Configuration Management with Salt Stack on Windows - Part 3 - Basic Configuration Management of Windows with Salt

-

In part 3 we're going to just scratch the surface of remote execution in Salt. We're going to accept the keys for the master server and  run basic tasks using the built in modules.

The minion automatically tries to contact the Master server. The master server must approve the minions "keys" before it can be managed.

On the master server you can view the keys by using the command
sudo salt-key -L

As you can see we need to accept the "keys"

You can accept the key by using the command
sudo salt-key -a WIN-R7RQM4ENMHS

If you use the parameter -A instead you can accept all keys.

To test that the minion is checking in you can use the following commands.
sudo salt '*' test.ping

All modules can be found in the documentation:
https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules

Looking back at the tasks we want to accomplish, we can now accomplish these tasks with salt commands.
  • IIS configuration
  • Registry / File & User management
  • Patch status evaluation and configuration
To list all IIS sites, we can use the below command:
salt '*' iis.list_sites
There are a wealth of other tasks accomplish with the win_iis module:
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_iis.html

To create an example user, we can use the below command:
sudo salt '*' user.add Testuser Password123!
sudo salt '*' user.addgroup Testuser 'Administrators'
To download Windows updates, we can use the below command:
sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] download=True
To install Windows updates, we can use the below command:
sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] install=True
In part four - we're going to dive deeper into Salt fundamentals such as configuration management, grains, and pillars.

Comments

Post a Comment

Popular posts from this blog

Azure - Check Invitation Status to guest user

-
Image
Often times you will need to invite a 3rd party to your Azure AD tenant to support your environment. When you add them to a resource, they will automatically be invited as a guest user in your Azure AD tenant, however they won't be able to access this until they accept the invitation email. If you send an invite to a guest user you can see if they have accepted the invitation or not. You also have the option to resend the invitation. From Azure AD you can search for guest users and drill down into an individual one. Here is what the email looks like - the key here is the email comes from " [email protected] " because it can be sent on behalf of this may end up in the junk or spam email folder, so be sure to have them check there.
Read more

Blogs for Azure Information

-
Here are some of the blogs that I follow for information around new features in Azure, OMS, Log Analytics, Azure Monitor, etc. Azure Monitoring Services Health Status https://blogs.msdn.microsoft.com/servicemap-status/ Microsoft Azure Roadmap https://azure.microsoft.com/en-us/roadmap/ System Center Me http://systemcenterme.com/ Quae Nocent Docent (Great weekly OMS, SCOM, and Azure Info) https://nocentdocent.wordpress.com/ Operations Management Suite Blog https://blogs.technet.microsoft.com/msoms/
Read more

Advice for breaking into the DevOps field

-
 A former co-worker reached out a few weeks ago and was looking for advice to give to his son who was about to Graduate and looking to break into the DevOps field. Here is the advise I gave, specifically around the Chicago market: A few years ago I read "The Phoenix Project" and that really got me to focus on changing my career trajectory. I think it's a great explanation of some of the fundamentals of the DevOps philosophy without being too dry. I can't recommend it enough. Skills wise - automation is going to the be the key thing to focus on and it's not going away anytime soon. Tools like Ansible & Terraform are really great to spend time with. Depending on what his dream job is, I would look up and start to focus on the skills required to get there. For example, if he's interested in working for Google, he'd probably want to put some time in to learn Golang, Kubernetes, etc. I think the most important thing is to network, if he plans on staying in
Read more