chanciturnervgt2

Amazon Onboarding with Learning Manager: Chanci Turner

by

VGT2 Las Vegas
in

Amazon Onboarding with Learning Manager: Chanci TurnerLearn About Amazon VGT2 Learning Manager Chanci Turner

Like Ansible, Salt is a widely used tool for configuration management, presenting challenges in efficiently managing deployment and execution of automation directives. Amazon EC2 Systems Manager serves as a robust configuration management solution. A significant advantage is that it allows users to implement any configuration management tool they currently employ. In a previous post regarding Ansible, I discussed how Systems Manager can be utilized to handle configuration management states. Here, I will delve into the use of Salt in master-less mode while harnessing the simplicity, power, and security offered by Systems Manager. Additionally, I will introduce a new Systems Manager document designed to facilitate the execution of Salt states.

Overview of Systems Manager

Systems Manager utilizes documents to outline actions to be performed on your managed instances. Some key benefits of using Systems Manager include:

  • Enhanced Security: There’s no need to open incoming ports for remote execution, eliminating SSH requirements. Granular IAM policies can restrict and manage access effectively, and all command executions are logged via AWS CloudTrail.
  • Performance and Reliability: Execute commands asynchronously, ensuring commands are delivered and executed even if the system goes offline. Scale executions efficiently by using velocity control and tags. Additionally, you can manage deployment rates if errors arise during the process.

Overview of Salt

Salt employs the concept of states, which are sets of configuration directives dictating what software should be installed and how it should be configured. Typically, Salt operates with a master server, while the servers receiving directives are known as minions. However, Salt states can also be executed locally in master-less mode. This feature allows you to leverage Systems Manager to distribute and run Salt state files through Amazon EC2 State Manager or Run Command.

Introducing the AWS-RunSaltState Document

The newly introduced AWSRunSaltState document automates the process of running Salt states locally using Systems Manager, accessible via the console or API. Here are the components of the document and its functionality:

  • Parameters: The AWSRunSaltState document offers several parameters for executing Salt states:
    • State: Input YAML to define the Salt state automation.
    • Stateurl: (Optional) URL for a file containing the YAML text for the Salt state, compatible with http or s3 formats.
    • Pillars: (Optional) Additional variables for execution; Salt uses pillars for defining data that configures managed instances.
    • Test: If true, performs a dry-run, reporting actions without execution.
  • Execution Steps: The AWSRunSaltState document performs validations and executes automation based on the provided YAML definitions:
    • Confirms the Salt version is present on the system.
    • Determines the input method for the State parameter, copying data to a temporary state file.
    • Executes the appropriate command based on the test option.
  • Salt-call: Salt includes an application called salt-call, used on managed instances to locally execute Salt states. The AWSRunSaltState document employs this application for local execution.

Walkthrough Using Systems Manager and State Manager

Here’s a practical example of using State Manager with the new document to execute Salt state files.

Prerequisites

Before proceeding, ensure the following requirements are met:

  • Target instances must be managed by Systems Manager. For guidance, refer to the SSM Agent installation instructions.
  • Salt must be pre-installed on the target instance; failure to do so will result in execution failure. This document executes Salt states locally.
  • If utilizing S3 URLs, ensure the AWS CLI is installed on the target instance.

Installing Salt for Master-less Execution

If Salt is already installed, you may skip this section. To install Salt on target instances for master-less minion operation, run the following commands on the Linux instance:

curl -L https://bootstrap.saltstack.com -o bootstrap_salt.sh
sudo sh bootstrap_salt.sh

Alternatively, these commands can be executed via Systems Manager Run Command using the AWS-RunShellScript document, facilitating the necessary installations for master-less mode with salt-call.

Using State Manager and the AWSRunSalt Document

The following YAML Salt state file demonstrates automation to install Apache if it’s absent:

apache:
  pkg.installed:
    {% if grains['os'] == 'Amazon' %}
      - name: httpd
    {% elif grains['os'] == 'Ubuntu' %}
      - name: apache2
    {% endif %}

To apply this Salt state file using Systems Manager, follow these steps:

  1. In the EC2 console, select State Manager and create an association.
  2. From the Document list, select the “AWS-RunSaltState” document.
  3. Keep Document Version as $DEFAULT.
  4. Under Targets, manually select the instances or use tags.
  5. Set the frequency for running the association under Schedule.
  6. Paste the YAML text for the Salt state under Parameters, leaving Stateurl empty.
  7. Enter additional variables for Pillars in the format: {"SSM":"True"} or nested dicts like {'pkg': {'apache': 'httpd'}}.
  8. Optionally choose the test option and add a comment.
  9. Click Run.

To verify output, click the Association ID link for this run in the console. After the first execution, results can be reviewed under the Status column of the association. Every subsequent run will execute the Salt state, maintaining a consistent operational flow.

If you find yourself needing assistance with productivity, consider exploring this blog post for helpful resources. Additionally, for insights into the onboarding process, check out this excellent resource.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *