Friday, December 29, 2017

Configuration Management with Salt Stack on Windows - Part 2 - Configuring Salt Minion with Vagrant


This is part two of a series of basic configuration management for Saltstack for use in an Windows environment. In this guide we'll be covering the basics of setting up Salt Stack Windows minion on a test machine on Vagrant. Part 3 we will be diving into the meat and pushing some buttons automatically with the Salt Master.

In order to create a test minion, we'll be using a Windows Server 2012 R2 vagrant image.
https://app.vagrantup.com/mwrock/boxes/Windows2012R2

vagrant init mwrock/Windows2012R2
vagrant up
 Once the machine is online you can login with vagrant / vagrant.

The download for the salt minion can be found on

https://repo.saltstack.com/#windows

Or the direct link:

https://repo.saltstack.com/windows/Salt-Minion-2017.7.2-Py2-AMD64-Setup.exe

The Windows installer is straightforward - just enter the Master IP or Hostname for the Salt server. We're not going over the internet, so I entered the Private IP. If you use the default "hostname" option, it will use the windows Hostname as the minion name.



The preferred method of installation would be to use the silent install parameters, which are listed below.
Salt-Minion-2017.7.2-Py2-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=hostname
Once the minion is installed, you can see the salt-minion displayed in services:






The Salt installation is default under C:\

The configuration under C:\salt\conf you can edit the minion_id file if you'd like to change the name.

In the next post, "Part 3 - Configuration Management of Windows with Vagrant." we'll be diving into Salt basics and example configuration management tasks.

Configuration Management with Salt Stack on Windows - Part 1 - Installing Salt Stack Server with Vagrant

This is part one of a series of basic configuration management for Saltstack for use in an Windows environment. In this guide we'll be covering the basics of setting up Salt Stack Server with a test machine on Vagrant. It's important to note that the "master" server of Salt must be run on a Linux sever, with their being support for a ton of different operating systems as minions. Part 2 will descibe setting up a Windows minion.

We'll be grabbing the recently updated generic Ubuntu 16.04 vagrant box as a starting point
https://app.vagrantup.com/generic/boxes/ubuntu1604

Run the following commands to start this box:
vagrant init generic/ubuntu1604
vagrant up








Once the server is setup, you can SSH into the Linux server and login with vagrant with the password of vagrant.

Using the bootstrap script, you can easily provision the Salt Master server
https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html#salt-bootstrap

There are a ton of different opinions listed for getting Salt setup - but since wget is installed by default we'll use these commands to install the latest stable version. The -M parameter is used to install the master server, running without it will install the minion components.
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh -M

You should receive a notice that SALT has been installed.


The default out of box configuration works well in most instances. The Master server listens on all interfaces on port 4505 for publications and port 4506 for "returns".

Run the command to check that the salt master is running.
service salt-master status


In the next post, "Part 2 - Configuring Salt Stack Minion with Vagrant" we'll be diving into configuration of a Windows minion.

Configuration Management with Salt Stack on Windows - Part 0

This is the first foray into Configuration Management on Windows with Salt Stack.

With Configuration management on Windows, I feel as the more I am getting ramped up on working with a development team, the more I understand the need for measurable, consistent and scripted changes. I am looking for the following things:

  • Centralized management over the public Internet
  • Reasonable cost per machine OR the ability to use the community / free edition for my tasks.
  • Ability to work well with Windows
    • IIS configuration
    • Registry / File & User management
    • Patch status evaluation and configuration
    • Low agent footprint.

I stumbled upon SaltStack after a co-worker recommended it. I had a hard time finding specific information related to my use case, but I dug into watching the following presentation.






I'll be honest, after watching, I was completely lost - but it seemed like I was on the right path, so I thought I'd dig in.


With the following series, I'll be digging into a much easier and approachable use case:
  • Part 1 - Installing Salt Stack Server with Vagrant
  • Part 2 - Configuring Salt Stack Minion with Vagrant
  • Part 3 - Configuration Management of Windows with Salt.
  • Part 4 - Practical configuration management with Salt.

Thursday, December 28, 2017

How to update Expired VSTS Service Principal Keys in AzureRM portal



If the service principal expires you may need to update the expiration by creating a new key. 

In Visual Studio Team Services, the following error may be logged if the Service Principal key is expired:
 
Failed to check the resource group status. Error: Could not fetch access token for azure. Status code: 401, status message: Unauthorized.

To fix, we can create a new key:
 
Login to the Azure portal:

Select Azure Active Directory
 
Select App Registrations from the sidebar
 

Search for the Service Principal Client ID – that has expired

 .

Select the Application after searching.
Select “Keys”
 
Create a new password you can enter anything as the description – set the duration to never expire.
 
Click save and copy the value shown under “value”.

In VSTS select Services under project
Select "Update Service Configuration" and enter the new key.

Azure Point to Site VPN failure with error code 809

I ran into some trouble today troubleshooting a developer's workstation. The issue was when using a Point to Site IKEV2 VPN some clients...