One of the primary reasons you might want to use SaltStack Config is to improve your system’s configuration management. You can use jobs in SaltStack Config to simplify and automate common tasks and procedures that you or your team performs on a regular basis. Using jobs for configuration management reduces the time your team spends manually installing, configuring, monitoring, and maintaining the nodes in your system. It also ensures that your system is always in a consistent desired state.
Creating and running jobs is a multi-step process that requires using a few different tools and workspaces in SaltStack Config. The following diagram provides an overview of the overall job workflow:
Each step is described in the following sections:
Before you can begin running jobs, you need to create and define targets. A target is the group of minions, across one or many Salt controllers, that a job’s Salt command applies to. A Salt controller can also be managed like a minion and can be a target if it is running the minion service. In other words, a target determines which node(s) the job will run on. You can create targets using a simple list of minions or you can create more complex targets based on the basic properties of your minions, such as their operating system or server type.
You’ll create targets using the Minions workspace. See Minions for more information.
To run a job, you must first create it. Jobs are used to run remote execution tasks, apply states, and start Salt runners. In other words, the job determines which tasks, processes, or state files should be applied to the targeted node(s).
While you could just run commands against your minions any time you need to do a specific task, it’s better to create a job to record the exact processes or states that need to be applied to your minions. Jobs ensure you apply procedures consistently and save those procedures for future reuse.
When you create a job, you can leave the target undefined so that it can be applied when the job is run later.
You’ll create jobs using the Jobs workspace. See Jobs for more information.
To maintain your system’s security, your team should only have access to the specific nodes or jobs that they are authorized to access. This approach is generally referred to as role-based access control (RBAC). RBAC means that access should be limited to resources based on the individual’s role on your team. Team members should only be given access to the resources that they need in order to fulfill their work responsibilities.
You can define roles and permissions natively in SaltStack Config or you can map access to targets and jobs to your organization’s RBAC system, such as LDAP-based systems like Active Directory or SAML-based systems like Google.
For more information, see:
Before you can run jobs, you need to define the job’s:
- Function (the command that needs to be run or state that needs to be applied)
- Permissions (who can run the job against the target)
Once you’ve defined these settings, you can run jobs on a regular schedule or you could run them only as needed. Typically, jobs that run only when needed are referred to as ad-hoc jobs.
Create a schedule
You can schedule jobs to run at a specific time (such as a scheduled maintenance window) or at regularly repeated intervals.
You’ll create schedules using the Schedules workspace. See Schedules for more information.
Run ad-hoc jobs
You can run ad-hoc jobs using either the Minions workspace or the Jobs workspace.
For more information, see:
Review job status and output
While the job is running or after it has completed, you can review the job’s status and detailed output using the Activity workspace. See Activity for more information.