Salt Master Direct DB Connection
This article describes how to increase performance by configuring Salt Master’s Job cache and events to directly connect to the SaltStack Enterprise Database.
SaltStack Enterprise has many different configuration options. With these options you can increase scalability and performance of the SaltStack Enterprise server by spreading the load of job returns and events from a master directly to the Postgresql database.
PREREQUISITES
SaltStack Enterprise seamlessly integrates with a new or existing Salt installation. You must have a SaltStack Enterprise Server installed and connected to a Postgresql database. See SaltStack Installation Guide for more information.
To use the direct database connection, modify the Salt Master plugin on the masters that are connected to your SaltStack Enterprise server. The Salt Master plugin will use the Postgres JSON returner. This returner requires the psycopg2 driver version 2.7.1 or better. The Postgres JSON support needs Postgresql 9.4, but will perform best if version 9.6 or better. The latest psycopg2 driver can be obtained by pip install.
If you are connecting a remote master the Postgresql.conf
needs the listen_addresses
set to allow listening to anything outside of localhost. If you have the firewall enabled the db port will also need to be added. The default port is 5432.
CHANGES TO YOUR SALT ENVIRONMENT
If you have already installed the Salt Master Plug-In and installed the psycopg2 driver you can edit the configuration to enable Direct Master DB communication:
Edit theetc/salt/master.d/raas.conf
file to update/create the following values:
The SSL connection mode. The default setting is prefer. See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the SSL modes.
master_job_cache: sse_pgjsonb
event_return: sse_pgjsonb
returner.sse_pgjsonb.host: 192.168.57.11
The database hostname or IP address.
returner.sse_pgjsonb.user: root
The database username
returner.sse_pgjsonb.pass: salt
The database user’s password
returner.sse_pgjsonb.db: raas_43cab1f4de604ab185b51d883c5c5d09
The database name. It is raas_
+ customer_id
(without the "-") from the /etc/raas/raas
file on the SaltStack Enterprise server. Default is raas_43cab1f4de604ab185b51d883c5c5d09
returner.sse_pgjsonb.port: 5432
The database port. Default is 5432
returner.sse_pgjsonb.sslmode: prefer
If using SSL your own certs you can set the following values
returner.sse_pgjsonb.sslcert:
The path to the certificate, default value is /etc/pki/raas/certs/localhost.crt.
returner.sse_pgjsonb.sslkey:
The path to the certificate’s private key, Default value is /etc/pki/raas/certs/localhost.key.
returner.sse_pgjsonb.sslrootcert:
The path to a CA file.
Stop and then start the Salt master, service salt-master stop
or systemctl stop salt-master
, then service salt-master start
or systemctl start salt-master
.
INSTALL SALT MASTER PLUG-IN USING STATE FILE
Perform the following tasks on all Salt Masters.
SaltStack Enterprise Salt Master plug-in is installed using the eAPIMaster state.
CUSTOMIZE THE EAPIMASTER INSTALLATION
The default Salt Master plug-in installation state configures the Salt Master to connect to Enterprise API on the local system, and uses the default superuser account to authenticate. The Salt master plug-in installation can be customized by passing pillar values to the eAPIMaster installation state.
Note: If the raas.conf
file already exists the state file will not add/change the values in the file. Please see the Manual edit instructions or use the eAPI-Force-Config: True
pillar to overwrite the config file and overwrite any changes you may have already made.
eAPI-IP
Default is localhost, set this to the IP address or hostname of the eAPI server when installing non-local Salt Masters.
eAPI-User
Default is root. If you changed the Enterprise API username, provide the name in this pillar value (instructions are included to create a dedicated Enterprise API account for each Salt Master in Log in for the first time and accept the master key).
eAPI-PWD
Default is salt. If you changed the Enterprise API root password, provide the password in this pillar value (instructions are included to create a dedicated Enterprise API account for each Salt master in in Log in for the first time and accept the master key).
eAPI-SSL
Default is True. Set this to False to disable SSL.
sseapi-type
Set the type of SSE API communication. Default is sseapi (direct to Enterprise API). Set to sse_pgjsonb
eAPI-db-host
The hostname or IP address of the Postgresql server
eAPI-db-user
The username of the Postgresql server user
eAPI-db-pwd
The Password of the Postgresql server user
SALT MASTER PLUG-IN INSTALLATION PROCESS
On each Salt Master, download SaltStack Enterprise
Copy the eAPIMaster directory from the extracted zip to your file_roots
directory (/srv/salt/).
Run the following command on your Salt Master to install the Salt Master plug-in:
sudo salt-call --local state.apply eAPIMaster pillar='{eAPI-IP: 192.168.57.24, sseapi-type: sse_pgjsonb, eAPI-db-host: localhost, eAPI-db-user: root, eAPI-db-pwd: salt}'
The Job cache and master events should be now directly placed into the SaltStack Enterprise Database. After a minute or two the Salt Master and its Salt Minions appear in Enterprise Console.