SaltStack execution question

Emad R

Hi,

Maybe this is not much related to SS more related to programming and my low skills in it.

Imagine I want to create SS state where I want to upgrade salt-minion on users, and I want to schedule to run every 1 h, so I can ensure at the end of the day I grab as many clients as I can.

I can do this easily, but I want to add a new

minion_update:
file.recurse:
- source: salt://minion_update
- name: 'c:\salt\minion_update'
- makedirs: True
cmd.run:
- name: 'c:\salt\minion_update\state.cmd'

And in the cmd file I would have:
"C:\salt\minion_update\Salt-Minion-2016.11.6-AMD64-Setup.exe" /S
sc start salt-minion

My question how can I add another parameter, to make it have the logic of IF the client is already up-to-date, skip updating? is there something like that with salt ? or I should use cmd file for this ?

Thanks

Emad R

@scottalanmiller said in SaltStack execution question:

@emad-r said in SaltStack execution question:

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

Of course. Does any package mnagement system make that mistake? Package Management 101 there. Chocolatey works just like YUM or APT.

Tmam, thanks will look into this.

scottalanmiller

Why do you want to update it so often? Any why not do this with Chocolatey which is already built to do this for you?

Emad R

@scottalanmiller said in SaltStack execution question:

Why do you want to update it so often? Any why not do this with Chocolatey which is already built to do this for you?

To be honest there is alot of ways to do the installation, but what I really want is to not bother and perform the install if the user is already up-to-date. Regarding updating so often, it is cause our office setup can be like this=

total = 100 for example
today = 40 people in, and rest out, tomorrow another variant. and so on.

Eventually I can catch them all, but it would be more efficient to not redo the installation on clients that are already up-to-date.

scottalanmiller

@emad-r said in SaltStack execution question:

Eventually I can catch them all, but it would be more efficient to not redo the installation on clients that are already up-to-date.

That's where Chocolatey comes in. I would make a standard job that checks this on log in or something like that so that it catches everyone, every time but doesn't use constant network resources for hourly verification. Updates are like twice a year, it's not a common thing. And you can audit that centrally with Salt.

I think checking every hour to see if a six month update has happened, hitting the network and waiting for a response, is going to be quite a bit less than ideal.

Dashrender

Hey can use Salt to run the Chocolately update, right?

Emad R

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

gjacobse

@emad-r said in SaltStack execution question:

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

Yes,.. It will only update what is needed / installed.

Dashrender

@gjacobse said in SaltStack execution question:

@emad-r said in SaltStack execution question:

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

Yes,.. It will only update what is needed / installed.

yup, what he said.

gjacobse

Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>choco upgrade all -y
Chocolatey v0.10.7
[Pending] Removing incomplete install for 'ccleaner'
Upgrading the following packages:
all
By upgrading you accept licenses for the packages.
7zip v16.4.0.20170506 is the latest version available based on your source(s).
7zip.install v16.4.0.20170506 is the latest version available based on your source(s).
calibre v3.6.0 is the latest version available based on your source(s).
chocolatey v0.10.7 is the latest version available based on your source(s).
chocolatey-core.extension v1.3.1 is the latest version available based on your source(s).

You have chromium v58.0.2990.0 installed. Version 62.0.3195.0 is available based on your source(s).
Progress: Downloading chromium 62.0.3195.0... 100%

chromium v62.0.3195.0 [Approved]
chromium package files upgrade completed. Performing other installation steps.
Downloading chromium 64 bit
  from 'https://storage.googleapis.com/chromium-browser-snapshots/Win_x64/496584/mini_installer.exe'
Progress: 100% - Completed download of C:\Users\NTG-Gene\AppData\Local\Temp\chocolatey\chromium\62.0.3195.0\mini_installer.exe (43.14 MB).
Download of mini_installer.exe (43.14 MB) completed.
Hashes match.
Installing chromium...
chromium has been installed.
  chromium may be able to be automatically uninstalled.
 The upgrade of chromium was successful.
  Software installed to 'C:\Program Files (x86)\Chromium\Application'

You have Firefox v54.0.1 installed. Version 55.0.2 is available based on your source(s).
Progress: Downloading Firefox 55.0.2... 100%

Firefox v55.0.2 [Approved]
firefox package files upgrade completed. Performing other installation steps.
Firefox is already installed. No need to download an re-install again.
 The upgrade of firefox was successful.
  Software install location not explicitly set, could be in package or
  default install location if installer.

You have GoogleChrome v60.0.3112.90 installed. Version 60.0.3112.101 is available based on your source(s).
Progress: Downloading GoogleChrome 60.0.3112.101... 100%

GoogleChrome v60.0.3112.101 [Approved]
googlechrome package files upgrade completed. Performing other installation steps.
Google Chrome 60.0.3112.101 is already installed.
 The upgrade of googlechrome was successful.
  Software install location not explicitly set, could be in package or
  default install location if installer.
greenshot v1.2.9.129 is the latest version available based on your source(s).
keepass v2.36 is the latest version available based on your source(s).
keepass-classic v1.33 is the latest version available based on your source(s).
keepass.install v2.36 is the latest version available based on your source(s).
PDFCreator v2.5.3 is the latest version available based on your source(s).
putty v0.70 is the latest version available based on your source(s).
putty.portable v0.70 is the latest version available based on your source(s).

You have saltminion v2017.7.0 installed. Version 2017.7.1 is available based on your source(s).
Progress: Downloading saltminion 2017.7.1... 100%

saltminion v2017.7.1 [Approved]
saltminion package files upgrade completed. Performing other installation steps.

Downloading saltminion 64 bit
  from 'https://repo.saltstack.com/windows/Salt-Minion-2017.7.1-Py2-AMD64-Setup.exe'
Progress: 100% - Completed download of C:\Users\NTG-Gene\AppData\Local\Temp\chocolatey\saltminion\2017.7.1\Salt-Minion-2017.7.1-Py2-AMD64-Setup.exe (35.81 MB).
Download of Salt-Minion-2017.7.1-Py2-AMD64-Setup.exe (35.81 MB) completed.
Hashes match.
Installing saltminion...
saltminion has been installed.
  saltminion may be able to be automatically uninstalled.
 The upgrade of saltminion was successful.
  Software installed as 'exe', install location is likely default.
skype v7.37.0.103 is the latest version available based on your source(s).

You have teamviewer v12.0.81460 installed. Version 12.0.82216 is available based on your source(s).
Progress: Downloading teamviewer 12.0.82216... 100%

teamviewer v12.0.82216 [Approved]
teamviewer package files upgrade completed. Performing other installation steps.
Downloading teamviewer 64 bit
  from 'https://download.teamviewer.com/download/version_12x/TeamViewer_Setup.exe'
Progress: 100% - Completed download of C:\Users\NTG-Gene\AppData\Local\Temp\chocolatey\teamviewer\12.0.82216\TeamViewer_Setup.exe (15.03 MB).
Download of TeamViewer_Setup.exe (15.03 MB) completed.
Hashes match.
Installing teamviewer...
teamviewer has been installed.
  teamviewer may be able to be automatically uninstalled.
 The upgrade of teamviewer was successful.
  Software installed to 'C:\Program Files (x86)\TeamViewer'
tightvnc v2.8.8 is the latest version available based on your source(s).
vcredist2008 v9.0.30729.6161 is the latest version available based on your source(s).
virtualbox v5.1.26 is the latest version available based on your source(s).
x2go v4.1.0.0 is the latest version available based on your source(s).

Chocolatey upgraded 5/22 packages.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Upgraded:
 - teamviewer v12.0.82216
 - googlechrome v60.0.3112.101
 - chromium v62.0.3195.0
 - saltminion v2017.7.1
 - firefox v55.0.2

scottalanmiller

@emad-r said in SaltStack execution question:

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

Of course. Does any package mnagement system make that mistake? Package Management 101 there. Chocolatey works just like YUM or APT.

Emad R

@scottalanmiller said in SaltStack execution question:

@emad-r said in SaltStack execution question:

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

Of course. Does any package mnagement system make that mistake? Package Management 101 there. Chocolatey works just like YUM or APT.

Tmam, thanks will look into this.

JaredBusch

@scottalanmiller said in SaltStack execution question:

@emad-r said in SaltStack execution question:

@dashrender

Hmm, and is choco update smart enough to not update already updated machines ?

Of course. Does any package mnagement system make that mistake? Package Management 101 there. Chocolatey works just like YUM or APT.

Yeah, I use a powershell script executed on a schedule by Atera to update chocolately daily on all client systems.

Romo

@emad-r One of the main points of using configuration management tools is that when using them properly you create idempotent operations (getting the same result no matter the number of times the operation is executed).

Instead of using cmd.run to execute the install, you could as others have mentioned the chocolatey module, or if you don't want to install chocolatey on your computers you could use the win_pkg which requries a repo created on the salt-master. Both of those modules are idempotent, so once you reach the desired state no matter how many times you run them they will not make any more changes.

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_pkg.html
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html

The software available in the official windows git repo.
https://github.com/saltstack/salt-winrepo-ng

Creating a windows software repository:
On your salt master run

salt-run winrepo.update_git_repos

Sync the repo on your Windows minions

salt -G 'os:windows' pkg.refresh_db

Now you can use the pkg module in your states, or adhoc commands.

//Example adhoc command (remote execution)
salt -G 'os:Windows' pkg.install salt-minion

That last command will always install the latest version of the salt-minion you could add the version parameter to specify the one you require.

Solved SaltStack execution question