VMware vRealize SaltStack Config as a Windows Server Admin - Part 4
Part 4: How to use SaltStack Config with Windows Server and PowerShell
The latest item on my journey with VMware vRealize SaltStack Config as a Windows Server Admin will be salt grains. I have a specific use case that made me start looking at grains. In VMware vCenter I use vCenter TAGs to organize VMs. I also use vCenter TAGs to organize VMs in vRealize Operations. I want to use the same logic of using vCenter TAGs in SaltStack Config. SaltStack Config does not use vCenter TAGs OOTB (Out of the Box) for VMs.
At the end of this Blog Post I also have an SaltStack Config Orchestration example. Instead of running multiple Jobs one at a time I have (4) steps in a SLS file that I run using a salt-run job and the function state.orchestrate.
This is what I learned about salt grains when using with a Windows OS.
- The default location of the grains file is in directory “C:\salt\conf".
- The grains file is named grains with no extension.
Example grains file:
- “Grain Name”: “The value of the grain”.
- In my example I wanted the grain to be named “vCenterTags” and the values will be the vCenter TAG names “TAG-VM-vCROCS|TAG-VM-WebServer|TAG-App-Hugo”. I have (3) vCenter TAGs assigned to this VM. I will be able to create a SaltStack Config Target based on any of the TAGs.
SaltStack Config Targets:
When I add the vCenter TAG information to the grains file I am then able to create SaltStack Config Targets based on the grain “vCenterTags”.
SaltStack Config Targets:
SaltStack Config Target Definition:
How to add the vCenter TAGs to the grains file on all your VMs in SaltStack Config:
Step 1: Get the VM Names and All Assigned vCenter TAGs into a csv file
Example PowerShell Code to get all vCenter VM Names and all vCenter TAGs assigned to the VMs
Step 2: Copy the csv file to the salt master
After I create the csv file I copy to the StackStack Config Server (Salt Master) in the folder /var/srv/salt. This is where all files need to be saved when you use function cp.get_file.
Step 3: Copy the csv file to the salt minions
You may be wondering why I copy the file to the minion and not copy to a central share. My environment has NSX-T with zero trust. Most of my automation I do not open ports to servers that are not needed permanently. So the concept of using salt to copy files to minions, use the files to make changes and then delete the files when processes are complete works well in a zero trust environment.
Job to copy csv file to minions:
Step 4: Run Script on minion
After I copy the csv file to the minion I run a script to create/update the grains files.
Job to run a PowerShell Script to create/update the grains file:
Example PowerShell Code to create/update grains file on a minion:
Step 5: Run job to do a sync_grains
Anytime you make any changes to the grains file you should run the function saltutil.sync_grains to update the SaltStack Config Server immediately.
Job to run sync of the minion grains information:
SaltStack Config Orchestration:
Job to Orchestrate all the steps:
- Copy file to minion.
- Run script to create/update grains file
- Run a sync_grains.
- Delete the files from the minions when processes are complete.
Example Orchestration SLS file:
Salt-Run Job to Orchestrate Copy File/Run Script/Run Sync/Delete File:
- Grains are a good way to create SaltStack Config Targets. Allows you to group VMs together the same way you can in vCenter.
- The Grains file is basically a Database that can be any information that you want to show about your VMs. In this Blog post I am adding vCenter TAGs to the minions but the information could be anything that helps you target VMs.
- If the default list of grains OOTB doesn’t show the information you want to see, you can easily add your own gains with a little bit of code.
Salt Links I found to be very helpful:
- SaltStack Cheat Sheet
- SaltStack Tutorials
- SaltStack Documentation
- SaltStack Community Slack Channel
- Learn vRealize Automation
- Learn SaltStack Config