Do you think IIT Guwahati certified course can help you in your career?
Introduction
Targeting minions refer to selecting minions that should run that match the required fields. The minions are chosen against the hostname or defined groups, system information, or even with the combination.
In this blog, we will discuss the advanced concepts of target minions. We will learn how minions get targeted by pillars, the targeting of minions done by matching the IP addresses, targeting the granular minions using the compound matches, and the last targeting of minions done by using the SECO range.
Targeting Using Pillar
You can target a minion using the pillar data. This feature of targeting a minion gives you ease, control, and flexibility to target a minion.
To start targeting minions using pillar, you first need to create the pillar data cache for each minion on the salt master. To do this, run the following command:
salt '*' saltutil.refresh_pillar or salt '*' saltutil.sync_all
During the high-state run, the pillar data cache will be populated. Refresh the cache by running the above commands to work with pillars efficiently.
You can use both nested match values and globbing in the pillar. You can achieve this by adding the colon for each traversed level.
Below is an example of targeting a minion using the pillar.
salt -I 'foo:bar:baz*' test.version
In this example, the minions are matched with the name foo, which has a dict containing a key bar and a value that begins with baz.
IP Address Matching
Subnet address matching or IP address matching both refers to the same. You can easily match the minions based on the IP address or subnet classless inter-domain routing ( using the CIDR notation).
salt -S 192.168.40.20 test.version
salt -S 2001:db8::/64 test.version
In compound matches, you can also use the Ipcidr matching.
salt -C 'S@10.0.0.0/24 and G@os:Debian' test.version
The use of pillar and state matching is possible in IP address matching.
'172.16.0.0/12':
- match: ipcidr
- internal
Compound Matchers
Using any of the below salt’s matches, compound matchers allow the targeting of the granular minions. As with the CLI and top file matching, the default matcher is the glob match.
If you want to match anything other than glob, you need to prefix the match string using the below table followed by @ sign.
Letter
Match Type
Example
Alt Delimiter
E
PCRE Minion ID
E@web\d+\.(dev|qa|prod)\.loc
No
G
Grains glob
G@os:Ubuntu
Yes
I
Pillar job
I@pdata:foobar
Yes
J
Pillar PCRE
J@pdata:^(foo|bar)$
Yes
L
List of Minions
L@minion1.example.com,minion3.domain.com or bl*.domain.com
No
N
Nodegroups
N@group1
No
P
Grains PCRE
P@os:(RedHat|Fedora|CentOS)
Yes
R
Range cluster
R@%foo.bar
No
S
Subnet/IP address
S@192.168.1.0/24 or S@192.168.1.100
No
You can also join matchers using the boolean operators:
And
Or
Not
In the example below, the string matches all Debian minions with a hostname that starts with webserv. It also matches the minions that match with the regular expression web-dc1-srv.*
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.version
The above example in the top file will look like this:
base:
'webserv* and G@os:Debian or E@web-dc1-srv.*':
- match: compound
- webserver
New in version 2015.8.0.
Excluding a minion based on Id is also possible.
salt -C 'not web-dc1-srv' test.version
Before the 2015.8.0 version and was not supported in compound matches, and some of the following commands were required.
salt -C '* and not G@kernel:Darwin' test.version
Excluding a minion based on Id is also possible.
salt -C '* and not web-dc1-srv' test.version
Precedence Matching
To explicitly declare the precedence amongst the groups, you can match the groups together with parentheses.
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.version
Alternate Delimiters
Matchers that get targeted based on key-value pairs use a colon (:) as a delimiter. The alt delimiters in the previous table and the matchers with Yes in their column specify an alternate delimiter character.
To achieve this, you need to specify an alternate character between the @ pattern separator character and the leading character. This helps in avoiding the incorrect interpretation of the pattern.
It specifies the case that has (:) as a part of the grain or pillar data structure traversal.
Node Groups
To declare and define node groups, you must use compound target specifications and Nodegroups master config file parameters.
Below is the example of nodegroup:
configuration within /etc/salt/master:
node groups:
group1:
'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'
group3: 'G@os:Debian and N@group1'
group4:
- 'G@foo:bar'
- 'or'
- 'G@foo:baz'
L in group 1 defines the list of minions, and G in group 2 matches the specific grains.
In the release of salt in 2017, you can also prepend the group with a dash. This helps in many areas of salt.
Look at the example below for a better understanding.
nodegroups:
- group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
There can be two types of Compound nodegroups.
String values: When we have a nodegroup that consists of a single value, it will be tokenized on the whitespace. This will create an issue if whitespace is necessary as part of the pattern.
List of string values: If the nodegroup is in the form of a list of values, then tokenization will happen for each list element as a whole.
To match the compound groups on Command-line Interface(CLI), use the below command.
salt -N group1 test.version
Ensure that you put - match: nodegroup on the line directly following the nodegroup name to match a nodegroup in your top file.
base:
group1:
- match: nodegroup
- webserver
Defining Nodegroups as Lists of Minions ID’S
In the traditional format, the list of minions IDs would look like this:
nodegroups:
group1: L@host1,host2,host3
You can also define the list in the YAML(yet another markup language) format like this:
nodegroups:
group1:
- host1
- host2
- host3
Batch Size
This option allows you to execute only a specified number of minions simultaneously.
Use -b or (--batch-size) to use this feature.
This support both finite and whole numbers.
salt '*' -b 10 test.version
salt -G 'os:RedHat' --batch-size 25% apache.signal restart
In the above example, the test will run on 10 of the targeted minions, restart 25% of the minions matching the os:Redhat, and continuously work on them until the task is complete. This process helps in various works like maintaining BSD (Berkeley Software Distribution) firewalls using carp and rolling web server restarts behind the load balancer easier with salt.
This batch system further helps in maintaining a window of running minions. For assistance, consider there are 150 minions, and the batch size is ten minions. The command is set for ten minions, and when one minion is completed, it is set to another so that the batch size is constantly running for ten minions.
You can also use the --batch-wait argument to specify the number of seconds to wait after the minion returns and send the command to other minions.
SECO Range
Seco range refers to the cluster of data that contains information about other data. This data is maintained and developed by Yahoo.
A range server is required to utilize range support in salt. Cluster files must be defined whenever you are working with the range server.
Inside the cluster, hosts are defined, and the files are written in YAML.
On the salt master, you have to install the python seco range libraries. You can verify the installation with the below command:
python -c 'import seco.range'
If you receive no errors, this states that you have successfully installed the range on the salt master.
Prepare Salt
Inside the master configuration file, you must set the hostname and port of the range server so that range support can be enabled on the salt master.
range_server: my.range.server.com:80
To apply the changes, restart the master.
Targeting with Range
When you have defined the cluster, you can target the cluster with a salt command using -R or --range flags.
Below we have described the example that shows the YAML file being served from a range server.
You can target host1 through host100 in test.com with the salt command as follows:
salt --range %test:CLUSTER test.version
The below command will target three hosts, i.e., frontend, backend, and mysql.
salt --range %test:APPS test.version
Frequently Asked Questions
What is Saltstack?
Salt is a configuration management and remote execution tool that helps execute commands on the remote node. It is simple to use, fast, and can be easily manageable.
Where do we use Saltstack?
The Saltstack is an orchestration tool that helps change existing systems. It allows easy software installation in the IT environment and helps manage thousands of servers simultaneously.
Is Saltstack still free of cost to developers?
Saltstack is a free, open-source download and is free of cost to the programmers; however, their enterprise version costs $150 per machine per year.
What is targeting of minions using pillar?
You can target a minion using the pillar data. This feature of targeting a minion gives you ease, control, and flexibility to target a minion. To start targeting minions using pillar, you first need to create the pillar data cache for each minion on the salt master.
How do you declare and define Nodegoups for minions?
To declare and define node groups, you must use compound target specifications and Nodegroups master config file parameter. There can be two types of Compound nodegroups. The first is a string value, and the second is a list of string values.
Conclusions
Congratulations on coming so far in the blog. This blog has thoroughly discussed the advanced concept of targeting minions in salt. We looked at different ways to specify and target a particular minion in salt.
244+ registered 
