mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 17:09:03 +00:00
c4f5e231fa
Conflicts: doc/_themes/saltstack2/layout.html doc/conf.py doc/index.rst doc/ref/modules/all/salt.modules.hipchat.rst doc/topics/releases/index.rst salt/client/ssh/client.py salt/cloud/clouds/vsphere.py salt/modules/boto_dynamodb.py salt/modules/boto_route53.py salt/modules/data.py salt/modules/http.py salt/modules/tls.py salt/output/compact.py salt/states/boto_elb.py salt/states/linux_acl.py salt/states/rabbitmq_user.py salt/states/win_servermanager.py salt/utils/dictupdate.py salt/wheel/config.py
132 lines
4.3 KiB
ReStructuredText
132 lines
4.3 KiB
ReStructuredText
===========================
|
|
Spinning up Windows Minions
|
|
===========================
|
|
|
|
It is possible to use Salt Cloud to spin up Windows instances, and then install
|
|
Salt on them. This functionality is available on all cloud providers that are
|
|
supported by Salt Cloud. However, it may not necessarily be available on all
|
|
Windows images.
|
|
|
|
Requirements
|
|
============
|
|
Salt Cloud makes use of `impacket` and `winexe` to set up the Windows Salt
|
|
Minion installer.
|
|
|
|
`impacket` is usually available as either the `impacket` or the
|
|
`python-impacket` package, depending on the distribution. More information on
|
|
`impacket` can be found at the project home:
|
|
|
|
* `impacket project home`__
|
|
|
|
.. __: https://code.google.com/p/impacket/
|
|
|
|
`winexe` is less commonly available in distribution-specific repositories.
|
|
However, it is currently being built for various distributions in 3rd party
|
|
channels:
|
|
|
|
* `RPMs at pbone.net`__
|
|
|
|
.. __: http://rpm.pbone.net/index.php3?stat=3&search=winexe
|
|
|
|
* `OpenSuse Build Service`__
|
|
|
|
.. __: http://software.opensuse.org/package/winexe
|
|
|
|
Optionally WinRM can be used instead of `winexe` if the python module `pywinrm`
|
|
is available and WinRM is supported on the target Windows version. Information
|
|
on pywinrm can be found at the project home:
|
|
|
|
* `pywinrm project home`__
|
|
|
|
.. __: https://github.com/diyan/pywinrm
|
|
|
|
Additionally, a copy of the Salt Minion Windows installer must be present on
|
|
the system on which Salt Cloud is running. This installer may be downloaded
|
|
from saltstack.com:
|
|
|
|
* `SaltStack Download Area`__
|
|
|
|
.. __: http://docs.saltstack.com/downloads/
|
|
|
|
|
|
Firewall Settings
|
|
=================
|
|
Because Salt Cloud makes use of `smbclient` and `winexe`, port 445 must be open
|
|
on the target image. This port is not generally open by default on a standard
|
|
Windows distribution, and care must be taken to use an image in which this port
|
|
is open, or the Windows firewall is disabled.
|
|
|
|
If supported by the cloud provider, a PowerShell script may be used to open up
|
|
this port automatically, using the cloud provider's `userdata`. The following
|
|
script would open up port 445, and apply the changes:
|
|
|
|
.. code-block:: powershell
|
|
|
|
<powershell>
|
|
New-NetFirewallRule -Name "SMB445" -DisplayName "SMB445" -Protocol TCP -LocalPort 445
|
|
Set-Item (dir wsman:\localhost\Listener\*\Port -Recurse).pspath 445 -Force
|
|
Restart-Service winrm
|
|
</powershell>
|
|
|
|
For EC2, this script may be saved as a file, and specified in the provider or
|
|
profile configuration as `userdata_file`. For instance:
|
|
|
|
.. code-block:: yaml
|
|
|
|
userdata_file: /etc/salt/windows-firewall.ps1
|
|
|
|
|
|
|
|
Configuration
|
|
=============
|
|
Configuration is set as usual, with some extra configuration settings. The
|
|
location of the Windows installer on the machine that Salt Cloud is running on
|
|
must be specified. This may be done in any of the regular configuration files
|
|
(main, providers, profiles, maps). For example:
|
|
|
|
Setting the installer in ``/etc/salt/cloud.providers``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
my-softlayer:
|
|
provider: softlayer
|
|
user: MYUSER1138
|
|
apikey: 'e3b68aa711e6deadc62d5b76355674beef7cc3116062ddbacafe5f7e465bfdc9'
|
|
minion:
|
|
master: saltmaster.example.com
|
|
win_installer: /root/Salt-Minion-2014.7.0-AMD64-Setup.exe
|
|
win_username: Administrator
|
|
win_password: letmein
|
|
smb_port: 445
|
|
|
|
The default Windows user is `Administrator`, and the default Windows password
|
|
is blank.
|
|
|
|
If WinRM is to be used ``use_winrm`` needs to be set to `True`.
|
|
|
|
|
|
Auto-Generated Passwords on EC2
|
|
===============================
|
|
On EC2, when the `win_password` is set to `auto`, Salt Cloud will query EC2 for
|
|
an auto-generated password. This password is expected to take at least 4 minutes
|
|
to generate, adding additional time to the deploy process.
|
|
|
|
When the EC2 API is queried for the auto-generated password, it will be returned
|
|
in a message encrypted with the specified `keyname`. This requires that the
|
|
appropriate `private_key` file is also specified. Such a profile configuration
|
|
might look like:
|
|
|
|
.. code-block:: yaml
|
|
|
|
windows-server-2012:
|
|
provider: my-ec2-config
|
|
image: ami-c49c0dac
|
|
size: m1.small
|
|
securitygroup: windows
|
|
keyname: mykey
|
|
private_key: /root/mykey.pem
|
|
userdata_file: /etc/salt/windows-firewall.ps1
|
|
win_installer: /root/Salt-Minion-2014.7.0-AMD64-Setup.exe
|
|
win_username: Administrator
|
|
win_password: auto
|