SaltStack Tutorial on Agent and Server Modes

SaltStack is another salt configuration management system tool, in the same category as Chef and Puppet. Of course, SaltStack has its own unique terminology and architecture. SaltStack is built on Python, and it has a Python interface so a user can program directly to SaltStack by using Python code. In this saltstack tutorial, we will learn how to use this as a configuration management system.

Salt Formulas

Most of the instructions or states that get sent out to the nodes are written in YAML or a DSL. These are called Salt formulas. Formulas can be modified but are designed to work out of the box. Another salt key command difference between Puppet and Chef is SaltStack’s overall architecture. SaltStack uses the concept of systems, which are divided into various categories. For example, whereas the Puppet architecture has a puppet salt master and puppet salt minion or the agents, SaltStack has salt master and salt minion.

SaltStack can run salt commands to systems in a multiple operating system in a parallel fashion, which allows for very fast performance. By default, SaltStack leverages a distributed messaging platform called 0MQ (ZeroMQ) for fast, reliable messaging throughout the networking stack.


Salt Reactors and Beacons

SaltStack is an event-driven technology that has components called reactors and beacons. A reactor lives on the salt master server and listens for any type of changes in the node or device that differ from the desired state or configuration. These changes include the following:

  • Command-line configuration
  • Disk/memory/processor utilization
  • Status of services

Beacons live on minions. (Install salt minion because the salt minions are similar to the Puppet agents running on nodes.) If a configuration changes on a node, a beacon notifies the reactor on the salt master ip. This process, with the remote execution capabilities called the remote execution engine or remote execution tool, helps determine whether the configuration is in the appropriate state on the minions. These actions are called jobs, and the executed jobs can be stored in an external database or salt cloud for future review or reuse.


Grains and Pillar

Another notable difference between Puppet and SaltStack is that instead of using modules and manifests to control state and send configuration changes, SaltStack uses pillars and grains. SaltStack grains are run on the minions to gather system information to report back to the master. This information or what they called grains salt is typically gathered by the salt-minion daemon. (This is analogous to Chef’s use of the OHAI service.)

Grains can provide specifics to the master (on request) about the host, such as uptime for example.

Pillars or pillar data, on the other hand, store data that a minion can retrieve from the master. Pillars can also have certain minions assigned to them, and other minions that are not assigned to a specific pillar would not have access to that data. This means data can be stored for a specific node or set of nodes inside a pillar, and it is completely separate from any other node that is not assigned to this particular pillar. Confidential or sensitive information that needs to be shared with only specific minions can be secured in this way.

In terms of overall scale and management, SaltStack, much like Puppet and Chef, can scale to a very large number of devices. Like Puppet and Chef, SaltStack also has an enterprise version and a GUI; this GUI, called SynDic, makes it possible to leverage the master of masters. Although this section focuses more on the command line delivery of SaltStack, it is important to understand that this tool, like the others, offers some very similar features.


High-Level SaltStack Architecture

A part of this SaltStack tutorial is the Puppet. Lke Puppet, SaltStack has its own DSL. The SaltStack command structure contains targets, salt commands, and arguments. The target is the desired system that the command should run. It is possible to target the system by using the MinionID of a minion. It is also very common to target all systems with the asterisk (*), which is a wildcard indicating all systems that are currently managed by SaltStack. Another possibility is to use a combination of the two; for example, Minion* would grab any system that has a MinionID that starts with the word Minion. This is called globbing. The salt command structure uses the module.function syntax followed by the argument. An argument provides detail to the module and function that is being called on in the command. Figure 29-6 shows the correct SaltStack syntax, as well as the power of running a command, called that executes the ad hoc Linux CLI command ls -l /etc across all SaltStack managed nodes and returns the output of the command to the master.


SaltStack Tutorial CLI Command ls -l /etc

Imagine that a network operations team is looking to deploy a new feature on the network and needs a list of all the IP addresses on all the Linux servers in the environment. The team could use to achieve this. However, other commands and modules are specifically designed for such use cases. Rather than having to write up all the ad hoc commands necessary to get the desired outputs from all the nodes, the team could leverage something like the network.interfaces command to gather much more data from disparate systems, such as the MAC address, interface names, state, and IPv4 and IPv6 addresses assigned to those interfaces.

SaltStack tutorial can provide some immediate benefits, especially for operations teams that are used to working in the command-line environment on network and server nodes. With this SaltStack tutorial, you and your team can easily tie the power of Python scripts into SaltStack to create a very powerful combination. Other tools use Python as well, but which one to use ultimately comes down to what the operations staff is most comfortable with.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: