Announcing saltenv!

Author: Nicholas M. Hughes

A couple of weeks ago, I was reading a post from Paolo Romagnoli about installing Tanzu Community Edition with Salt.

The Spark

Anyone who knows me can understand why this was in my news feed. I’ve been involved in the Salt Open Source Community for almost 7 years now. (I’m getting old!)

It was a good article, but nearly half of it was dedicated to installing Salt itself. That’s a lot of appetizers when you really want to get to the main course. The steps also suggested having the full master and minion software, with associated daemons, installed on the system. This can be problematic for some folks who do their work on corporate desktop or laptop systems.

“Hey Security! Can I install…”

“No.”

“But I didn’t even…”

“No.”

So, I started thinking that there has to be a better way to leverage Salt for configuring standalone desktop/laptop systems, potentially where you don’t even have sudo/root/admin privileges.

And so, saltenv was born.

The tool (which has an admittedly overloaded name in the context of Salt) is built with POP (Plugin Oriented Programming) and follows in the footsteps of utilities such as tfenv, kbenv, helmenv, etc.

It allows a user to install multiple single-binary releases of Salt to their system and switch between them effortlessly. The main use case I’m addressing right now is the one raised by Paolo’s article; having a way to get Salt onto a system quickly, without needing admin privileges, in order to start getting down to the business that you really need/want to complete.

It’s Getting Hot in Here

Without further ado, let’s see how saltenv and Salt might solve a really simple single-user configuration use case… setting some basic dotfiles for vim and kubectl.

NOTE: All of the artifacts and commands shown here can be found on GitHub

All of the steps shown here were run on Arch and Debian -based systems I use on a daily basis, but many of the commands will work on other operating systems as well… possibly even Windows! (Throw an issue up on GitHub if it doesn’t work for you… I don’t have a great way to test it right now unless I commandeer my kids’ systems or write some better tests.) Just make sure you have Python version 3.7 or better.

Installing saltenv

1. Create a virtual environment. This is an optional step, but good practice so you’re not mucking about with your system Python libraries.

2. Install saltenv. It’s available on PyPi right now, so it’s pretty easy to get started. I plan on releasing a binary built with Tiamat at some point as well, so keep your eyes peeled for that.

Initializing the saltenv directory

Now that we have saltenv on our system, we’re going to use it to download a Salt binary and do cool stuff. Keep following along!

1. Initialize the saltenv environment, which installs a salt wrapper script and a helpful minion configuration for standalone salt call use. The wrapper script just checks the binary version that it’s supposed to be using and then passes along all of the arguments you type on the command line. One other (pretty important) thing it’s doing is passing the configuration directory location (defaults to ~/.saltenv/etc/salt) to Salt. There is a default minion configuration in that directory which ensures that Salt uses the ~/.saltenv directory for logs, cache, etc. and won’t require root/admin unless you plan on doing things that absolutely require it.

2. Install the Salt binary for version 3004. This reaches out to the official Salt Project repository for download, and you can also pass list-remote to saltenv in order to see what versions are available.

3. “Use” the 3004 binary, which points the salt wrapper script at the downloaded binary. Much like tfenv, you can also saltenv pin a .salt-version file in the current directory, which can override the version set globally by saltenv when you’re in that current working directory.

4. Ensure the wrapper script can be used. This works for bash, but follow the PATH procedures for your shell (zsh, powershell, etc.). We’re setting the ~/.saltenv/bin directory BEFORE the rest of the PATH locations just in case you happen to have a Salt master installed on your system (which probably is a bad idea anyway). Keep that in mind just in case you need to call your system Salt version… you’ll need to pass the absolute path, such as /usr/bin/salt.

5. Run a quick test! This command should return version 3004.

Configuring a system

NOTE: This procedure will overwrite your .vimrc file if present. Be sure to back it up prior to running this command, or you’ll need to retrieve it from the minion cache location in ~/.saltenv

1. Clone the demo repository. This contains a salt and pillar directory, which will become your file and pillar roots respectively when you’re in the saltenv-demo directory if you’re using the default minion configuration. You can add, remove, or change anything you’d like in those directories to play around with possibilites. See what works and what doesn’t!

2. Run a highstate. This will drop some vim configurations that are useful if you’re developing Salt SLS files and also grab some kubectl aliases that I find useful. None of this stuff requires admin privileges.

3. Celebrate! Well… we did it! We quickly got Salt onto our system and used it to do “stuff”. Mission accomplished.

I’m Sorry Smokey

By now, some of you are probably saying “Why couldn’t I just pip install salt==3004 into that virtual environment and call it a day?”

Well, you certainly could. Just like you could manage your Terraform, kubectl, and Helm versions yourself too. And you’d have to manage that venv yourself and remember to pop in and out of it as well. This is just a tool of convenience. There are plenty of ways to accomplish the end goal.

One other thing to mention is that I’ve found some issues with the single-binary version of Salt since I’ve been playing with it. It is still considered in beta by the Salt Project team, so definitely don’t use it for anything that’s super critical.

If you find any issues with saltenv or the single-binary distribution of Salt, please drop an issue in their respective GitHub repositories. Happy Salt-ing!

Nicholas Hughes helps businesses integrate cloud and cybersecurity automation into their IT lifecycle processes in order to amplify the efforts of the existing workforce, prevent employee burnout, and free them to do the more important tasks that might be currently neglected. As part of his daily duties as a founding partner and CEO of EITR Technologies LLC., he’s responsible for all of those super awesome elements of the CEO job that you read about as a kid, like setting the strategic direction of the company and modeling corporate values. Additionally, Nick still performs technical consulting work with specializations in Automation & Orchestration, Cloud Infrastructure, Cloud Security, and Systems Architecture. He has nearly 20 years of experience in a wide breadth of roles within Information Technology, which is invaluable to clients seeking comprehensive technical solutions to business problems. Nick highly values pragmatism, logical thinking, and integrity in both his business and personal life… which is a decidedly boring set of core values that reap great results when applied to the task at hand. He also has a wonderful wife and two boys who keep him on his toes.