alkali is a collections of SaltStack states and pillar data that provide just the basics for provisioning Linux instances that may be built upon. alkali is a starter kit of sorts, to help new users to SaltStack get up-and-running quickly with the most commonly used, core packages.
Salt state and pillar trees reside within this repository under the srv directory. These trees are meant to be run within a "provision" environment, and only when a special grain is set to True: in_provisioning.
The provision environment is intended to span across minions that are part of any salt environment. It contains a very common collection of states and is generally static, the intent is that these states will only be executed a single time like so:
salt -G 'in_provisioning:True' state.highstate saltenv=provision -l debug
States in other environments run post-provision phase, may change settings previously applied. The provision phase is not intended to meet the precise requirements of all possible instance types, but rather to apply useful defaults that may be extended and overridden from more specific environments and targeting.
While very uncommon, it is occasionally necessary to re-run an updated provision environment state file. If the dnsmasq_cache states are updated for example and it is desirable to run the updates on any hosts matching .dev. in the hostname:
salt '*.dev.*' state.sls dnsmasq_cache saltenv=provision -l debug
- These states are currently only compatible with debian-based systems, with a few specific states ony compatible with Ubuntu. They have only been tested and are known to work on Ubuntu 14.04 and some later Ubuntu releases.
- Provision states will work with a master minion setup in which the saltenv may be specified as an argument to the salt or salt-call commands.
- Clone this repository and copy relevant directories to /srv/salt/provision and /srv/pillar/provision, most likely on a salt master
- Bring up any instances that will be part of the cluster, with recent base Ubuntu installs preferably.
- Make sure to have a base environment, with an empty top.sls file at a minimum, /srv/salt/base and /srv/pillar/base
- Configure file_roots and pillar_roots (e.g. in /etc/salt/master), for example:
file_roots: base: - /srv/salt/base provision: - /srv/salt/provision pillar_roots: base: - /srv/pillar/base provision: - /srv/pillar/provision
- Any minions to be provisioned must have the in_provisioning grain set:
salt-call grains.setval in_provisioning True
- Provision minions. From the master:
salt -G 'in_provisioning:True' state.highstate saltenv=provision -l debug
Compound targeting may be useful in some scenarios.
- Once provisioned, removing the in_provisioning grain is recommended. If left in place, any general highstate will run the provision states, which is most likely undesirable.
salt-call grains.delval in_provisioning destructive=True
All of the included states have a README.rst file with additional details, but to summarize:
/etc/aliases management, based on pillar data.
States for configuring apt.
Management of apt sources.list.d files. Ubuntu-specific by default.
A list of packages to install at provision time, which require no configuration management.
Creates symlinks and directories based on pillar settings.
Installs and configures dnsmasq as a local caching daemon.
Management of /etc/hosts to ensure consistency, utilizes pillar data.
Installs iptables and performs tuning, but does not apply a ruleset.
Provides a simple mechanism for installing a specific kernel version and setting it to be the grub default. Typically run ad-hoc only.
Provides pillar-driven limits.conf and limits.conf.d management.
Management of motd legalese to be displayed at login.
Basic postfix installation and configuration for a smarthost setup.
The last state file to be run, creates /root/.alkali_provisioned.txt which indicates when the provision highstate was run.
Brings up rsyslog with logging to a centralized syslog server.
Pillar-driven kernel tuning, with reasonable defaults and host-function-specific setting capabilities.
Sets the timezone.
A few noteworthy formulas and states that are absent and will most likely be useful to a wide audience:
- ntp - Using the SaltStack community formula is recommended
- openssh - Using the SaltStack community formula is recommended
- Log shipping and monitoring agents - nrpe, zabbix, the splunk forwarder, newrelic, etc.
- Account management-related states
- resolvconf management
- Add support for non-Debian-based distributions and better non-Ubuntu-specific support in general.
Apache License, version 2.0. Please see LICENSE.