de Deutsch en English
binsec GmbH
Project

Salt Automation Infrastructure Management

Overview

There are many configuration and automation management tools out there, like Ansible, Puppet, salt and more. Our tool of choice in most cases is salt. Salt is python based with a server/minion structure, and this is one of the key reasons why we like to use salt. This makes it easier to handle firewall rulesets and security permissions on the servers. In addition, it is written in python, and as we use python in a lot of places, it fits well into our knowledge base, and we can extend it to our needs.

Salt Examples

We use salt in many projects, from small environments where we use it only to manage some users on the servers, up to large infrastructures, where every configuration is managed by salt. To manage this, salt provides a lot of useful methods to manage configurations. From the simple YAML based approch, up to pyDSL with complete python code.

Such a configuration example could be handling NTP: 

ntp:
  pkg.installed: []
  service.running:
    - name: ntp
    - require:
      - pkg: ntp
  file.managed:
    - name: /etc/ntp.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - source: salt://ntp/ntp.conf
    - require:
      - pkg: ntp
    - watch_in:
      - service: ntp
The example above is a salt state configuration with YAML to manage the NTP configuration of a server. It defines that the package ntp must be installed, takes care of the configuration stored in /etc/ntp.conf based on the jinja2 template. If the configuration changes, the ntp service will be restarted.

A much more complex example could be handled by the pyDSL language. This provides the possability to write python code in combination with salt method. 

#!pydsl

services = []
for service in __salt__['pillar.get']('services', {}):
  if __salt__['pillar.get'](f'services:{service}:active', False) is True:
    services.append(f'services/{service}')

include(*services)
In this example we use python code to loop through a dict from services we get from salt pillar. If the service is active in the pillar values, the service is included and processed. In this example there are DSL methods used, like include or __salt__ which allows us fast access of salt functionality. We also use salt pillar, a secure way to store values for each server.

Conclusion

Salt provides a flexible way to manage your infrastructure and configurations. It enables you to smoothly manage hundreds of servers in parallel. back to projects
  • salt
  • automation
  • infrastructure
  • python3