2:00 Introductions

2:02 Hello. Hello. Hello. Welcome, Eric. Hey. How's it going? Pretty good, David. Awesome. So we are here today. We are gonna take a look at a couple of technologies that I'm a big, big fan of, and I think you started playing with recently too, which is SaltStack on PacketHost with a lot about Pulumi throwing in. So we work together at PacketHost. Right? And I think we've we've kind of I think I've mentioned SaltStack a few times and piqued your curiosity. Do you wanna just give us a little bit of background there? Just a second. I got I get confused

2:44 here for a moment. Ah, okay. No problem. Can you rewind can you rewind fifteen seconds? I had another audio stream accidentally playing. Was was hearing the broadcast of our thing. It's like, wait a second. I've heard that before. Yeah. Yeah. No worries. So I was just telling the people that are tuning in. We worked together a packet host. I've been there about six weeks. I think maybe a little bit longer now. During that time, I've been yapping on about SaltStack once or twice. I think your interest got a little bit peaked and you started to take a look

3:11 at that yourself. So Yeah. So using SaltStack myself to manage what I call a menagerie of little home systems, Raspberry Pis and jets and nanos and the like. I've I've run it once sort of in production. I wanna say sort of in production because we were using it, but it was not driving, most of things. And I'm just curious as to, how especially, it can be useful to paper over some of the differences when you're managing a network of heterogeneous systems. Machines I have in my home lab, some run Ubuntu, some run Debian, Ubuntu 18,

4:04 Ubuntu 20. I I spun up a net b free BSD machine. I plan to put a CentOS machine in there somewhere. So just like the the the mix of systems that you might each want to individually experiment on, but yet you will still wanna run the whole the whole mass as if it was one one unit and not a whole bunch of individual machines. Excellent. I'm sure we could do that. So what I let me kinda let me share my screen. Let's just get started. I think the best thing to do is just kind of start

4:44 with where we're starting from. Right? So I did do a small session on provisioning packet servers with Pulumi and bootstrapping the cluster with SaltStack and kind of just left it there. The the left the rest of it was left with the resource imagination. And I wanna close that gap today. So what I prepared in advance is really just creating this empty packet project. We have no servers currently available. However, we do have the codes from last time, which I will quickly run you through. We'll get that kicked off and deploying, and then we'll talk about how we can leverage

5:00 Deploying a heterogeneous cluster (Machines and OS) with SaltStack on Packet’s bare metal with Pulumi and TypeScript

5:20 some of Salt's really cool and unique features to, you know, to manage all those servers with a single API, which I think is really important and and kind of from what you've said there. So with regards to the Pulumi code, I'm using TypeScript. One of the really cool things about Pulumi is you get to use the language of your choice as long as it's supported. It supports TypeScript, Go. There's some dot net support, Python support, and maybe one or two others. For me, I like TypeScript, so we're gonna go with that. And what this code does

5:53 is it will create a salt master and a single minion. I I think one of the first things we should do is just change the setup to be more diverse and reflective of what you had in your head with regards to operating system and even hardware differences. So let's see what we have. This is the code that spends up the salt master. And you can see from this block of code here that it is provisioning a new device on packet. And Amsterdam One, a c two medium with Debian nine. So I think what we do for our

6:33 menus is try to have a nice variety that did not reflect this. If we come into I think we'll need to change our menu and code a little bit, but that's alright. I don't mind a better life coding. So our menu and code currently hard codes the same values. Have we assumed that we want to change this, do you think changing the plan and the operating system and and doing a few varieties of those is enough to kind of Yeah. It sort of gives gives the the the flavor for it. Awesome. I would suggest well, let's see. So in in my experiment

7:14 back up a little bit. In my experiments, there are differences between Debian and Ubuntu in terms of package management. They're not usually they're not usually great until you run into them unexpectedly. The real challenges get to be as you get further from those two systems. You know, package names changes, tooling changes a little bit. So what what what plan should we pick? Yeah. Let okay. Let's start with that then. So let's Yeah. I mean, I should know these off the top of my head. I must say I'm really bad at that. So let's just use the UI where possible.

8:00 I think we took it all complete with Fulume. And the reason I'm not gonna use it right now is just because it doesn't currently check the availability. So, you know, I can pick some, but I have had issues where I say, you know, I want an m one extra large, and it's just not been available. So it's it's nice to come in here and just confirm in real time what we've got. So how about a c one large arm? Sure. I think we take a couple of boxes there, don't we? Yep. And operating system on arm, we've got

8:33 Pick a Ubuntu, I think, because it'll provision fast. K. I guess it's been to eighteen o four. Now let's we're gonna add another menu, so I'm just gonna make these configurable as well. So we'll pass in a plan and a operating system. And then we'll reference these down here. And that just means that we can oh, it'll just make it a bit easier for us to spin up more, assuming I learn how to type. Okay. So if I pop back to our index, when we create this here, we need to then specify plans, skew on large,

9:28 and operating systems. And we were gonna go with them to 18 o four. And then we can copy and paste this, and we can create two more machines. So I'll call this stop menu in one, two, three. And it's formatted a bit nicer for me. Cool. How about we spin up the let's get something so the c one arm has one SSD, two gigabit disks, ThunderX processor. Yep. So and what was our first device? First one was a c c one large arm with Ubuntu. You wanna do a c one small? So our master Yeah.

10:28 It's an AMD. So why don't we grab the c on here for something just a bit different? S one large. Exit. Yep. That's a storage server, so that's got a whole bunch of storage on it. And what was the other suggestion you made? A c one small. Got it. That's a good workhorse machine. Alright. So let's see. Storage machine, let's run. Let's look at all the operating systems. How brave are we feeling? FreeBSD? Is that gonna work on FreeBSD? Don't know. So as soon as I seen that, I knew you were gonna mention it. So if we take a look at the

11:23 menu and user data, we will need to just tweak this a little bit so that it works on free s free BSD. Right. As long as we know how to install Salt on the previous device. You know what? We can make this Salt provides something called Salt Bootstrap. Right. A very helpful script that takes care of the whole install process. Yeah. So we don't necessarily need to hard code it the way I have to use package managers. So as long as we've got machines with curl on it, I don't really foresee any problem with just

12:01 dropping in the code like this. Yeah. Except I think on free BSD, that tool is not curl. There's something called fetch there. Maybe that's maybe that's in the advanced challenge. The advanced challenge. Well, I'm gonna add the free SD box, but we'll maybe add another one just in case that we got Yeah. Just We've got we've we've got three. I think we'll be okay. Let's do it. Have a brief okay. So user data room, we'll use this and free STP and free BSD fails, we can SSH up to that machine, quickly run software and strap manually and fix this out there.

12:40 Alright. Which means we need to pop back to here. So let's make menu in two of that. You happy with the storage one being free BSD? Do you foresee any problems there? The only thing I can think of is that it might take longer to boot. So it might end up being the last one that comes up. Yeah. That's okay. We'll deal with that then. Okay. So the last machine is a c one small. So let's just make sure we get an accurate Yeah. If you can put a the try I know you had Ubuntu 18 for one

13:18 of them. I didn't see Ubuntu 20 in the drop down, so I don't know if that's a matter of provider not knowing about it yet. Yeah. I think the provider just doesn't up to date with the latest versions. I think we found us another session we can do where we update the provider. Yeah. How about we do CentOS then? Guess it's a good mix of operating systems. Yeah. CentOS seven. Okay. So we can run this now. Hopefully, we don't run into any problems. Can I set the project ID anywhere? Yes. You did. Go ahead. Platform.

14:06 Project ID. Cool. So I think there's just a little bit of configuration that I need then. Yeah. So we just need to set the project name and organization ID. Okay. So contact set project name. I called it Rawkode folks back and organization k. And I can grab this from here. Alright. Let's see how happy it So it's gonna try and attempt. Oh, it's gonna create a project. That's okay. Let's just give it a a unique name then. Let's say no. I forgot that it creates a project. Oh, create from scratch. Yep. Okay. So it's gonna create a project. It's

15:30 gonna create a master device and 3,000,000 devices. And assuming my API token is incorrect, we're good. The project is now created. So if I refresh this page when the first thing gets created, there's always this, like, sigh of relief because I know, like, if anything goes wrong, it's definite it's flexible from this point forward. So Yeah. There's our project. We can see the master is on its way. So this will take, I guess, five minutes. Minutes. Yeah. Well, hopefully, less than five minutes. Potentially, up to five minutes. But we can take a look at some

16:12 of the other stuff that's going on in this repository just to get a an understanding of what's going on. So this platform object is just something that I do, I think, in every Pulumi project. And it and really just a wrapper around the configuration to make things a little bit easier. And it also applies types to the configuration too. But, you know, just by doing this, I can say, hey. This and then I pass it around everywhere I go. So you can see here, we run get platform. We grab the name, and then we pass

16:43 platform into all of these functions, which are used as helpers to then provision new infrastructure. If I take a look at the salt master, which we've already kind of picked that, it just creates a device. Something that's really cool about Pulumi is I'm using NPM to pull in dependencies to also make my life a bit easier. So you can see I'm not sure if you're familiar with Mustache, but it's a templating language for node. Yeah. And it just means that I can keep my user data provisioning script at its own file with its own name and its own

17:14 syntax highlighting. And where needed, I can interpolate using mustache. We could just see that I'm dropping in some Python code as well, which is available here. So I like this setup. It works really well. Now let's talk about this Python code thing. So one of the the really cool concepts within SaltStack is it has something called a grain. And a grain is a piece of metadata or information or a key value pair that is specific to one of the minions. And packet also has this metadata endpoint here, which could be called from any of our

17:30 Extending SaltStack with Packet’s metadata as grains

18:00 devices, and it returns the metadata about the hardware and the software and all of our SM PCs too, and the the back end of this stuff. SaltStack doesn't support us out of the box, but because Salt is in Python and it's relatively easy to extend, like, and under what's that? Under 18 lanes of Python, I was able to just consume that API and then make these grains available. The the use case may not be completely apart yet, but once we get onto one of these machines, we can actually realize that we can use the facility,

18:30 Covering SaltStack’s Vocabulary: Grains and Pillars

18:32 the plan, the class, the IQN, and ID as targets when we're trying to query our menu. And this is the tags as well. So it's worth while thinking through, Salt has some terminology that's unique to salt. Grains are unique to the machine, but there's also pillars. I I I I admit to being a little bit flummox sometime sometimes just figuring out exactly which is which. Like, some things are you can query a node based on, for instance, its operating system. Right? You can you can query a node or or act on a node, based on

19:28 data that's stored on that node or data that's stored on the master. Yep. So let me I'll dive into that a little bit then. You know, if anything is unclear, just just prod me. So Yeah. You're right. The grains are specific to each of the menus. So that's a device in our case here. So a server is going to the grains will expose the operating system, the processes, the number of desks, the types of desks, the kernel version, all of that stuff. All the stuff that is used to describe that menu. The pillars, on the other hand, are usually

20:07 either hard coded or provided to the master or come from a third party data source. So there's actually many different sources for pellet data. You can use Postgres. You can use MongoDB. You can use, you know, managed cloud services like s three or, you know, RDS. And There's so many. In fact, let's just close this up. It's all pillars. If we go to the documentation here, I think this link and click on pillar modules. So these are all of the modules which support exposing pillar data to the master. So you can see because your blob storage,

20:48 you can execute arbitrary commands as long as they output JSON or YAML, then small will parse that and make that available. Cobbler is for bare metal provisioning and some other provision management stuff, which is really cool. Console can be used. What else? Etcd, straight up fail stuff. You can consume impeller information from a GET repository, which I quite like doing as well. As well as the command stuff, you can use HTTP APIs to pull out anything that's JSON or YAML as well. There's Mongo, MySQL. So, you know, there is lots of different sources. And the use case for the most of these

21:26 is generally for data that is considered almost secret or at least it can be secretive. So it's not gonna be provisioned through the standard means like we're doing now. Like, if you can imagine, well, this is all in Git. And and I in theory, I could make this all public. There's nothing secret in this repository. And the pillars would be that place where secret information could come from. But I want to have c bundles or certificate authorities or private keys or or just plain old secrets. I could have them involved and then have Salt speak to Vault

21:58 to pull that information and the pillar data. That makes sense? That makes sense. Good. It's been a while since I've tried to explain greens and colors, so hopefully hopefully, we're good. The user data is only slightly different for the the master dominion setup here. So the the good thing I expand that with Debbie and because I never changed it. But it's installing the salt master and the minion. So that's another kind of cool thing about salt is that, you know, the salt master can also run its own minion and it can have this sort of self referential bit strap

22:30 Binding SaltStack to the private IPv4 address

22:36 process or provisioning or high state as salt would call it. We need to grab the local IP. We use this just to bind the interface that salt listens on. So we're talking to we're trying to keep this secure, you know, all of our packet devices. And I think you'll need to correct me here. I think they all, by default, launch with a public IPv four, a private IPv four, and an IPv six address. That's correct. Yeah. So we don't want our salt master listening on our public IPv four address because, unfortunately, remote code execution is a thing.

23:13 So we want to trust only our private network. What else do we do? We just tell it where the master is. So rest is us configuring the salt master as its own menu, so we just have to drop in that the master is available on the local device IP address. And then we provision the packet metadata. So, like, extend and salt could not be easier. You literally just have to drop in a Python script, enter the right location on the device, and magically, it's available to us to call. Really simple. Gotcha. And our menu one is easy. I mean,

23:48 we've just I just copied two lanes from a something off of GitHub and dropped it into this. What could go wrong? What could possibly go wrong? So the the cluster that I have adds another complication to things because oh, looks like something came up. Because the the devices are not all in the same packet network. So I'd I'd in my configuration, I do not have the ability to just use the packet private net 10 address. So what I did for that was took advantage of the fact that I'm using Tailscale, which is a VPN network.

24:00 Ed has a cool use-case for Tailscale, connecting his SaltStack nodes over disparate private networks

24:34 And I do the same kind of binding except I bind it to the Tailscale address instead of the public address. And that way that way I have bootstrapping is harder because you have to bootstrap Tailscale first before you boot SaltStack, but you have this sort of same idea of a private management address to to connect things through. Very cool. I like it. I've never really considered using Tailscale to kinda provide a backbone for disparate sources or networks and keeping them all in the same salt network, but that's a really cool concept. Yeah. Yeah. It's been it's been going reasonably well.

25:16 I I don't know how I would debug it all if I didn't have out of band access to everything. Right? I got out of band access to the packet machines. I've got a little breakout box that I can plug into pies if I need to. Like, most of the stuff here could be scrapped and restarted if I had to. But just having a a management channel, it's really handy. Yeah. For sure. I can see that. Alright. So let's understand. You're right there. You said something has come up. So another thing, Terraform and Pulumi both do this, but they

25:55 actually build a a graph of dependencies when they parse all of the resources that the automation is supposed to create. Because our minions have a dependency on the master, I e, they need to know the IP address, That was created first in isolation, and then we pop back over here. Yeah. We'll see those other machines coming up. And then these were all created in parallel because all of those dependencies are satisfied, which was just the master. The menu three was the fastest. Our Ascentos seven box was pretty quick at coming up. We're now just waiting on our free BSD

26:28 and our Ubuntu machine. But there's nothing stopping us going and kicking the tires on this master against targets. Yep. So pop open a new tab. And let's do Rich. Yes, please. Well, you'd be key. There we go. Okay. So we are now on master one. Let's just confirm that everything worked as expected. Yep. Yeah. I have a master running and the minions minion is running. There are multiple processes, but that's not important right there. So how can we confirm our configuration? Well, first, we're gonna go to slash e c c slash salt. We will just confirm our menu was configured

26:30 Connecting to our SaltStack master / Checking it works!

27:31 as we expected. You can see our master IP address was set, and we also did some master configuration where we bound the internal IP address. So I'm very confident at this stage that the provisioning was successful, which means we can begin to interact with Salt. Now no minions have matched the target. That's expected. That wasn't me just making a mistake. So we do we do have our salt master running. We do have a salt menu running. Our salt menu knows how to speak to the salt master, but we have not approved the keys. Okay. Now what Salt does

28:00 Approving our first minion key

28:23 when you install it, it it will generate it will generate some certificates which are used to authenticate with the the master machine. So our menu generates the certificate. It sends its key to the master. We have to actually explicitly approve that. There's our step to automate it, not something that I think we'll be able to cover in this session. But for now, what we can do is tell it to accept master one. Like so. And then if we run salt key one more time, we now have our accepted key. Now I do have one small concern right

29:08 now. Is that I expected to see menu three listed here because The CentOS machine. Yeah. So I'm assuming the salt bootstrap on this machine potentially failed. Right. So should we go quickly take a look at that? Yep. So let's take a look and see what see what's going on there. Okay. So yes. Press my key. Alright. So Salt is installed because the directory exists. My configuration is the default menu in conf. It doesn't generate keys. Alright. Let's see what's going. And it's not running. It's not running. But it looks like the command is available. No one supports Python two.

29:20 Oops! Our provisioning on the CentOS machine failed. Lets fix it (Fuck you, Python 2)

30:05 Yes. Okay. So that means DNS install. I mean, let's try the naive approach. Is it not DNS? That must be YAML on Sentinel. YAML. So I'm just gonna run this manually run the can I remove no? I'll install. Remove Python two. This is CentOS seven? Yeah. It's quite it's quite an older version, isn't it? Yeah. So I wonder if the thing to do is to uninstall SaltMinion entirely and then reinstall it from the boost transcript. I don't know what the package is called. Oh, so I may have installed it through pep pep uninstall. And maybe that's a problem because it may

31:19 not have been using pep three. I may have just used pep pushes pep two PET where is that? Yeah. 2.7. So if we do a PET uninstall, so manual or make just be solved. There we go. Pep three install. That should get us running. Yeah. Python. I would have expected SaltBootstrap to handle that, to be honest. Yeah. I would have expected it to. What didn't work there? I have to access this salt call pet install salt. Nope. That's weird. I have I have all the other commands. Why is salt menu not working? Good question. Which salt menu?

32:46 User oh, wait. Wait. So SSH. Yeah. Okay. I mean, that looks alright. Alright. Fine. It's Python three. Is Python three installed? Yeah. Yeah. Yeah. Okay. It's working now if I do that very explicitly. That's weird. Let's just quickly what happens with user Ben? So that's the wrong path. Let's log in. That's the wrong path. Yeah. Yeah. When in doubt, log out. Hey. Okay. So Okay. Now There's a past issue. I am gonna believe if we take a look at our cloud and it log that our provisioning step, because we never installed, Let's just pull that up.

33:56 I'm assuming this failed, which means we never created our config. So let's just do that manually as well. We'll get there. So menu.d, we'll copy this from another machine. Oh, that's You got the wrong one. Or It's alright. We'll grab the IP from here. So Yeah. Let's pop over here. Go to our salt configuration. We want to go to menu.d, and we want to do master.com. And if we run system d star, so will that work? Daemon reload. So I'm just using the wrong path too. It's using the wrong path too. That must just be something weird with the way it

35:02 installed. Alright. Let's modify here we go to file. I'm committing to fixing it now. I feel like I need to get it. A system d how do you get the is it described? No. Endful? I can't remember. I can't remember. Describe a unit fail. Alright. Wait. You can do status. I'm not sure remember the unit fail. Cannot be found. Here. Oh, what did I do? Oh, them. User local. Oh. Let's try a daemon reload. Star install menu. Hey. No errors. Right. Okay. Wow. Wow. So I think the moral of that story is that the older the version

36:24 of the operating system you are running, the more likely it is you will have to intervene. Oh, yeah. For sure. And I didn't realize sorry. I wasn't we had a someone drop in the comments there and try to help us out, Bradley. Oh, hey, Bradley. Says we could do hats. So I've never had done that before. Ah, that is so cool. Thank you. Awesome tip. Yeah. Right. Okay. So that's running. So let's run our salt key. And we have menu three. We Hey. It's fair. But we don't have menus one and two. So I think

37:00 Introduction to SaltStack CLI

37:02 we're gonna be fixing those as well. Hopefully, it's the same problem and we can fix it relatively quickly. But for now, let's just accept minion three. Okay. We will fix those other two notes, but let's try and cover a couple of basics of salt then. So let's the first salt command I I think anyone should run is test dot ping. And let's just cover the two syntax that you'll see online for this command. Mhmm. This this tripped me up when I was first learning. That's all. And it's so simple, but I'll cover it anyway. Is that the star

37:44 gets expanded by your shell, by bash or zed shell or fish. So you don't need to just wrap it in single quotes or escape it. And that's why you can't just do star. Yeah. It'll have It always bug me. Always bug me. But the test stop ping is the the simplest command. All all it does is try to establish if the salt minions are online. And you can see that the two that we've managed to successfully accept and provision, they are online. So so now what can we do? How about some executing remote commands? Doesn't that

38:20 Executing remote commands on minions

38:22 sound? Sure. What what would you like to know about our machines, or what commands do you want me to run? One of the things that I will normally do when logging into a machine will be run something like uptime to see how long it's been up or who to see who's else is on the system, if there is anyone else in the system. Yeah. Great commands. I use those commands all the time as well. Let's run who? We can see me fixing menu and we can run uptime. We can see both our machines have been

39:00 Targeting minions

39:03 alive for less than twenty minutes, which makes sense. Yep. Now right now, we've been targeting every machine. So why don't we kinda cover the different targeting options that are available? So let's try targeting by name. Simple. Yep. And you can use you can use star in that configuration. Right? So you could target if your minions were all named the same, you could solve Indeed. Is that what you meant? Yeah. That's exactly what you meant. Yeah. So the the name matcher is the default one. We're not passing any parameters to there. You know, the star is

39:55 is also just doing a a name match here. It's just saying match everything. We can prefix our postfix. It depend on how we wish to match. If I wanted to match all of the three devices, then I guess I could do that too. But Salt has just so much more power when it comes to matches. And there's a lot of documentation on this, actually. So targeting so before we look at the targeting options, let's just see information we can pull out, and then we'll look at how we can actually use that information to target it.

40:00 Querying grains

40:33 And let's see if I can remember the commands. So we can interact with the grains subsystem for salt by using grains dot. You can see how I use test dot ping. I use command Run, and I can use grains.blah. I believe we can run grains.ls. There we go. Yep. And this is all of those key value pairs that we were talking about at the start. This is all the grain data that we can use for targeting and our interstate files or even just on the command side. So let's see. Let me see what kernel we've got.

41:20 Sure. More info, please. Let's do kernel relief. There we go. But we have a Linux kernel of 4.9. And let's see what we've got running on our order sent off box. Oh, dear. Oh, wow. My museum colonel. Yeah. So we can, assuming, we maybe wanted to get salt to profession some sort of oh, I don't know why settings decided to on Teams. There we go. No. I love how I'm on do not disturb mode and Teams doesn't really care. Let's just Take one take one from the team. Let's just close Teams. Go away, Teams. Alright.

42:27 So if we wanted to say you assaulted provision kernel models or something, then that targeting might be really important. So we could use the menu name, grains, and other information to target our menus. So let's take a look at the docs. I mean, this page is is relatively big. There's a lot there's a few different It's a lot there. Yeah. There's when it comes to targeting, there's a lot you can do. We'll look at a couple of them just now, and then we'll try and get on to something a bit more fun. But, you know, you could do a straight up green

43:08 match. So let's run this. Alright. So this isn't gonna return anything because we don't have a grain that matches, but we do have center. Ta da. And we're just returning the SaltStack version. So the way the grade matcher works is we put the key on the left of the colon and then the value on the right of the colon. And I believe the star may work. Yeah. Okay. Yeah. We can also do compound matchers where we can specify and we have to use the docs for the syntax, but I believe it's green at center. Nope.

43:58 Capital g. And compact matches allow us to use more than one match here. I believe we can say and use another grain where kernel is a little in it, like so. So the compound matcher allow you to use grains or menu names together. They're relatively painless syntax. It's not not too difficult. Note groups. I don't think we'll cover note groups today. But note groups can be configured in the salt configuration. You could, like like, if something isn't available as a grain, like, maybe you wanna do something that's more Rawkode aware, then you could configure that for note groups.

44:45 What else is cool? We're not playing with pillars yet. Yeah. You can do subnet and IP address matching, which is quite cool too. But if you just want it, maybe your data center is actually maybe you don't need to go down the node groups for your Rawkode or stuff because you've got your network configured and the IP address is allocated on a a per rack basis. I don't know. There's loads. Yeah. The the the simple commands are very easy to describe, and the complexity is there as well. Like, if you really need to do something

45:22 special. Because you can tag like, if you need to work on a arbitrary group of machines, you can tag a group of machines as a list too. Right? Yes. Yes. So let's let's talk about that. That's a really good point. Thank you. We've provisioned our machines with our packet metadata module. Right. Same one we had in Versus Code. So what does that mean? Well, let's do go in the which of these is packet stuff? Facility. Facility? Didn't pick it up? Uh-oh. Let's do facility. Dress? Why did I pick it up? Let's just make sure I haven't broken the

46:23 scripts. Yeah. That's good. Let's run. So we can there is a sec step involved, which I thought was automated, but we can try doing this now. So we do I'm not gonna remember how to do it. Salt, util, think all. There we go. There we go. And you can see now it's picked up that green. So I guess that's just something I have to clean up in the automation. And it just tells it to kinda scan those direct those expected directories for new module types. And there's loads of module types. You know, we can have states, we can have

47:09 beacons, we can have different engines. Ah, loads. Okay. So let's run grains.la. Then let's just correct. It's really not gonna show up. How about get facility? What am I doing wrong? Version of Python? It's weird that it showed up in the sync. It doesn't show up now. It definitely did sync that time. Did something. Yeah. Yeah. Normally, I'd see a dot PYC file here to show that it compiled. I'm gonna just restart Salt. That is Yeah. Grins.get facility. Still no help, you know, sir. Yeah. You're letting me down. So Let's check the log. I wouldn't waste too

48:40 much time on it. We don't need to work on the packet metadata today, But, you know, I I also don't like things not working. That looks like metadata. Yeah. It did the metadata API. Yeah. Is an error message hiding somewhere in that? Or I wonder if I should be worried about this. It's not my MacBook. That's the packet metadata. So you're in a project that's shared with other people. And by default, the metadata includes all the metadata from the entirety of everyone who has access to that project. Alright. Okay. Cool. I was slightly worried, Harrison. I don't think we

49:49 exposed any key to tokens or anything. No. There's no keys. Those are public. Those are public. Yeah. Okay. It does appear. So I'm just doing something wrong, I'm sure. As well as l s, there is get. Oh, no. There's help me salt. Salt grains command. I got some recipes as well. So grains.ls. That's what I was thinking of. That's the same as oh, l s is what I was doing. Yeah. Items items is what I want. Let me see what we have. Ah, it's under a key. It's under a key. Of course. Okay. Phew. And there was me thinking nothing more.

51:02 So there you go. We can call packet dot metadata, and if I add facility, I can't remember the stop syntax, but it's there. Okay. Good. So we can use those grains if we wish to target things with commands. Right. So we could say, for instance, do this command on all hosts in AMS one. Yes. Yes. Yeah. I think so. Okay. So that means I need to remember how to get the sub key then. So let's try it. So we're gonna do a green match. We're gonna look for the packet metadata. Yeah. It's cool on. I just popped into

52:00 Fixing the Ubuntu machine (Fuck you, Python 2)

52:00 my head there. I'm sure. Yeah. Oh, no. I've removed the command. Okay. So we can do a grain matcher. Let's say we do a command dot run. We will run. Yeah, we'll just we'll run here. We wanna match on our packet metadata on the facility Times one. There. Here. Perfect. It's all coming back to me. Feeling the pressure. So What about pillars? It mostly works the same. Might not spell pillars right. There we go. And but we don't have anything configured as a source of pillar data. But I guess we've got a few things we can we can do now.

53:07 Good. You wanna take a look at the list of provision machines and see if we got another like, do a salt keys and see if there's another one that's ready to to pop in. No. But we will Nothing? We can, correctly. Oh, wait. We never got a minion too. The free BSD failed. Yeah. The free BSD failed. Alright. But we can fix a bit. I keep doing that. I keep go screen I just split the screen. Alright. Okay. Yes, please. You, Ricky. And let's see how far this one got. So exact same problem with a printer in the

54:01 center. Okay. So pet uninstall. Salt. Goodbye. Bye. Eventually. Thinking about it. There we go. Yes, please. Let's do PEP three install vault. Python PEP three. I think. And we just got install on this Questions. I don't know what's going on with Salt Bootstrap then. Maybe it's not been updated since the 03/2001 release. I'm not really sure. It's not important. Let's get Salt working. We'll register it, and then we'll talk about what we can do. So we can begin to add file routes, though, and Salt a file route is somewhere that has configuration that we want our salt

55:02 master to configure or consume, which allows us to provide power information or our state information, and we'll see how we can actually build states. I think the other thing that you wanted to cover was what if we wanna install NGINX across these disparate operating systems where the package name may be different, but we can tackle that too. K. Alright. So PIP three, install. Oh. And let's grab this IP address again. So do you wanna talk a little bit about, Zero and Q and how Salt works behind the scenes, Or is that advanced? Or do I should

56:10 SaltStack communication method. Spoiler: event driven through zero-mq

56:30 is sufficiently advanced for another time. No. Let's let's talk about what goes on there. I think it's it's important. So if we talk about what happens when I run something as as innocent as this command. So when I run Salt with my targeting and some sort of module to run, it's important to know that the master does not communicate with any of the minions. No message is sent over a TCP stack to the minions, at least directly. What actually happens and that's really simplified it from a security point of view as well, particularly around firewall rules,

57:15 is that the only firewall rules you need to allow are your minions to speak to your to your master. And that's because when we issue a command here, what actually happens is the salt master rates to a zero m q topic, and there's one spare pair of menu, and I think it is. And those menus reach out to the master and subscribe to their topics. So we put the instruction onto CRM queue. The menus pick it up. They do the work, and then a message gets published back on CRM queue, the master consumes it to understand

57:46 that the job is done. And that's it. It's it scales super well. Like, if you can imagine that I've got I mean, that's either a contrived example right now. We've only got a couple of minions, but Azure infrastructure scales to dozens to hundreds to thousands. Those messages been written to a local CRM queue and consumed downstream. It's super fast. Yeah. It means that the network infrastructure can be simplified as well because if you have a minion that's remote, right, it's in an edge location, it's behind a firewall, whatever, you don't need to send command you don't need to send something directly to

58:34 it. It can fetch from a more publicly reachable site. Yeah. Definitely. Yeah. So that's taken a little bit longer than I was expecting. Is this on our is this on our c one large arm? I think this is on our arm machine. So Yeah. So there's a story behind this. Up until recently, the PIP infrastructure for wheels on ARM has been lagging behind. And so in a lot of cases, we're actually compiling things right now. Whereas on a x 86 machine, they would just be available. Yeah. So I guess it would use a precompiled version, but for ARM, we have to

58:40 Python / wheel on Arm needs compiled, so it’s a bit slower.

59:24 drill that as we We have to do all the work ourselves. Yeah. Alright. Well, we can leave that running for now. So now we understand how the messaging works. We kinda covered the what that means for our networking security point of view, at least as far as firewall rules go. Next, I guess, wanna provision something. Right? Right. We we wanna install some software. Alright. So let's see. What do we have again? OS. Alright. We got a Debian box and a CentOS box. So let's search on the this is a Debian box. I don't wanna pick something, but the package

59:30 Installing software to our minions through SaltStack’s package module

1:00:13 name is the same. Although, I guess, could because it's still really even if the package names are the same, it's still using a different package manager under the hood to install it. So that's cool. Right. There's also stuff we can do, but passing in, like Salt uses Ginger templating a lot, and you can use maps and Ginger to provide dynamic package name, which is quite nice. Yeah. Okay. So they're the same, but that's fine. So what we can do, you got a suggestion there? Or No. I I think this is a I think it's good to show off that

1:00:54 you can run one command that'll do do different things on different systems that are logically the same, but underneath the code underneath the hood, they're they're different. Oh, yeah. Definitely. I think that you're you're right. And before I run this, I think that would just be that would be silly of me not to kind of explain. So we could do an act search engine x with a command run. Right? The problem being being just me I said, it's not gonna work on our infrastructure which isn't debbing or event to base. Like, oh, that doesn't work. Which

1:01:39 means we can't do apt install engine access way. Or I could, but it would only work on a subset of my machine. And what Salt does is provide state modules, which try to abstract away most of this stuff. Like, you you you just don't really care. And we get this used package dot installed and give it the name of a package. I thought I would just check our ARM box before I run this, but it's not up yet. And package install. And behind the scenes, that's installing those packages for us on both of our machines.

1:02:17 Right. Then that that that is gonna be a little bit verbose, but it's now done. So how can I convince you that that has actually happened? Let's try is there a package dot beraden? I can't remember. I think Yeah. Don't Here we go. And we get slightly different versions of each of them, which is to be expected. Well, yeah. I mean, we didn't do anything we didn't specify anything to conversions or or anything like that. So we're getting whatever's latest and greatest per operating system. And it turns out that CentOS is actually a few versions ahead even

1:03:02 though it's kernel was particularly old. So that's cool. We can also I mean, we can trust package dot version, but we can also do a command dot run where we do NGINX version. Oh, I think that works. Oh, there we go. And we get that same information back by the you know, directly speaking to the command line. Let's bring up this person too. Let's do some army stuff. Arm arm stuff. Menuin. I guess we're creating this ourselves. Vim master con master Grab the IP address again. Restart SaltMenion. Alright. So we run SaltKey. Hey. Stop there.

1:04:30 There we go. Patience. Here we go. Opinion one. Thank you. Okay. So how you can let kernel release. Silly me. Okay. Kernel release. There we go. Not one of them the same, but I guess we expected that. Right? Yeah. We expected that. Well, let's And and and I'd I'd say, you know, that the fact that we've had some hiccups because of different operating systems and different versions of things and whatnot. You know, on the one hand, having some sort of diversity in your network is useful because because you get to see a bunch of new

1:05:38 you get to see things that you wouldn't see if they were all the same. But there's a certain hassle factor to it. And I I don't you know, for for production, I I've I very much understand why someone would have a completely homogenous network with as few differences between the nodes as possible, but this isn't production right now. I guess it is. Okay. I lost my train of thought now. Oh, let's let's how can I check the CPU architecture? We wanna see the ARM machine. Right? Yeah. The CPU One of the arch maybe? CPU arch maybe.

1:06:31 Yeah. Cool. Hey. Working. Alright. Good. I feel better now. So we used the state module to do a package installation across three different operating systems, two different architectures, and three different kernels as well. But that's that's that's fine. So let's take a look at that list. So we looked at the power list earlier, but we can also just change this to green greens. And we can take a look at, like, there there's also why am I looking at grains? States. There you go. Alright. So state modules are the are the things that we can do

1:07:00 Looking at state modules

1:07:26 with Salt. Alright? And and by doing with Salt, I mean, like, leverage their abstractions so that we don't need to use command dot run for everything. I mean, don't get me wrong. If you if you get Salt running in this fashion and you're just using it for ad hoc commands, like, salt command or run is fantastic. But eventually, you're gonna wanna codify. So state modules, let's see. We can provision less encrypt certificates using Salt. We can configure Apache. Find something fun. Managing staff assault. That sounds scary. Wow. Yep. We can manage our cron jobs. Let's take

1:08:20 a look at that. That'll be relatively painless. I see that now, and I bet you I get it. I'll break it. Anything jumping at you? You wanna look at the file interface? Yeah. I guess that's probably one of the most common configuration management tasks. Right? Is I wanna get a fail onto all of my machines. So alright. Let's take a look at the cron. Then what I I like about Salt is that the examples are particularly good in all of their documentation. Yeah. So this will require us to write our first state file as well. Cool.

1:09:00 Writing our first state using the cron state module

1:09:13 So if I come to SRB vault and we have a directory here. I can add a state directory, and I can add my add cron state. And for doing that, we're just gonna use the SLS extension, which is like a salt state file extension, which uses YAML, which is where all the examples come in. When we looked at the the accessibility of Salt earlier, and there was something called an engine, and there's also renderers. You can actually write your own renderer to take JSON or take Markdown or take just Python code or whatever and write your Salt space. I'm not sure

1:09:58 why you're going to do that, but the accessibility is pretty cool. So there are two ways to write the salt state as well. From the present, and I'll kinda cover both. Let me just take a minute. Alright. So Salt allows you to let's see the explicit syntax. This is the one I I tend to prepare. And that means that we just use some sort of arbitrary ID for the state, which must be unique. We then then specify a module. So cron dot present, we're using the cron state module and then the function present to make sure that the

1:10:45 cron job exists. There are others. You can see this list here. I lost it up. It's because I'm zoomed in too much. We can do absent EMV present, EMV present, fail, present so those are each of the functions that are available to us. The name is then what we actually want to execute in a state. So I can say date. Yeah. We just wanna write the date and output it to file, run it as a root user, and run it, I guess, means every five minutes. The same syntax would be to a met the name and use that as the ID,

1:11:21 which is also valid and I'm just not a big fan of it. So is it every five minutes or on the fifth minute of the hour? Yeah. That'll be the fifth minute of the hour. Let's take a look at the function header. Minute, hour, day, month, month, day, week. Yeah. Yeah. Okay. So that'll be the fifth minute. If I wanted to do it every five minutes, it would be what's that? I can't remember. Star over five? I can't remember. Is it star over five or is it five comma zero comma five comma 10 comma whatever?

1:12:03 Yeah. I think star let's try star over five and see what happens. And then we'll to the yeah. We'll take a look at the cron tab and see what what it generates. Let's just save that. Now if we do a salt salt what am I doing? Oh, yeah. Okay. Let's take a look at our salt master configuration. There's something called a fail root here. Surf salt. Yeah. Where we could tell it how to consume our dates. Yeah. It's Surf Salt. So let's move that file. I don't think it I guess it doesn't need the states.

1:12:59 Can't remember the last time I provisioned just by hand. Let's remove states. And now we just got this in the top level. And let's just try and see what happens. So that says run on all machines state dot SLS, which is just like how I can tell Salt to run a one off state for this. And we can tell it to run ad cron. Alright. And it did pick it up, but it doesn't doesn't link my syntax. And it may just be the may just be a YAML thing. There we go. There we go. So now both of these

1:13:00 Running a single state from the file root

1:13:43 all three of these servers have some sort of cron configured on it. So let's just pick one. We'll take a look on the CentOS machine. And if I run Chrome tab, it's the we've got our star over five. So every five minutes, it's gonna execute date and write it to a file. Easy. Right? Easy. Okay. What should we do next? You want me to do a file. Right? Yeah. Let's do a let's look at the files. No. For, I mean Let's ensure our directory exists first, and then we'll maybe dump a file inside of it.

1:14:00 Adding the file state module to our first state: creating a directory and writing a file

1:14:42 So copy on our example. We'll modify it to certain needs. So we'll call this let's create a let's just build on this really contract cron example. Right? So Sure. Let's do cron test output there. We're gonna create a new directory for this output instead of putting it under test. And we need to add a name because I don't like it being taught. And we'll call this temp live stream Chrome test. Okay. We'll configure this to write to that directory. And we'll see it. No. You you let's look at that file again. You're writing to a file in the top one,

1:15:41 and is that a directory in the second one? Yeah. There we go. Good catch. And then we can read from fresh in all of our machines except for one failed, which is, I guess, good. And what failed? You do if you have make term minus It didn't like to create the directory because the subdirectory didn't exist. Oh, no. It failed in the mall. Yeah. You're right. And it's because of the subdirectory. That's my fault. Salt has a flag for that. Make there's I think yeah. Try again. Nope. Let's confirm. I think it would there's there we go. Nature's.

1:16:51 That was close. Run that again. Ta da. Ta da. Ta can run temp livestream contest, and it's not run yet. But it runs. Hello? Because we're doing a present, now it has created this twice. And that's just because we changed the the name. Oh, sure. Reason. So I I didn't realize that we got rid of one another one. So let if we just run that again, we shouldn't end up with three. Shouldn't. Yeah. Good. Okay. What do we wanna do next? So we created a directory. Let's hop over here, and we can do a fail.

1:17:45 It's this no. No. Manage. Place to managed. There's so many different functions and modules. Okay. So let's I'm trying to break this down. So we'll give it a explicit name. We'll call this our fake file. We give it a name. So temp livestream contest pick, and then we can provide some sort of source. Now the way that the failed up managed works is you can specify multiple sources, then it'll stop on the first one that exists. Neither of these exist though. So it should fail. Well, unless we add one that works. Yeah. Do shall we see it fail first? Let's see

1:18:39 it fail first, sir. Alright. Fail. Fail and fail. Nothing found. Yep. And because we don't have a source that works, so let's come out here. Now we can do salt, SLS path, which is my favorite little thing, and we'll call this fake. Now this doesn't exist still. So, you know, if we run it, we're gonna see a state of red again. But that SLS path means that it's gonna use the path from where this state file is. So, like, I create fake and watch. I normally wouldn't do it normally. Let's clean this up. I feel like I'm

1:19:22 being quite messy right now. So let's say we have our livestream state, And inside of that, we've got our edit.sls, which is a convenience helper. Come into our livestream. Let's use our setup, and we'll have our normally, I have, like, a fails directory, and then inside the fails, I'll have pick. Hi. I am a pick fail. Okay. So we made a few changes there. What we want to do now is modify this path to be failed pick. And my command there. It's now livestreamed. And we don't need to put and I'll talk about how we

1:20:22 address our name states in just a second, but I should be able to run this as is, and it works. Yep. And we we can confirm this here with temp livestream catfake. So really, really powerful. We also have the ability to interpolate, but let's let's cover the naming first. It's one of my favorite things about Salt. I actually use Salt for my dot files. I was gonna say keeping track of home directories and whatnot. Yeah. So and the reason I do that is because it means I can run individual parts of my state really, really easily. So

1:21:03 if we take this as an example, we've got a livestream state that runs in it dot SLS when it's not when it's not totally authorized. I can also add a one off command dot SLS, which could just do cron test one off, This is gonna do a command dot run. We'll have it run who. If I run our livestream state again, there's no who. However, I can add oh, what do they call it? One off. I can add one off like so, and it runs who and all of the machine. Now we have a full

1:21:53 array of requisites and includes helpers that we could use within Salt. So, you know, I can do includes one off. You need a dot to indicate it's the local directory. Otherwise, I would have to do livestream dot one off. Let me get the eclipse one off. And if I run without that oh, what did I get wrong? It doesn't compare oh, hold on. Not a dictionary. Not a dictionary. I see that the documentation is handy. It is good documentation. It's include. Of course. And we now have, you know, this this went up from three to four, but we

1:23:08 can see that it's it's now including this who output as part of the state run. And I can still individually run that one off as well. Like, I don't need to run the whole thing, and I think that's just something I mean, I'm a big fan of Ansible, but it just doesn't have that level of I can choose what I wanna be able to do at top, which I really like. There's also prerequisites that require some text. So let's say prerequisites. Here, you can see that it has dependencies. And if we take a look at our

1:23:39 our edit state, you know, we what happens with SaltStack here is it will run this file from top to bottom and order, but you can also be very explicit about the prerequisites or requisites. Mhmm. So we can say we actually require the step to run first. Or, you know, the other options we've got are if something changes or if a file changes, then I want to ensure that the state runs again. We can watch files. Like, there's a whole bunch of stuff here that's really, really cool that allows you to tie all your states together.

1:24:17 I can now show one more thing, and then we'll kinda have a chat and see if you got any ideas. So inside fails, I can open fake, and I can then use this gender syntax, or I can reference the group the grains like so. And let's run. That's okay. can't Yeah. Didn't And didn't interpolate. Yep. Let me see if I can remember why. Oh, yeah. So this is why I should do ad hoc stuff. We need to tell it I think it is engine. Let's confirm that. Failed or managed. It's template, Ginger. There we go. Not engine.

1:25:28 We just tell her that we want to template it. And it's Ginger it's just Ginger. It's not Ginger It's not ginger two. Thank you. That's better. And you can see it it actually shows you the change that I made. So it removed the green's line Yeah. And added our Linux line. And then I can't Nice. Good. Cool. We're getting there. That's cool. So you could see how this would be useful for so one of the things that that you can leverage the packet metadata for is inserting SSH keys into, home directories because the packet metadata includes

1:26:27 SSH public keys for everyone who has access to things. So you can imagine provisioning a home directory for someone, based on just their key information that you can pull from metadata. Oh, really? I didn't know that. Okay. So should we try and provision all of our machines with your SSH key? Well, let's see if it's there. So if I do Carl, is that metadata.packet.net/ is that right? I think so. Okay. So let's pipe us through j q. Yep. Let Salt install j q. Package install. We'll do it on all of our machines. Sure. Bring them all up.

1:26:45 Provisioning all our machines with SSH keys from our custom grain data

1:27:32 Okay. No. Good. But we pull up a curl, type it to Jake here, and let's just see if we can narrow this down a little bit. So and then we'll re pipe it. That's a lot of keys there. So Yeah. It's a lot of keys because you're on a you're on a shared project. I am on a shared project. Okay. SSH keys. So dot SSH There we go. Now we've only got the keys. It doesn't look like there is a way to pull out individuals. No. It does not. Oh, we could provision them all. Right? We could provision them all.

1:28:15 We can just trust everybody. Sure. Okay. So what do we need to do first? We need to make someone a home directory. Okay. First time to let's just I'm gonna add these SSH keys to our grains first. Oh, sure. And, yes, you're right. Let's create a let's create a home directory. Let me spell things correctly. Okay. So let's refresh. Oh, the front of refresh command. Salt, util, thank all. So let's just run it on master star and accurate metadata SSH. Oh, we now have that available as green data. So you want to provision a new user,

1:29:23 and we'll create a new we'll use our livestream state, but we'll use a substate. So let's call this user Matt. So what would you like to call this new user? Should match yeah. Should call it ad. Yeah. We got no. I think there is a user a present module. Name let's just confirm that. So we go back to our state module list user. Move down a bit. User. Yeah. It's user. Yep. We have access to this syntax. So we will copy it as an example, tweak as needed. So let's see. We've got name. Add. If you bash.

1:30:39 Sure. I'll give you a home directory from UID from UID. There. How does that look? Perfect. Okay. So let's run this. It dot SLS livestream user and No group exists. Yeah. We do not have a will group. You're getting no groups, I'm afraid. I'm removing your group. Okay. That's fair enough. Just says failed to create. I wonder Do we have a ID match? Good question. I was also wondering if maybe there's a minimum number of catches for a username. I can't remember. No. No. I've I've successfully been in before. Alright. I mean, I don't see a thousand and

1:32:01 one user. No. I don't either. So uh-huh. Let's try. How to bug? Oh, it's just that. Why you fail? Why you fail? Why you fail? I mean, that's a pretty simple It's a present. I'm gonna remove the Can get it down to its minimum. Alright. Okay. If I remove the UID and GID, it worked. I'm not sure why. Much Oh, you know, I know what it is. It's a YAML thing. Oh, no. Do they have to be quoted? Because it's interpreting them as Octal or something stupid. Yeah. I I I know it does that with some weird numbers and format. Anyway, we're

1:33:11 we're good. Okay. You're you're not a user. So l s home ID at you exist. So Okay. Next up, we want to provision SSH keys. Is that right? Yep. And we're gonna do this at home at dot s s h authorized as single secret path. Yeah. Think so. We need to no. We we need to enable template first, didn't you? Now we could do source like we did last time. However, our source is really just those keys. Believe we could just do contents. We can use YAML multilane. I think we make our way with the

1:34:17 Oh. I think. I can't remember. Do you remember what the permissions need to be? The directory needs to be I'm just making up. I might be wrong. 700? It can't be writable. Alright. Let's run this and see what happens. Let's just Do it again. So we got broken. Broken. Broken. Broken. Okay. It's not leaking that. Doesn't like the multi one. Okay. Grain. Got a packet. Yeah. That'll do that. Oh, it's it's doesn't like Okay. That that was fine. This is wrong. And it's because okay. So there's I I'm gonna assume I've got this understanding in my head

1:35:40 right, but I may be wrong. There are two ways to reference Grain and Salt. So we can do Grain's dot packet metadata, which works for simple keys, but this is a this is a complex key. But I believe what we actually need to do is grains packet, metadata, SSH keys, like so. Yeah. Okay. I think. Didn't like the It didn't like me not closing my Just the sentence. But I was just messing her braces. Alright. It does not have oh, okay. So, yeah, when we use the complex syntax, I think it actually breaks it up. Like, I can't even remember

1:36:35 now. I'm completely making this up. Let's see. Okay. So better. I definitely did the interpolation, but it failed because it did the interpolation. Expected a semi expected a colon. So this is just my multiline syntax, and I think the problem is this array style thing. Okay. So can I confirm what I think the problem is? Because YAML supports supports YAML. Syntax. Yeah. It's a YAML thing. Let's see if we can pull up a YAML file there. Are you okay for time? Or actually Yeah. I'm good. I'm good. Alright. So what we have we'll we'll copy it.

1:38:03 There's something like so I'm not sure what that copied. I think copied public keys. I'll do it this way. Alright. I'll type it. Thanks. Do we have something like that where we're using this syntax here and I could do this shimmer. I think I said that's something more if I don't have one. And if we validate this Could not find Oh, it is completing. So my multiline syntax is wrong. Maybe it needs to be indent a little bit more. I'm undented. Yeah. So So I need to see if we did. So we still have one problem here, though,

1:39:10 which we'll see in just a second. Okay. If I go to four Something something worked. K. It half worked. And the problem is we still have a No. That needs to be yeah. Because that's that's Yep. Just the wrong syntax. So the good thing about the Genga things is we have access to the entire Genga templating library too. So I think we can do join. I think we can do join with a new line. Actually, it worked. But the indentation's wrong. You can see there's no erase and text. The Right. Okay. So that means we need to do

1:40:02 one more thing. And then six. We should end down every lane by six. Didn't like it. Oh, that it oh, it didn't end up. What have I got wrong now? Maybe it's eight. Yeah. Success. Hey. Wow. Love me some yum. Much better. Okay. K. It's got blank lines in there, but I don't think that's gonna matter. Well, I'm not gonna ask you if you know what your SSH key looks like, but I believe you are in this project. So why don't I believe so. Do you wanna share your screen and see if you can connect

1:41:00 just to complete? Let me let me make sure that I have the right screen up. Bring up PuTTY because I have a fantastic Windows machine here. And then the host name I'm connecting to is? 1 4 7 Dot 70 5 Dot 30 3 Dot 1 3 4. And let's see if I do the right SSH key off. Okay. That was menu one. I'm not touching it. I'm waiting on I'm waiting on me too. It's not working. That's Well, let's let's well, let's see. I mean, it's not terribly important, I guess. I don't even know if your

1:42:22 SSH key is on that metadata. So and it's just a buffer. No. I think I think this is a I think this is a something else going on here. So let me I'm switching to an off screen computer. And what's the what's the address again? 147 Dot 75 Dot 33 Dot 134. Permission denied public key. No. I wonder if that's because I made up the permissions on this file. Yeah. I think you need to be 600 on that. We can tell by taking a look at the log. Well, if I pull up system menu log,

1:43:26 I don't think we got an SSH deny message. What can I look at? Dash x v. Yeah. I'm not really oh, that's the wrong machine. Oh. There we go. So I was trying to get the user Could not find No. The pager. I don't if that's after that. Alright. We we got past that bit. That's my IP address. That's me. I bet yeah. I bet it's a file permission thing. Yeah. Either that or my key isn't in the system. That's not a big deal. That would've been cool. Anyway, we've covered a lot of salt there.

1:44:38 Is there anything we have missed, do you think? Is there any questions you've got? Anything I we we've covered a lot. The the whole idea of using configuration on the master derived from either the master or the minions data. Right? So we covered grains and how you can interpolate grains into files. The the the neat thing about Salt for me is just how powerful it is for ad hoc commands. Right? If you if you've if you know that you, for instance, need like we did before, like, you know you need to have j q in all the

1:45:31 machines, That's a one liner, very easy to do, very straightforward, very simple. It for for me, Salt is really two things. It's a very complex, very powerful, all consuming, do everything with its system, or it's a very simple, do a couple of things very easily kind of system. Well, I think that's that's a, you know, a couple different sources of usefulness for it. Yeah. Definitely. I mean, I I completely agree with that. So, you know, give that a big massive thumbs up. I think, you know, when you're dealing with the the ability to run out of commands

1:46:18 against all your machines or a subset of your machines is just really important. But even that, I think Salt has a lot of power even on a single machine setup. Just the ability to automate all of these things. Like, you know, I can do Salt command dot run, but, you know, putting together state files like this makes something really, really repeatable. Yeah. They made so much so I use it for my doc files, as I kinda mentioned earlier. So that's Yeah. It's just yeah. And for that, we're powerful and fast. You know, I don't think we've

1:46:49 really ever waited too long and anything happening, which is nice. And and small enough, to consider on small machines. I'm actively using it on a Pi three, which has got one gigabyte of memory and it you know, the the baseline load of what does it take to run it, doesn't show up very much. Yeah. And and it does not have massive footprint CPU or memory wise, which is great. And super I mean, it's pretty tweakable and configurable as well. Yeah. Definitely. I'm just trying to think if there's anything we should cover or if we just leave

1:47:35 it there and maybe we'll do a second session another day. I think we can leave it there. I mean, the the the, key management is really something if you're bringing up a lot of machines. I think, understanding, like, what does it take to take a machine online or offline. But, yeah, I think we can we can leave it there. We we we've covered a lot of ground. That's really, really helpful, really useful. Awesome. Well, thank you for joining me today. It's been a a pleasure going through some of this stuff and chatting with you. And

1:48:21 I hope that we can do this again soon. So thank you again. I'm looking forward to it. Alright. Have a nice day. Hey. Take care.