SALTSTACK enterprise config installation (part 1)

As I was following a work associate's blog for installing SaltStack, I started utilizing some different aspects to his deploy to complete the same result.  The differences in mine were:

• Using VMware PhotonOS version 4.0 rev 1 for my SALT components
• Have the environment in a segregated non-internet facing environment
• Had to create a proxy TDNF repository to allow the VMs to get the packages
• Deployed 5 VMs (2 x for the masters, 1 x RAAS, and 1 x Postgres, 1 x as a minion)

https://luchodelorenzi.com/2022/04/04/saltstack-config-enterprise-install-multi-master-setup-and-git-repo-configuration/ 

1. Setting up a Proxy Repo:

tdnf (Tiny Dandified YUM) 

https://vmware.github.io/photon/assets/files/html/3.0/photon_admin/commands.html 

is the default tool for Photon to install it's packages.  Command syntax is generally simple when the vm has internet access:

• tdnf (this shows the help syntax)
• tdnf update or upgrade (updates tdnf packages)
• tdnf makecache (Generates the cache for the repos)
• tdnf install netmgmt (Installs the package)
• tdnf repoquery | grep salt3 (uses Repoquery to show all the packages named salt3)

There are many other commands but these are the general ones that I typically use.  

Because my Photon machine is not accessible to the internet I have to use a multistep process to get the repository to the machine.  In my case I have a MacBook and have a VPN to this environment.  I had put Homebrew on the Mac to allow installation of packages on the Mac.  In this case, I added wget to allow me to pull down the entire repo listed here ( https://packages.vmware.com/photon )

I changed directory to the repo

• cd /Users/Hal/repo 

and then used the command 

• wget --no-parent -r 'https://packages.vmware.com/photon/4.0/photon_release_4.0_x86_64/'

This copies the entire repo to that folder and copies the folder structure as well. 

From this you can copy through the VPN to the Photon machine inside the network using a standard SCP command.  I elected to place the repo data in /usr/src/photonRepo but I am sure many will comment a better location that this.  

Next, I had to create new local repo files in /etc/yum.repos.d to enable local repo to be used.  I named the file updates.repo and added this information into the file.  

• touch /etc/yum.repos.d/updates.repo
• vi /etc/yum.repos.d/updates.repo
• add the information above and save the file
• Edit the existing repo files and change enabled = 0 
• run tdnf makecache to refresh the repo list
• tdnf upgrade to upgrade the packages, or install specific ones (like less) 

Once you have the packages updated you can install packages that allow you to install Salt for example.  

Note:  I created another VM following these instructions that I would use for cloning.  In this VM, I used the package sshfs to mount a ssh-based file system for use as the repo so that I would only have to update the repo list once for all the VMs underneath.  

• mkdir /mnt/remote
• sshfs -o allow_other,default_permissions root@192.168.0.201:/usr/src/photonRepo/ /mnt/remote

I created a script to reconnect the sshfs by typing this:

cat > sshfs_mount.sh << "EOF"

sshfs -o allow_other,default_permissions root@192.168.0.201:/usr/src/photonRepo/ /mnt/remote

EOF

This way I can use a password to connect or use public key infrastructure to automatically reconnect the repo.  I chose this instead of creating a web server and adding the files from the web server. 

After the lowest common packages are installed for all the components that Lucho mentioned in his blog, I cloned the VMs to equal the 4 specified.  

Update (2022-May-3): I ran into some issues on Photon 4 rev 2 that the repo would install Python 3.10 and Salt 3004.1 which are not compatible.  I fought with the distro to try and downgrade either Python or Salt.  The second part of this blog will be delayed until I am able to upgrade either component.

This brings us to section 3 in Lucho's blog