The goal of this use case is to programmatically install the Salt minion service on a minon by connecting a Windows VM to your SaltStack Config environment.

Prerequisites

Before you can deploy a minion using the API in a Windows environment you must:
  • Have a SaltStack Config evironment with RaaS deployed.
  • Have a Salt master and Salt minion installed.
  • Have a Windows VM deployed.

Procedure

  1. Verify that the folder etc/salt/cloud.deploy.d on the Salt master contains these files.
    Note: The xxxx in the file name, for example salt-xxxx-readhat-8-x86_64-amd64.tar.gz, should match the version of the Salt master. To verify the version of the Salt master, run the salt-master -V command on the Salt master.
  2. Install libraries by running the pip3 install pypsexec smbprotocol and pip3 install impacket --ignore-installed commands.
  3. Enter the salt saltmaster grains.get fqdn command to idenfity the FQDN of the Salt master.
  4. Verify that the C: \Windows\System32\drivers\etc\hosts file in your windows machine is configured with the Salt master's IP and host name/FQDN.
  5. Open PowerShell and run these commands to open the required ports:
    Port Commands
    445 New-NetFirewallRule -Name "SMB445" - DisplayName "SMB445" -Protocol TCP - LocalPort 445

    Set-Item (dir wsman:\localhost\Listener*\Port - Recurse).pspath 445 -Force

    Restart-Service winrm
    4505-4506 netsh advfirewall firewall add rule name="Salt" dir=in action=allow protocol=TCP localport=4505-4506
  6. Ensure the FQDN is configured for the Salt master by running the ping [FQDN] command.
  7. Enter this API call with the correct credentials for your environment:
    from sseapiclient import APIClient
    
    client = APIClient('https://<master-ip>', '<ssc-username>', '<sscpassword>', ssl_validate_cert=False)
    
    
    client.api.minions.deploy_minion(
    
     master_id = '<master-id>',
    
     host_name_ip = '<prospective minion’s ip>',
    
     os = ‘<prospective minion’s os>’,
    
     minion_id = '<desired-minion-name-for-prospective-minion>',
    
     username = '<ssh-username-for-prospective-minion>', 
    
     password = '<ssh-password-for-prospective-minion>',
    
    )
    The deploy.minion function begins running in your SSC environment. You can verify this in the Activity tab of the SSC user interface or by running the python3 command followed by client.api.minions.get_minio_deployments().

Results

The minion was successfully deployed and configured from your Windows environment and API call.

What to do next

Verify the minion was deployed successfully by running a test.ping command against the minion using the Run Command window or by running the \* test.ping and \* test.versions commands in the Salt master command window.