This article describes how to increase performance by configuring Salt Master’s Job cache and events to directly connect to the SaltStack Enterprise Database.

SaltStack Enterprise has many different configuration options. With these options you can increase scalability and performance of the SaltStack Enterprise server by spreading the load of job returns and events from a master directly to the Postgresql database.

 

PREREQUISITES

SaltStack Enterprise seamlessly integrates with a new or existing Salt installation. You must have a SaltStack Enterprise Server installed and connected to a Postgresql database. See SaltStack Installation Guide for more information.

To use the direct database connection, modify the Salt-Master plugin on the masters that are connected to your SaltStack Enterprise server. The Salt-Master plugin will use the postgres json returner. This returner requires the psycopg2 driver version 2.7.1 or better. The Postgres JSON support needs Postgresql 9.4, but will perform best if version 9.6 or better. The latest psycopg2 driver can be obtained by pip install.

 If you are connecting a remote master the Postgresql.conf needs the listen_addresses set to allow listening to anything outside of localhost. If you have the firewall enabled the db port will also need to be added. The default port is 5432.

CHANGES TO YOUR SALT ENVIRONMENT

If you have already installed the Salt Master Plug-In and installed the psycopg2 driver you can edit the configuration to enable Direct Master DB communication:

Edit the /etc/salt/master.d/raas.conf file to update/create the following values:

The SSL connection mode. The default setting  is prefer. See https://www.postgresql.org/docs/current/static/libpq-ssl.html for more information on the SSL modes.

master_job_cache: sse_pgjsonb

event_return: sse_pgjsonb

 

returner.sse_pgjsonb.host: 192.168.57.11

The database hostname or IP address.

 

returner.sse_pgjsonb.user: root

The database username

 

returner.sse_pgjsonb.pass: salt

The database user’s password

 

returner.sse_pgjsonb.db: raas_43cab1f4de604ab185b51d883c5c5d09

The database name. It is `raas_` + `customer_id` (without the "-") from the /etc/raas/raas file on the SaltStack Enterprise server. Default is raas_43cab1f4de604ab185b51d883c5c5d09

 

returner.sse_pgjsonb.port: 5432

The database port. Default is 5432

 

returner.sse_pgjsonb.sslmode: prefer

If using SSL your own certs you can set the following values

returner.sse_pgjsonb.sslcert:

The path to the certificate, default value is /etc/pki/raas/certs/localhost.crt.

 

returner.sse_pgjsonb.sslkey:

The path to the certificate’s private key, Default value is /etc/pki/raas/certs/localhost.key.

 

returner.sse_pgjsonb.sslrootcert:

The path to a CA file.

 

Stop and then start the Salt master, service salt-master stop or systemctl stop salt-master, then service salt-master start or systemctl start salt-master.

 

INSTALL SALT MASTER PLUG-IN USING STATE FILE

Perform the following tasks on all Salt masters.

SaltStack Enterprise Salt master plug-in is installed using the eAPIMaster state.

CUSTOMIZE THE EAPIMASTER INSTALLATION

The default Salt master plug-in installation state configures the Salt master to connect to Enterprise API on the local system, and uses the default superuser account to authenticate. The Salt master plug-in installation can be customized by passing pillar values to the eAPIMaster installation state.

Note: If the raas.conf file already exists the state file will not add/change the values in the file. Please see the Manual edit instructions or use the eAPI-Force-Config: True pillar to overwrite the config file and overwrite any changes you may have already made.

 

eAPI-IP

Default is localhost, set this to the IP address or hostname of the eAPI server when installing non-local Salt masters.

 

eAPI-User

Default is root. If you changed the Enterprise API username, provide the name in this pillar value (instructions are included to create a dedicated Enterprise API account for each Salt master in the Initial Configuration section).

 

eAPI-PWD

Default is salt. If you changed the Enterprise API root password, provide the password in this pillar value (instructions are included to create a dedicated Enterprise API account for each Salt master in the Initial Configuration section).

 

eAPI-SSL

Default is True. Set this to False to disable SSL.

 

sseapi-type

Set the type of SSE API communication. Default is sseapi (direct to Enterprise API). Set to sse_pgjsonb

 

eAPI-db-host

The hostname or IP address of the Postgresql server

 

eAPI-db-user

The username of the Postgresql server user

 

eAPI-db-pwd

The Password of the Postgresql server user

 

SALT MASTER PLUG-IN INSTALLATION PROCESS

On each Salt master, download SaltStack Enterprise

Copy the eAPIMaster directory from the extracted zip to your file_roots directory (/srv/salt/).

Run the following command on your Salt master to install the Salt master plug-in:

sudo salt-call --local state.apply eAPIMaster pillar='{eAPI-IP: 192.168.57.24, sseapi-type: sse_pgjsonb, eAPI-db-host: localhost, eAPI-db-user: root, eAPI-db-pwd: salt}'

 

The Job cache and master events should be now directly placed into the SaltStack Enterprise Database. After a minute or two the Salt master and its Salt minions appear in Enterprise Console.