salt-master-output-01

root@salt:/srv# tree . ├── formulas │   └── haproxy │   ├── init.sls │   ├── ip_addresses.sls │   └── templates │   └── ip_addresses.jinja ├── pillar │   ├── haproxy_apache2.sls │   ├── haproxy_nginx.sls │   ├── mine_network.sls │   └── top.sls └── salt └── top.sls 5 directories, 8 files root@salt:/srv# grep -v ^# /etc/salt/master | grep -v ^$ interface: 0.0.0.0 user: root auto_accept: True file_roots: base: - /srv/salt - /srv/formulas pillar_roots: base: - /srv/pillar mine_get: haproxy*: - network.* root@salt:/srv# salt-key -L Accepted Keys: apache2 haproxy2-nginx haproxy3-apache2 nginx1 nginx2 Denied Keys: Unaccepted Keys: Rejected Keys: root@salt:/srv# root@salt:/srv# find ./ -type f | xargs tail -n +1 ==> ./pillar/top.sls <== base: 'nginx* or apache*': - mine_network 'haproxy*nginx*': - haproxy_nginx 'haproxy*apache*': - haproxy_apache2 ==> ./pillar/mine_network.sls <== mine_functions: network.ip_addrs: [] ==> ./pillar/haproxy_apache2.sls <== app_server: apache2* ==> ./pillar/haproxy_nginx.sls <== app_server: nginx* ==> ./salt/top.sls <== base: 'haproxy*': - haproxy ==> ./formulas/haproxy/templates/ip_addresses.jinja <== # DO NOT CHANGE - GENERATED BY SALT {%- set app_server = pillar.get('app_server') %} {%- for server, addr in salt['mine.get'](app_server, 'network.ip_addrs').items() %} {{ addr[0] }} # {{ server }} {%- endfor %} ==> ./formulas/haproxy/ip_addresses.sls <== /tmp/ip_addresses: file.managed: - source: salt://haproxy/templates/ip_addresses.jinja - template: jinja - user: root - group: root - mode: 644 ==> ./formulas/haproxy/init.sls <== include: - .ip_addresses root@salt:/srv# salt 'haproxy*' cmd.run 'cat /tmp/ip_addresses' haproxy2-nginx: # DO NOT CHANGE - GENERATED BY SALT 192.168.122.182 # nginx1 192.168.122.183 # nginx2 haproxy3-apache2: # DO NOT CHANGE - GENERATED BY SALT 192.168.122.46 # apache2 root@salt:/srv#

README:

consider following scenario:

because you implemented manipulative technics (like infinity scroll) into your existing application people got addicted and instead of meet each other in real life, they meet virtually on your platform.

your application need more computer power to handle their increased nonsense. they increase shit post volume each day by 5% - you need automated way to add new servers into your infrastructure where you can deploy your briliant app.

here comes IaC and config for lab.

 

1. install salt-server on one server. set fqdn to "salt" and make it available to other servers in the network

2. install salt-minion on all other servers in the network

3. copy-paste /etc/salt/master on salt and restart salt-master

important:

```

mine_get:

haproxy*:

- network.*

```

allows to access mine_get network function data for minions with name ^haproxy*

4. minions should connect master automatically and you see accepted minions for $ salt-key -L

5. on salt server in /srv/ directory you find

formulas directory = ansible roles -> usage: code in "<app>" installs and configure <app> service

pillar directory - static variables/dictionaries to help organize servers into groups / configure your unicorn application

salt - where top.sls is placed

6.

./pillar/top.sls - assigns different chunks of configuration to servers

/pillar/mine_network.sls - configure mine_get function

./pillar/haproxy_<app>.sls - set variable used in jinja file

./salt/top.sls - apply haproxy formula (./formulas/haproxy/init.sls) for minions with name ^haproxy*

7.

./formulas/haproxy/init.sls - include ip_address chunk

./formulas/haproxy/ip_addresses.sls - create file using ./haproxy/templates/ip_addresses.jinja

```

/formulas/haproxy/templates/ip_addresses.jinja - generate file

{%- set app_server = pillar.get('app_server') %} <--- get app_server variable from pillar.

<--- ./pillar/haproxy_apache2.sls is assigned only to minions ^haproxy*apache* (based on ./pillar/top.sls) and it sets app_server: apache2*

<--- ./pillar/haproxy_nginx.sls is assigned only to minions ^haproxy*nginx* (based on ./pillar/top.sls) and it sets app_server: nginx*

{%- for server, addr in salt['mine.get'](app_server, 'network.ip_addrs').items() %} <---- app_server is nginx* <---- for each nginx* minion data you have from mine_get

{{ addr[0] }} # {{ server }}  <---- create line with it's first ip address and minion name

{%- endfor %}

```

8. result for $ salt '*' state.apply <---- apply changes according to ./salt/top.sls

each ^haproxy* minion has /tmp/ip_addresses which contains ip addresses of minions finded based on app_server pillar variable in mine data

each time new ^nginx*(<app_server>) minion is added ^haproxy* knows about it's ip address

 

```

begin

while(people_care_about_https://stallman.org/facebook.html := false) do

begin

apply this logic to real infra. start to store personal data. let machine-learning find patterns in human behavior. apply engaging patterns to make your app more addictive.

end;

end.

```

 

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.