Configuration Management with Salt Stack on Windows - Part 3 - Basic Configuration Management of Windows with Salt


In part 3 we're going to just scratch the surface of remote execution in Salt. We're going to accept the keys for the master server and  run basic tasks using the built in modules.

The minion automatically tries to contact the Master server. The master server must approve the minions "keys" before it can be managed.

On the master server you can view the keys by using the command
sudo salt-key -L

As you can see we need to accept the "keys"

You can accept the key by using the command
sudo salt-key -a WIN-R7RQM4ENMHS

If you use the parameter -A instead you can accept all keys.

To test that the minion is checking in you can use the following commands.
sudo salt '*' test.ping 

All modules can be found in the documentation:
https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules

Looking back at the tasks we want to accomplish, we can now accomplish these tasks with salt commands.
  • IIS configuration
  • Registry / File & User management
  • Patch status evaluation and configuration
To list all IIS sites, we can use the below command:
salt '*' iis.list_sites
There are a wealth of other tasks accomplish with the win_iis module:
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_iis.html

To create an example user, we can use the below command:
sudo salt '*' user.add Testuser Password123!
sudo salt '*' user.addgroup Testuser 'Administrators' 
To download Windows updates, we can use the below command:
sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] download=True
To install Windows updates, we can use the below command:
sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] install=True
In part four - we're going to dive deeper into Salt fundamentals such as configuration management, grains, and pillars.

Comments

Popular posts from this blog

Azure - Check Invitation Status to guest user

Advice for breaking into the DevOps field

Blogs for Azure Information