Part 2:


I have been able to spend more time with VMware vRealize SaltStack Config. Here are some updates on my journey with SaltStack as a Windows Server Admin.


Auto-Accept new minions:

I wanted new Windows Server builds (minions) to be auto accepted into SaltStack Config instead of someone manually approving new minions. To do this you need to have a reactor.conf file. I created the file in SaltStack Config File Server in base/reactor/reactor.conf (See Code below). You also need to create a reactor.conf file in /etc/salt/master.d on the salt master. I use vi to create and edit the reactor.conf file. Anytime you make changes to the /etc/salt/master.d/reactor.conf file you need to restart the salt-master service.

In addition to the reactor file you need to create a state file. I located the file in /reactor/accept-key.sls (See Code below). I specified what the name of the new server starts with so that not all new minions get auto accepted. If the Naming Standard that I use is not what the new Server is named it will not be auto accepted. This is one way to have some rules on which new Servers are auto accepted.


Reactor File: base/reactor/reactor.conf

reactor:
  - 'salt/auth':                              # React to a new minion
    - salt://reactor/accept-key.sls           # Run this state to auto accept new minion

Location of the Reactor File:

Click Here to see Larger Image of Screen Shot

State File: base/reactor/accept-key.sls

{% if 'act' in data and data['act'] == 'pend' and data['id'].startswith('DBH') %}
minion_add:
  wheel.key.accept:
    - args:
      - match: {{ data['id']}}
{% elif 'act' in data and data['act'] == 'pend' and data['id'].startswith('vCROCS') %}
minion_add:
  wheel.key.accept:
    - args:
      - match: {{ data['id']}}
{% endif %}

Location of the State File:

Click Here to see Larger Image of Screen Shot

To restart the salt-master service run this command from the salt-master cli.

service salt-master restart

To check the status of the salt-master service run this command from the salt-master cli.

systemctl status salt-minion.service

Jobs:

I think a good way to get Started with SaltStack Config after you have some minions added is to create some Jobs. You can create Jobs in the SaltStack Config UI. Go to Config/Jobs. You can manually run these Jobs on the minions.

Here are some screen shots of jobs that can be useful. To run a job on a single minion go to minions and find the minion you want to run the job on, Select the minion, Select Run Job, Select the Job you want to run, select Run Now. If you select multiple minions the Job will run on all minions selected.

That is where you start to see the True Power of Salt. If you Select one, ten, a hundred or a thousand minions, the time to complete the selected job is very quick. As a Windows Admin and using PowerShell, it would not be as easy to run a script on a 1,000 Servers at the exact same time.


List of all the Jobs:

Click Here to see Larger Image of Screen Shot

Job to stop the Print Spooler Service:

Click Here to see Larger Image of Screen Shot

This job I am using a salt function service.stop. Pass the Service name as a argument.


Job to stop the Print Spooler Service using a PowerShell Command:

Click Here to see Larger Image of Screen Shot

This job I am using a salt function cmd.run. Pass the PowerShell code and type of cmd as arguments.


Job to stop and disable the Print Spooler Service using a PowerShell script:

Click Here to see Larger Image of Screen Shot

This job I am using a salt function cmd.script. Pass the PowerShell script path and type of cmd as arguments.


Job to copy a file to a minion:

Click Here to see Larger Image of Screen Shot

This job I am using a salt function cp.get_file. Pass the file source path and destination path as arguments.


Job to reboot a minion:

Click Here to see Larger Image of Screen Shot

This job I am using a salt function system.reboot. Pass the wait time to reboot and wait_for_reboot as arguments.


If you noticed I have some jobs doing the same process but one is using a salt function and one is using a PowerShell command. I wanted to show you how your existing PowerShell skills as a Windows Server Admin can be used in SaltStack Config. You don’t need to re-learn everything. Using PowerShell with a job is also very helpful when there is not a salt function to do what you need to accomplish. I have been trying to use the built-in salt functions whenever possible to get more familiar with the product.

Here is a saying that someone wrote or said that I seen online about salt. When in doubt, command out.


Lessons Learned:
  • Auto Accepting Minions is a nice start to using SaltStack Config with new vRealize Automation Server Builds. The new server will get auto accepted and you can then setup a State to install software like the Carbon Black Agent on every new Server.
  • Running a job on a 1,000 Servers is just as easy as running a job on a single server.


When I write about vRealize Automation (“vRA”) I always say there are many ways to accomplish the same task. SaltStack Config is the same way. I am showing what I felt was important to see but every organization/environment will be different. There is no right or wrong way to use Salt. This is a GREAT Tool that is included with your vRealize Suite Advanced/Enterprise license. If you own the vRealize Suite, you own SaltStack Config.

Last Update: 08/06/2021