Orchestration

Execution Examples

Orchestration Run

The following command does a test orchestration run of states/orch/web_host.sls:

sudo salt-run state.orchestrate orch.web_host \
    pillar='{"tgt_hst":"SERVERNAME", "tgt_pod":"core", "tgt_loc":"us-east-2"}' \
    saltenv=timidrobot test=True

• pillar= is required
  • Infrastructure creation is targeted with CLI pillar (pillar='{"tgt_hst":"SERVERNAME", "tgt_pod":"core", "tgt_loc":"us-east-2"}')
• saltenv= is optional
  • The command above uses Pillars and States from a development environment (saltenv=timidrobot). Remove or change to base to use production environment.
• test= is optional
  • The command above performs a dry run (test=True). Remove or changed to False to apply changes.

Troubleshooting with Salt-Call

Local Render

The following command shows how the SLS is rendered and outputs it as YAML: states/orch/aws/ec2_instance_web.sls:

sudo salt-call --local --out=yaml state.show_sls orch.aws.ec2_instance_web \
    pillar='{"tgt_hst":"SERVERNAME", "tgt_pod":"core", "tgt_loc":"us-east-2"}' \
    saltenv=timidrobot

Local Apply

The following command does a local test apply of states/orch/aws/ec2_instance_web.sls:

sudo salt-call --local --log-level=debug --log-file-level=warning \
    state.apply orch.aws.ec2_instance_web \
    pillar='{"tgt_hst":"SERVERNAME", "tgt_pod":"core", "tgt_loc":"us-east-2"}' \
    saltenv=timidrobot test=True

• Using salt-call to run individual states can aid in the troubleshooting of orchestration. The salt-call command above is very verbose and allows errors to be seen in the compiled pillar and state files.

salt-ssh

Per Debugging salt-ssh - Salt SSH, to see errors from a salt-ssh state or command line invocation:

1. Assuming that orch.bootstrap install salt on minion failed
2. Apply the states manually with trace level logging:

   sudo salt-ssh index__stage__us-east-2 -l trace --log-file-level=warning --sudo state.apply salt
   

3. Search output for SALT_ARGV
4. SSH into target machine from salt-prime (replace TARGET_IP with appropriate IP address):

   sudo ssh -i /root/.ssh/saltstack_rsa_provisioning_20181221 admin@TARGET_IP
   

5. Execute SALT_ARGV command from step 2 without '--out json and -l quiet

References

AWS

• AWS Resource Types Reference

Region Selection

• Save yourself a lot of pain (and money) by choosing your AWS Region wisely - Concurrency Labs

WordPress on AWS

• See WordPress.md

Cloud-Init

• Cloud config examples — Cloud-Init 18.4 documentation

Debian

• Cloud/AmazonEC2Image/Bullseye - Debian Wiki

SaltStack

See ../README.md for information on SaltStack versions and Best Practices.

Module Documentation

AWS orchestration (including bootstrap) makes use of the boto/boto3 state modules:

• Salt Module Reference
  • state modules

Orchestration Documentation

• Orchestrate Runner

Orchestration Examples

• An example of a complex, multi-host Salt Orchestrate state that performs status checks as it goes (2017-08-11)
• Dynamic Test Servers with Salt | Lincoln Loop (2017-09-12)
• SaltStack as an Alternative to Terraform for AWS Orchestration (2017-08-30, Salt 2017.7.1 was stable version)
• Running Salt States Using Amazon EC2 Systems Manager | AWS Management Tools Blog (2017-07-16, Salt 2016.11.5 was stable version)
• Using Salt to boss your clouds around – Anthony Shaw – Medium (2017-05-02, Salt 2016.11.4 was stable version)
  • Uses salt-cloud, which has far fewer features than the state boto modules
• How to Build AWS VPCs with SaltStack Formulas — Six Feet Up (2017-09-19, Salt 2017.7.1 was stable version)
  • Uses saltstack-formulas/aws-formula, which only adds a layer above a few salt boto state modules.

Boto State Module Examples

• pedrohdz.com/vpc-bootstrap.sls at master · pedrohdz/pedrohdz.com
• confidant/confidant.sls at master · lyft/confidant

Repository Documentation

• README.md
• bootstrap-aws/README.md
• docs/
  • Host_Classification.md
  • Orchestration.md
  • WordPress.md