Managing multiple systems in parallel with SaltStack

Managing Users

If you manage several systems but do not use a directory service, you still might want to manage users centrally. Unsurprisingly, Salt offers a module, pw_user, that lets you add new users, delete user accounts, and modify individual attributes, such as the home directory [14]; you can even rename existing users. Listing 3 shows how you can create a new user with the user, rather than the pw_user, keyword. Before deleting a specific user, you could first list the users on all the systems.

Listing 3

Creating a New User

 

Note that Salt offers a module (ssh) to manage the SSH service, so when creating users you can combine modules if you need to generate an SSH key for a new user (ssh-keygen -t rsa) and roll it out to all the existing systems. The module's documentation [15] demonstrates how that works. If you want to do more than just monitor your systems (e.g., collect status information), take a look at the status module [16]. Running status.all_status returns all status data (a lot) for the minion specified. To access the hard disk data in a targeted way, use status.diskusage, and to check the load status, use status.loadavg.

If Salt does not offer a module for a functionality of interest, you can simply run shell commands on the systems by using the cmdmod module [17], which takes the form cmd.<function>. The cmd.run pair takes a command you pass in between double or single quotes (Figure 5) and returns the output. Make sure you run the functions from this module with cmd and not with cmdmod.

Figure 5: In many cases, it makes sense to run shell commands directly.

More than Modules

In addition to modules, Salt offers a few commands that cover other functionality. The salt-cp command, for example, copies data from the master to the minions (Listing 4, first line), allowing you to maintain /etc/hosts, /etc/motd, or other configuration files centrally. However, this command was only intended as an emergency solution. Generally, you will be able to manipulate existing files in the most targeted way with the file module or use the management module for configuration files.

Listing 4

Other SaltStack Commands

 

The salt-run command interacts with Salt; for example, it can be used to create a list of unreachable minions:

sudo salt-run manage.down

On Salt, every use of a module is dubbed a job, and salt-run lets you generate a list of the last jobs (Listing 4, second line). If you would like to see the output of a certain Salt job again, specify the job ID (Listing 4, last line). For the individual commands, salt-run makes use of its own modules, called "runners" [18].

Conclusions

SaltStack offers almost unlimited system management possibilities because of its large number of integrated modules. Even without the use of in-house configuration management, your computers will be very much under your command, regardless of whether you need to manage users, keep your systems up to date, or just get an overview of particular servers.

Even in heterogeneous networks with Windows machines, you can use Salt. Thanks to its built-in software administration, you can install standard programs like Firefox on Windows clients, and other functions from Linux are also available. Salt proves to be a versatile talent: It makes the use of many tools and DIY scripts redundant.

Infos

  1. SaltStack project: http://SaltStack.com/community/
  2. ZeroMQ: http://zeromq.org/
  3. Windows minions: https://docs.SaltStack.com/en/latest/topics/installation/windows.html
  4. Supported operating systems: https://docs.SaltStack.com/en/latest/topics/tutorials/salt_bootstrap.html#supported-operating-systems
  5. Opening ports for Salt: https://docs.SaltStack.com/en/latest/topics/tutorials/firewall.html
  6. test module: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.test.html
  7. Targeting minions: https://docs.SaltStack.com/en/latest/topics/targeting/
  8. Defining grains: https://docs.SaltStack.com/en/latest/topics/targeting/grains.html
  9. Built-in Salt modules: https://docs.SaltStack.com/en/develop/ref/modules/all/index.html
  10. Writing your own modules: https://docs.SaltStack.com/en/latest/ref/modules/
  11. pkg module: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.pkg.html
  12. Package module for Apt-based systems: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.aptpkg.html#module-salt.modules.aptpkg
  13. file module: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.file.html
  14. User management with Salt: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.pw_user.html
  15. SSH commands: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.ssh.html
  16. status module: https://docs.SaltStack.com/en/latest/ref/modules/all/salt.modules.status.html
  17. Shell commands with Salt: https://docs.SaltStack.com/en/develop/ref/modules/all/salt.modules.cmdmod.html
  18. Integrated runner modules: https://docs.SaltStack.com/en/latest/ref/runners/all/index.html

The Author

Valentin Höbel works as a cloud architect for the VoIP specialists NFON AG in Munich, Germany. If he is not playing table soccer in his free time, you are likely to find him investigating the latest open source technologies.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Perl – Vagrant Package

    The Vagrant package provides easy management of virtual machines with VirtualBox as the hypervisor on the command line. Provisioning tools like Puppet let customers try out products in pre-installed environments.

  • News

    In the news: Dell to Enable Privacy Controls for Linux Hardware; Linux Mint Unveils New Packages; Pop!_OS 20.10 Now Supports DEB822 Format; Ubuntu 20.10 with Raspberry Pi Support; SaltStack Acquisition Brings More Automation to VMware; and New Storage Model Could Replace POSIX.

  • Stream Internet Radio from the Command Line with mpg123
  • Encrypted Filesystems

    If you’re not a security expert and you're looking for a crypto filesystem, you may be wondering about the alternatives. We took at a look at some popular crypto options for Linux.

  • openSUSE Leap 15.1 Released

    Better hardware support.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News