alkali

alkali is a collections of SaltStack states and pillar data that provide just the basics for provisioning Linux instances that may be built upon. alkali is a starter kit of sorts, to help new users to SaltStack get up-and-running quickly with the most commonly used, core packages.

Discussion

Salt state and pillar trees reside within this repository under the srv directory. These trees are meant to be run within a "provision" environment, and only when a special grain is set to True: in_provisioning.

The provision environment is intended to span across minions that are part of any salt environment. It contains a very common collection of states and is generally static, the intent is that these states will only be executed a single time like so:

salt -G 'in_provisioning:True' state.highstate saltenv=provision -l debug

States in other environments run post-provision phase, may change settings previously applied. The provision phase is not intended to meet the precise requirements of all possible instance types, but rather to apply useful defaults that may be extended and overridden from more specific environments and targeting.

While very uncommon, it is occasionally necessary to re-run an updated provision environment state file. If the dnsmasq_cache states are updated for example and it is desirable to run the updates on any hosts matching .dev. in the hostname:

salt '*.dev.*' state.sls dnsmasq_cache saltenv=provision -l debug

Getting Started

These states are currently only compatible with debian-based systems, with a few specific states ony compatible with Ubuntu. They have only been tested and are known to work on Ubuntu 14.04 and some later Ubuntu releases.
Provision states will work with a master minion setup in which the saltenv may be specified as an argument to the salt or salt-call commands.
Clone this repository and copy relevant directories to /srv/salt/provision and /srv/pillar/provision, most likely on a salt master
Bring up any instances that will be part of the cluster, with recent base Ubuntu installs preferably.
Make sure to have a base environment, with an empty top.sls file at a minimum, /srv/salt/base and /srv/pillar/base
Configure file_roots and pillar_roots (e.g. in /etc/salt/master), for example:

file_roots:
  base:
    - /srv/salt/base
  provision:
    - /srv/salt/provision

pillar_roots:
  base:
    - /srv/pillar/base
  provision:
    - /srv/pillar/provision

Any minions to be provisioned must have the in_provisioning grain set:

salt-call grains.setval in_provisioning True

Provision minions. From the master:

salt -G 'in_provisioning:True' state.highstate saltenv=provision -l debug

Compound targeting may be useful in some scenarios.

Once provisioned, removing the in_provisioning grain is recommended. If left in place, any general highstate will run the provision states, which is most likely undesirable.

salt-call grains.delval in_provisioning destructive=True

Included States

All of the included states have a README.rst file with additional details, but to summarize:

aliases
apt
apt-sources
base-packages
disy
dnsmasq-cache
hosts-block
iptables-persistent
kernel-install
limits
motd
postfix
provision-final
rsyslog-client
sysctl
timezone

Other States

A few noteworthy formulas and states that are absent and will most likely be useful to a wide audience:

ntp - Using the SaltStack community formula is recommended
openssh - Using the SaltStack community formula is recommended
Log shipping and monitoring agents - nrpe, zabbix, the splunk forwarder, newrelic, etc.
Account management-related states
resolvconf management

ToDo / Known Issues

Add support for non-Debian-based distributions and better non-Ubuntu-specific support in general.

License

Apache License, version 2.0. Please see LICENSE.

bhodges / alkali Goto Github PK

alkali's Introduction