In an earlier article (Puppet, Chef, and now Salt for Configuration Management), we discussed how to install salt for configuration management. At the end of the article, we discussed running command on the minions using the salt command from the salt master. So, as I have worked with salt ever since, I have been looking for newer and better ways to address the specific minions individually or in groups to control the minions more effectively.
How to Target All Salt Minions
Sometimes, you want to address all of your minions at once. You can do this using the asterisk(*). Remember to use quotes with wildcard characters and salt or it won’t work as shown below:
$ salt * cmd.run uptime No minions matched the target. No command was sent, no jid was assigned.
So, below, we will quote our wildcard. It is a good idea to use quotes whenever using wildcard characters so that the shell doesn’t intrepret the wildcard, but salt does.
$ salt "*" cmd.run "uptime" www1.uptimemadeeasy.com: 15:32:09 up 22 days, 23:39, 0 users, load average: 0.31, 0.28, 0.21 www2.uptimemadeeasy.com: 15:32:09 up 18 days, 22:17, 0 users, load average: 0.00, 0.02, 0.05 ...
Target a Command at a Specific Salt Minion
You can easily target a specific minion by name. Remember from our prior article that you can list your minions on the salt master first to get a list of the minions’ names.
$ salt-key -L Accepted Keys: www1.uptimemadeeasy.com www2.uptimemadeeasy.com db1.uptimemadeeasy.com db2.uptimemadeeasy.com Unaccepted Keys: Rejected Keys:
Now use the name of your minion from the list to target the specific minion:
$ salt db2.uptimemadeeasy.com test.ping db2.uptimemadeeasy.com True
We can also specify multiple minions specifically by name:
$ salt -L 'db1.uptimemadeeasy.com,db2.uptimemadeeasy.com' test.ping db1.uptimemadeeasy.com: True db2.uptimemadeeasy.com: True
Using Wildcards to Target All Salt Minion Hosts in a Domain
We now go back to using wildcards to match the names of the minions
Example: Using the * wildcard to target all hosts / subdomains in a domain
$ salt '*.uptimemadeeasy.com' cmd.run uptime www1.uptimemadeeasy.com: 15:49:33 up 22 days, 23:57, 0 users, load average: 0.18, 0.23, 0.19 www2.uptimemadeeasy.com: 15:49:33 up 18 days, 22:34, 0 users, load average: 0.00, 0.01, 0.05
Using Other Wildcards to Target Salt Minions:
Example: Using the ? single character wildcard to target specific salt minions
$ salt 'www?.uptimemadeeasy.com' cmd.run uptime www1.uptimemadeeasy.com: 16:02:46 up 23 days, 10 min, 0 users, load average: 0.14, 0.22, 0.19 www2.uptimemadeeasy.com: 16:02:46 up 18 days, 22:47, 0 users, load average: 0.00, 0.01, 0.05
$ salt 'www[1-2].uptimemadeeasy.com' cmd.run uptime www1.uptimemadeeasy.com: 16:03:00 up 23 days, 10 min, 0 users, load average: 0.26, 0.24, 0.20 www2.uptimemadeeasy.com: 16:02:46 up 18 days, 22:47, 0 users, load average: 0.00, 0.01, 0.05
Group Target Minions using Salt Nodegroups
Using nodegroups (defined in the top_file)
In the salt master’s configuration file (/etc/salt/master on my salt master) you can specify and define groups of nodes into salt “nodegroups”. You can use any of the mechanisms in this article to create your nodegroup definitions.
Example: Four nodegroups have been defined in the salt master’s /etc/salt/master file
nodegroups: allofuptime: '*.uptimemadeeasy.com' uptimedbs: 'db?.uptimemadeeasy.com' uptimewwws: 'www?.uptimemadeeasy.com' specificminions: 'minion1.uptimemadeeasy.com,minion7.uptimemadeeasy.com'
Now use the -N option to specify the nodegroup when you run the command.
Example: Using a nodegroup as a target of a salt command from the salt master
# salt -N uptimedbs cmd.run "uptime" db1.uptimemadeeasy.com: 16:15:41 up 23 days, 23 min, 0 users, load average: 0.33, 0.23, 0.19 db2.uptimemadeeasy.com 16:15:41 up 18 days, 23:00, 0 users, load average: 0.00, 0.01, 0.05
Use Grains to Target Salt Minions
I will be writing another article explaining how to get the most out of grains in the next couple of days. You may want to refer to it when it is released. Until that article is out, what you really need to know about grains is that they are static definitions about a specific host. For example a minion’s grains would be static properties about that specific host. Some grain examples would be a minion’s operating system, cpu architecture, eth0 mac address, etc… By using a grain as a target, we are able to further group our minions. Using a grain to target a salt minion will allow you to install a certain package on all of your Ubuntu Linux machines using apt-get in one command or maybe update all of your CentOS systems in one command.
Example: using an OS grain to target all Fedora based systems for package updates.
$ salt -G 'os:Fedora' cmd.run "yum update -y"
Example: using the kernel grain to find the ipaddresses of all Linux Minions
$ salt -G 'kernel:Linux' grains.item fqdn_ip4 email.uptimemadeeasy.com: fqdn_ip4: 18.104.22.168 10.28.17.4 www.uptimemadeeasy.com: fqdn_ip4: 22.214.171.124
As you can see the methods at your disposal for targeting your salt minions is almost limitless. There are many other resources where you can go for examples and help. Probably the best location is the salt documentation itself which can be found here: