Tuesday, January 2, 2018

Configuration Management with Salt Stack on Windows - Part 3 - Basic Configuration Management of Windows with Salt


In part 3 we're going to just scratch the surface of remote execution in Salt. We're going to accept the keys for the master server and  run basic tasks using the built in modules.

The minion automatically tries to contact the Master server. The master server must approve the minions "keys" before it can be managed.

On the master server you can view the keys by using the command
sudo salt-key -L

As you can see we need to accept the "keys"

You can accept the key by using the command
sudo salt-key -a WIN-R7RQM4ENMHS

If you use the parameter -A instead you can accept all keys.

To test that the minion is checking in you can use the following commands.
sudo salt '*' test.ping 

All modules can be found in the documentation:
https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules

Looking back at the tasks we want to accomplish, we can now accomplish these tasks with salt commands.
  • IIS configuration
  • Registry / File & User management
  • Patch status evaluation and configuration
To list all IIS sites, we can use the below command:
salt '*' iis.list_sites
There are a wealth of other tasks accomplish with the win_iis module:
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_iis.html

To create an example user, we can use the below command:
sudo salt '*' user.add Testuser Password123!
sudo salt '*' user.addgroup Testuser 'Administrators' 
To download Windows updates, we can use the below command:
sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] download=True
To install Windows updates, we can use the below command:
sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] install=True
In part four - we're going to dive deeper into Salt fundamentals such as configuration management, grains, and pillars.

Friday, December 29, 2017

Configuration Management with Salt Stack on Windows - Part 2 - Configuring Salt Minion with Vagrant


This is part two of a series of basic configuration management for Saltstack for use in an Windows environment. In this guide we'll be covering the basics of setting up Salt Stack Windows minion on a test machine on Vagrant. Part 3 we will be diving into the meat and pushing some buttons automatically with the Salt Master.

In order to create a test minion, we'll be using a Windows Server 2012 R2 vagrant image.
https://app.vagrantup.com/mwrock/boxes/Windows2012R2

vagrant init mwrock/Windows2012R2
vagrant up
 Once the machine is online you can login with vagrant / vagrant.

The download for the salt minion can be found on

https://repo.saltstack.com/#windows

Or the direct link:

https://repo.saltstack.com/windows/Salt-Minion-2017.7.2-Py2-AMD64-Setup.exe

The Windows installer is straightforward - just enter the Master IP or Hostname for the Salt server. We're not going over the internet, so I entered the Private IP. If you use the default "hostname" option, it will use the windows Hostname as the minion name.



The preferred method of installation would be to use the silent install parameters, which are listed below.
Salt-Minion-2017.7.2-Py2-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=hostname
Once the minion is installed, you can see the salt-minion displayed in services:






The Salt installation is default under C:\

The configuration under C:\salt\conf you can edit the minion_id file if you'd like to change the name.

In the next post, "Part 3 - Configuration Management of Windows with Vagrant." we'll be diving into Salt basics and example configuration management tasks.

Configuration Management with Salt Stack on Windows - Part 1 - Installing Salt Stack Server with Vagrant

This is part one of a series of basic configuration management for Saltstack for use in an Windows environment. In this guide we'll be covering the basics of setting up Salt Stack Server with a test machine on Vagrant. It's important to note that the "master" server of Salt must be run on a Linux sever, with their being support for a ton of different operating systems as minions. Part 2 will descibe setting up a Windows minion.

We'll be grabbing the recently updated generic Ubuntu 16.04 vagrant box as a starting point
https://app.vagrantup.com/generic/boxes/ubuntu1604

Run the following commands to start this box:
vagrant init generic/ubuntu1604
vagrant up








Once the server is setup, you can SSH into the Linux server and login with vagrant with the password of vagrant.

Using the bootstrap script, you can easily provision the Salt Master server
https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html#salt-bootstrap

There are a ton of different opinions listed for getting Salt setup - but since wget is installed by default we'll use these commands to install the latest stable version. The -M parameter is used to install the master server, running without it will install the minion components.
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh -M

You should receive a notice that SALT has been installed.


The default out of box configuration works well in most instances. The Master server listens on all interfaces on port 4505 for publications and port 4506 for "returns".

Run the command to check that the salt master is running.
service salt-master status


In the next post, "Part 2 - Configuring Salt Stack Minion with Vagrant" we'll be diving into configuration of a Windows minion.

Configuration Management with Salt Stack on Windows - Part 0

This is the first foray into Configuration Management on Windows with Salt Stack.

With Configuration management on Windows, I feel as the more I am getting ramped up on working with a development team, the more I understand the need for measurable, consistent and scripted changes. I am looking for the following things:

  • Centralized management over the public Internet
  • Reasonable cost per machine OR the ability to use the community / free edition for my tasks.
  • Ability to work well with Windows
    • IIS configuration
    • Registry / File & User management
    • Patch status evaluation and configuration
    • Low agent footprint.

I stumbled upon SaltStack after a co-worker recommended it. I had a hard time finding specific information related to my use case, but I dug into watching the following presentation.






I'll be honest, after watching, I was completely lost - but it seemed like I was on the right path, so I thought I'd dig in.


With the following series, I'll be digging into a much easier and approachable use case:
  • Part 1 - Installing Salt Stack Server with Vagrant
  • Part 2 - Configuring Salt Stack Minion with Vagrant
  • Part 3 - Configuration Management of Windows with Salt.
  • Part 4 - Practical configuration management with Salt.

Thursday, December 28, 2017

How to update Expired VSTS Service Principal Keys in AzureRM portal



If the service principal expires you may need to update the expiration by creating a new key. 

In Visual Studio Team Services, the following error may be logged if the Service Principal key is expired:
 
Failed to check the resource group status. Error: Could not fetch access token for azure. Status code: 401, status message: Unauthorized.

To fix, we can create a new key:
 
Login to the Azure portal:

Select Azure Active Directory
 
Select App Registrations from the sidebar
 

Search for the Service Principal Client ID – that has expired

 .

Select the Application after searching.
Select “Keys”
 
Create a new password you can enter anything as the description – set the duration to never expire.
 
Click save and copy the value shown under “value”.

In VSTS select Services under project
Select "Update Service Configuration" and enter the new key.