Minions
A minion is an agent application that is installed on managed nodes of a SaltStack topology and provides interaction with the SaltStack master.
The minion executes of commands sent by the master, collects information from the managed node, and manages its software configuration.
A managed node running the salt-minion service is also referred to as a minion.
The Windows® and GNU/Linux versions of the minion have similar functionality, but differ in the sets of methods of the execution modules and state modules.
When the minion is first launched, it establishes a connection with the master, the address of which is specified in the minion configuration file.
The minion initiates the handshake procedure and sends its public key to the master.
After the initial connection is established, the minion's public key is stored on the master.
The master then passes its public key to the minion, along with a rotating symmetric AES key used to encrypt and decrypt messages sent by the master.
The AES key is passed encrypted with the public key previously received from the minion.
All further communications between the master and minion are encrypted with AES keys.
The rotating AES key is used to encrypt commands sent by the master to the minion and to encrypt connections to the SaltStack master's file server.
The key is regenerated each time the master is restarted, and each time a minion's key is deleted with the salt-key command.
After the key is rotated, all minions must re-authenticate to receive the updated key.
This allows the AES key to be rotated without having to interrupt the connection to the minion.
The publication data between the master and minion is encrypted with the rotating AES key. When the master and minion interact directly, the data is encrypted with a unique AES key for each session.
Accepting a master to control the minions
The Salt.Box software suite supports the ability to work with multiple master servers.
Each master can only manage the minions registered on it (i.e. those who have successfully exchanged PKI keys with it).
To allow or prohibit a master from managing minions, do the following:
-
In the main menu of the system, select the
Mastersitem. You will be redirected to the master management page Fig. 1.
Figure 1. Accepting a master to control the minions
-
To allow the management of the master's minions, click
Acceptin the corresponding table entry in the Actions field. -
To allow the management of the master's minions, click
Rejectin the corresponding table entry in the Actions field.
Minion collections
Displaying collections available to the user
Salt.Box users have permissions to view and manage specific sets of minions, called collections.
These permissions to access a collection (or set of collections) are granted to users by the administrator.
Salt.Box has a special role collections_admin that grants the user permission to view the root collection of minions, i.e. the set of ALL minions registered on ALL masters known to Salt.Box.
For information on adding users to the system and assigning roles, see the online documentation section Configuring KeyCloak.
This section covers examples for the user user who has been assigned the role of collections_admin.
To list the minions of a specific collection available to the user, follow these steps:
-
In the main menu of the system, select
Minions.
The slide-out panel Fig. 2 will display all available collections.
Figure 2. Selecting a collection
-
Select the desired collection.
A list of minions of the selected collection will be displayed in the working area of the browser window Fig. 3.
Figure 3. List of minions of the selected collection
Collection filter
The set of minions in the collection is defined by the collection filter.
The user can apply an additional filter to the original collection displayed in the working window and save the resulting collection in Salt.Box.
A filter is a logical expression consisting of elementary "Rule" — comparison operations and predicates (depending on the argument types), combined by the logical operators AND and OR.
The priority of actions when calculating a logical expression is standard for Boolean algebra, grouping can also be used using the "Group" construction — a kind of "скобок" in the expression.
The figure Fig. 4 shows an example of an additional user filter.
-
To apply the created filter to the original collection, click the 🔍
Searchbutton at the bottom left of the filter conditions set Fig. 4.
Figure 4. Collection filter
-
To create a collection based on the applied filter, click the button 💾 at the bottom right of the filter conditions set Fig. 4.
-
In the collection creation dialog box, fill in the
titleandslugfields Fig. 5.
Pay attention to the hint with the requirements for the character set used in theslugfield.
Click theCreatebutton.
Figure 5. Creating a collection
A new collection will be created and will be available for selection by the user on the sliding panel Fig. 2.
Minion Information
After some minion is connected to the master for the first time, the method of the grains.items execution module is automatically launched on this minion.
This method collects rarely changing (static) information about the minion's hardware and software.
After the specified method is executed, the minion card displays the collected information Fig. 6.
You can go to the minion card by clicking on the link in the MID field in the entry for the corresponding minion.
The figures Fig. 7 – Fig. 13 show examples of groups of grains data received from minions.
 |
|---|
 |
|---|
 |
|---|
 |
|---|
 |
|---|
 |
|---|
 |
|---|
 |
|---|
Creating jobs and tasks
Creating a job
A simple SaltStack command for a single minion can be created directly from the minion card:
-
Click the
Create Jobbutton located in the upper left part of the card. A dialog box for creating a command will be displayed, with the necessary values specified in theTarget typeandTargetfields: targeting type and minion ID Fig. 6. -
Select the method called by the command and, if necessary, specify the arguments passed to the method.
infoThe procedure for creating, managing, and monitoring the execution of SaltStack commands is described in detail in the online documentation section Jobs.
Creating a task
A task for a group of minions can be created from the minions page:
-
In the list of minions of the displayed collection, check the desired minions. Fig. 3.
-
Click the
Create Taskbutton located in the upper left part of the list.
A dialog box for creating a task will be displayed. -
Specify the necessary parameters and create the task.
infoThe procedure for creating, managing, and monitoring the execution of tasks is described in detail in the online documentation section Tasks.
Viewing the tasks performed on the minions of the displayed collection
To view a list of all tasks performed on the minions of the currently displayed collection, select the Tasks tab located at the top left of the minions page.
The task table is shown in the Fig. 14.
 |
|---|
The Table 1 describes the task table fields.
Table 1. List of fields of the task table| Field | Description |
|---|---|
| ID | Task identifier |
| Task Template Title | Title of the parent template |
| Task Template Name | System name of the parent template |
| Collection | Collection that owns the task |
| User | User who created the task |
| Status | Task completion status |
| Created | Creation period |
Statistics on the minions
To view statistical information on the minions' hardware and software, select the Statistics tab located at the top left of the minions page.
The statistical information blocks have a customizable view.
You can change the placement of the blocks on the page, choose a text view or a diagram view within the information block.
The view of the statistics page is shown in Fig. 15 and Fig. 16.
 |
|---|
 |
|---|