===== Slatstack =====

"SaltStack software orchestrates the build and ongoing management of any modern infrastructure. SaltStack is also the most scalable and flexible configuration management software for event-driven automation of CloudOps, ITOps and DevOps." -- from the Saltstack Web Site

Saltstack traditionally operates in a master/minion architecture. While it is possible to run a Saltstack implementation with no master, this tutorial will focus on the more traditional approach. In this tutorial, our Saltstack master will run on the same system as our web proxy and our continuous integration service, Jenkins. In your enterprise these can certainly run on separate systems; however, we will later do some cool things with this particular architecture and service pairing.

=== Install Saltstack Master ===

On ''master'', install the Saltstack salt-master service by adding the signing keys and repository, then update and install.
<code>
ssh waytta@master
wget -O - https://repo.saltstack.com/apt/debian/8/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
sudo sh -ec 'echo deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main >> /etc/apt/sources.list.d/saltstack.list'
sudo apt-get update
sudo apt-get install salt-master
sudo sh -ec 'echo kvm* >> /etc/salt/autosign.conf'
</code>

=== Configure Saltstack Master ===

To configure the Saltstack master service on ''master'', create the file ''/etc/salt/master.conf.d/waytta-master.conf'' with these configuration options:
<file yaml waytta-master.conf>
state_output: mixed

file_roots:
  base:
    - /srv/salt

fileserver_backend:
  - git
  - roots

gitfs_provider: GitPython

gitfs_remotes:
  - git@master:waytta/salt-states.git

autosign_file: /etc/salt/autosign.conf

ext_pillar:
  - git: master git@master:waytta/salt-states.git root=pillars
</file>

Restart the salt-master service:
<code>
sudo service salt-master restart
</code>

=== Install Saltstack Minion(s) ===

To install and configure the salt-minion service on our minions, perform the following steps on both ''kvm1'' & ''kvm2'':

<code>
sudo sh -ec 'echo \\n192.168.1.1 master >> /etc/hosts'
wget -O - https://repo.saltstack.com/apt/debian/8/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
sudo sh -ec 'echo deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main >> /etc/apt/sources.list.d/saltstack.list'
sudo apt-get update
sudo apt-get install salt-minion
sudo sh -ec 'echo "master: master\n" > /etc/salt/minion.d/minion.conf'
sudo /etc/init.d/salt-minion restart
</code>

=== Confirm Connectivity ===

On ''master'', confirm the security keys for ''kvm1'' & ''kvm2'' are accepted and listed in the output:
<code>
sudo salt-key -L
Accepted Keys:
kvm1
kvm2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
</code>

Finally, run a test command on ''master'' to confirm it can execute commands on the minions:
<code>
sudo salt '*' test.ping
kvm1:
    True
kvm2:
    True
</code>

Congratulations, you've completed this lesson.

=== Resources ===

  * [[https://docs.saltstack.com/en/latest/topics/installation/debian.html|Saltstack]] - Installation from the Saltstack repository
  * [[https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html|Saltstack]] - Walkthrough tutorial
  * [[https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html|Saltstack]] - Git Fileserver Backend Walkthrough