Configuration Management with Salt Stack on Windows - Part 3 - Basic Configuration Management of Windows with Salt
In part 3 we're going to just scratch the surface of remote execution in Salt. We're going to accept the keys for the master server and run basic tasks using the built in modules.
The minion automatically tries to contact the Master server. The master server must approve the minions "keys" before it can be managed.
On the master server you can view the keys by using the command
sudo salt-key -L
As you can see we need to accept the "keys"
You can accept the key by using the command
sudo salt-key -a WIN-R7RQM4ENMHS
If you use the parameter -A instead you can accept all keys.
To test that the minion is checking in you can use the following commands.
sudo salt '*' test.ping
All modules can be found in the documentation:
Looking back at the tasks we want to accomplish, we can now accomplish these tasks with salt commands.
- IIS configuration
- Registry / File & User management
- Patch status evaluation and configuration
There are a wealth of other tasks accomplish with the win_iis module:salt '*' iis.list_sites
To create an example user, we can use the below command:
sudo salt '*' user.add Testuser Password123!
To download Windows updates, we can use the below command:sudo salt '*' user.addgroup Testuser 'Administrators'
To install Windows updates, we can use the below command:sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] download=True
In part four - we're going to dive deeper into Salt fundamentals such as configuration management, grains, and pillars.sudo salt '*' win_wua.list categories=['Security Updates'] severities=['Critical'] install=True