Managing Users

If you manage several systems but do not use a directory service, you still might want to manage users centrally. Unsurprisingly, Salt offers a module, pw_user, that lets you add new users, delete user accounts, and modify individual attributes, such as the home directory [14]; you can even rename existing users. Listing 3 shows how you can create a new user with the user, rather than the pw_user, keyword. Before deleting a specific user, you could first list the users on all the systems.

Note that Salt offers a module (ssh) to manage the SSH service, so when creating users you can combine modules if you need to generate an SSH key for a new user (ssh-keygen -t rsa) and roll it out to all the existing systems. The module's documentation [15] demonstrates how that works. If you want to do more than just monitor your systems (e.g., collect status information), take a look at the status module [16]. Running status.all_status returns all status data (a lot) for the minion specified. To access the hard disk data in a targeted way, use status.diskusage, and to check the load status, use status.loadavg.

If Salt does not offer a module for a functionality of interest, you can simply run shell commands on the systems by using the cmdmod module [17], which takes the form cmd.<function>. The cmd.run pair takes a command you pass in between double or single quotes (Figure 5) and returns the output. Make sure you run the functions from this module with cmd and not with cmdmod.

Figure 5: In many cases, it makes sense to run shell commands directly.

More than Modules

In addition to modules, Salt offers a few commands that cover other functionality. The salt-cp command, for example, copies data from the master to the minions (Listing 4, first line), allowing you to maintain /etc/hosts, /etc/motd, or other configuration files centrally. However, this command was only intended as an emergency solution. Generally, you will be able to manipulate existing files in the most targeted way with the file module or use the management module for configuration files.

The salt-run command interacts with Salt; for example, it can be used to create a list of unreachable minions:

sudo salt-run manage.down

On Salt, every use of a module is dubbed a job, and salt-run lets you generate a list of the last jobs (Listing 4, second line). If you would like to see the output of a certain Salt job again, specify the job ID (Listing 4, last line). For the individual commands, salt-run makes use of its own modules, called "runners" [18].

Conclusions

SaltStack offers almost unlimited system management possibilities because of its large number of integrated modules. Even without the use of in-house configuration management, your computers will be very much under your command, regardless of whether you need to manage users, keep your systems up to date, or just get an overview of particular servers.

Even in heterogeneous networks with Windows machines, you can use Salt. Thanks to its built-in software administration, you can install standard programs like Firefox on Windows clients, and other functions from Linux are also available. Salt proves to be a versatile talent: It makes the use of many tools and DIY scripts redundant.