@JaredBusch

Hi

Play with this :

https://docs.saltstack.com/en/latest/ref/states/all/salt.states.win_lgpo.html

If you have windows minions and set it to run every 30/60/90 mins, and BAM you have AD without MS BS

While you can use salt grains to target OSes, I like to diffrentiate them with good naming system:

WIN.001
LIN.001
SRV.001

You might ask how to differentiate between windows SRV and Linux SRV, well frankly my dear i dont give damn, and i dont run Windows servers.

Dont' use bullet/number lists in instructions and guides like this. it makes it annoying for those that want to copy and paste.

This guide is assuming that you are running as root. If not prepend everything here with sudo.

Install the salt-master package dnf install salt-master Open the required ports in the firewall firewall-cmd --add-port=4505-4506/tcp --permanent firewall-cmd --reload Enable the salt-master service to start on boow, and also start it now. systemctl enable --now salt-master.service

@shortstack said in Saltstack and Brew Casks:

@DustinB3403 i am also wondering what the workaround for this issue is, re: salt minion executing brew installs. did you ever figure out a clean way to get brew working, maybe runas a different user?

I haven't had the chance to get back into this, other more pressing issues so I just went on with my day.

Sorry

@DustinB3403 said in Fedora Salt Master - New installation:

@scottalanmiller said in Fedora Salt Master - New installation:

@DustinB3403 said in Fedora Salt Master - New installation:

And really, all I'm looking for is a convenient way setup my user workstations, and update them without the Apple overhead, including with brew commands.

This is my ML How Tos are better 🙂

I looked but didn't find one that was current.

Yeah, not sure that there is one. On Fedora 28 it was broken. On Fedora 30 I think it is just "dnf install salt-master -y" and you are done. So nothing to write up.

I think we are running Salt on Ubuntu now because of the breakage issues on Fedora.

@flaxking said in GitLab install on CentOS using Salt:

The Azure CentOS image I used for testing didn't have firewalld enabled by default

Well a, very, old version of CentOS minimal had that issue natively. Maybe that is what Azure built on.

I should give Ansible a go one of these days, because whenever I research it, it seems to fall short of Salt, but it would be nice to really have concrete experience of how it falls short.

My current thinking is that if there's a windows feature that Ansible that Salt doesn't, I could probably just grab the powershell script + any dependent scripts and create Salt state/module wrappers around it.

Alternatively, Salt can run Ansible playbooks on minions, but the wrapper approach is more minimalist (don't have to install Ansible on each minion) and keeps secret security simpler.

Weird.. I didn't have to do anything with SELinux to get it working:

https://timothygruber.com/linux/saltstack-installation-configuration/#Installing_the_Salt-Master

@black3dynamite said in VyOS native Salt Minion:

@scottalanmiller said in VyOS native Salt Minion:

That's great. I'd not played with that yet.

I wonder when they will get one (or this one) running on EdgeOS. Now that would be awesome.

Is EdgeOS a Debian-based Linux system like VyOS?

EdgeOS is a Vyatta fork, just like VyOS. They are extremely close. To the point that people constantly confuse them.

@obsolesce said in Salt-Master Errors Fedora 28:

@scottalanmiller said in Salt-Master Errors Fedora 28:

Or closer to working, at least.

Something still wrong with it? F28-only?

Yeah, it runs better now, but still throws errors later.

@scottalanmiller Which I agree to, which is what we have done.

@scottalanmiller said in Errors Installing SaltStack on NetBSD 7.1.1:

Got it, it was a packaging versioning issue. I had accidentally set the verison to 8.0 when it was 7.1.1. I got a clean install and set the package version correctly and now it works fine.

If you want to know how to set the version accurately automatically, try this that I just made...

export PKG_PATH="http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/`uname -m`/`uname -r`/All/"

That's exactly what I was thinking but didn't say anything. I wanted to see what you'd do.

@flaxking said in Salt grain to retrieve users present on minion (Windows):

@scottalanmiller said in Salt grain to retrieve users present on minion (Windows):

@flaxking said in Salt grain to retrieve users present on minion (Windows):

@scottalanmiller said in Salt grain to retrieve users present on minion (Windows):

Salt seems like the obvious tool for desktop administration to me!

And the thing is that automating desktop configuration has been the norm for longer than automating server configuration (at least in the Windows word), just with crappier tools.

Yeah, very weird that people don't see this. @QuixoticJeremy actually presented on using tools like Salt to manage desktops at MangoCon 2017 a few months ago.

No MangoCon 2017 videos up yet?

No, waiting on @Minion-Queen

@quixoticjeremy said in Salt Question:

@stacksofplates Likely no, our checkins are done via our own scheduling. Would not think that altering that would effect us.

Ah ok. Sounds good.

@emad-r One of the main points of using configuration management tools is that when using them properly you create idempotent operations (getting the same result no matter the number of times the operation is executed).

Instead of using cmd.run to execute the install, you could as others have mentioned the chocolatey module, or if you don't want to install chocolatey on your computers you could use the win_pkg which requries a repo created on the salt-master. Both of those modules are idempotent, so once you reach the desired state no matter how many times you run them they will not make any more changes.

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_pkg.html
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html

The software available in the official windows git repo.
https://github.com/saltstack/salt-winrepo-ng

Creating a windows software repository:
On your salt master run

salt-run winrepo.update_git_repos

Sync the repo on your Windows minions

salt -G 'os:windows' pkg.refresh_db

Now you can use the pkg module in your states, or adhoc commands.

//Example adhoc command (remote execution) salt -G 'os:Windows' pkg.install salt-minion

That last command will always install the latest version of the salt-minion you could add the version parameter to specify the one you require.

Last commit on this package was from before the OP. Seems like this died on the vine, sadly.

My Favorite Ultra-VNC setup:

Not all issues can fixed from command line alas, thus this recipe:

uvnc: file.recurse: - source: salt://uvnc - name: 'c:\salt\uvnc' - makedirs: True cmd.run: - name: 'c:\salt\uvnc\state.cmd' module.run: - name: firewall.disable

remeber to re-enable the firewall of the client when finished. (salt "client" firewall.enable)
you will need to create uvnc folder (get it from UltraVNC portable builds) folder in your Salt master, in /srv/salt

in it :

winvnc.exe

UltraVNC.ini

state.cmd

SecureVNCPlugin32.dsm (Optional Encryption plugin)

Server_ClientAuth.pubkey (Optional Encryption server SSL handshake check)

And in the state.cmd put the following:

taskkill /f /im winvnc.exe sc stop uvnc_service sc delete uvnc_service "c:\salt\uvnc\winvnc.exe" -install "c:\salt\uvnc\winvnc.exe" -startservice sc config uvnc_service start= demand ipconfig | findstr /i "ipv4"

And whenever you want to connect to client, run this in salt master:
salt '172' state.apply uvnc

And you will see the IP of the client, you will need to match the IP and if you made any custom setting like port number/encryption plugin with vnc viewer and connect to client.