ubuntu instead of CentOS? Change the OS image you’re using.
The point here isn’t just to install Nginx. The point here is to build a foundation from which you can quickly deploy systems and have them build & configure themselves. To see more about deploying and configuring multiple droplets, see How To Use Salt Cloud Map Files to Deploy App Servers and an Nginx Reverse Proxy.
Remember, the more things you can get the machine to do for you, the more time you have to work on the stuff that matters.