Salt State Development

Most orchestration tools are unsympathetic to the process of iterating on both the development and the deployment fronts. They tend to either make the process opaque, if not impossible, on how to work with a disposable development VM or container, which given their mission statements I find somewhat ironic.

Turns out Salt Stack wins the title of "being the least awful" in this regard. They have some minimal, though still awful, documentation hinting that this is possible.

Below is the process I use with a client.

Preflight

We assume that your git/svn/whatever Salt State project lives at: /usr/src/salt-states.

You can use any VM, but lets show a docker example as it can be shown on the CLI:

docker pull ubuntu
docker run -it --rm -v /usr/src/salt-states:/srv/salt-states ubuntu /bin/bash

N.B. using ubuntu as it comes with an init that makes the next section Just Work(tm)

Now run inside the container:

sh /srv/salt-states/debian_install_salt_minion.sh

Got `init`?

If you require a full init, then use instead:

docker run --rm -d --privileged -v /usr/src/salt-states:/srv/salt-states ubuntu /sbin/init
012345

docker exec -it 012345 /bin/bash

As above, run debian_install_salt_minion.sh inside the container.

Usage

Now you can edit the state file you are working on in your regular project tree, and just iterate using:

salt-call -l info state.apply STATE

Replacing STATE with the name of whichever state file you are working on.

Files

These are the files you need to have present in your /usr/src/salt-states project.

`debian_install_salt_minion.sh`

#!/bin/sh

set -eu

. /etc/os-release

apt-get update
apt-get install --no-install-recommends -y wget ca-certificates

wget -O - https://repo.saltstack.com/apt/$ID/$VERSION_ID/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -

cat <<EOF > /etc/apt/sources.list.d/saltstack.list
deb http://repo.saltstack.com/apt/$ID/$VERSION_ID/amd64/latest $VERSION_CODENAME main
EOF

apt-get update
apt-get install --no-install-recommends -y salt-ssh

# https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html
cat <<'EOF' > /etc/salt/minion
master_type: disable
file_client: local
EOF

mkdir -p /etc/salt/minion.d
ln -s /srv/salt-states/etc/salt/minion /etc/salt/minion.d/salt-states.conf

exit 0

`etc/salt/minion`

file_roots:
  base:
    - /srv/salt-states
pillar_roots:
  base:
    - /srv/salt-states/etc/salt/pillar

diGriz my corner of the intertubes