This tutorial builds on topics covered in part 1, part 2 and part 3. It is recommended that you begin there.
This part of the tutorial will show how to use salt's file_roots
to set up a workflow in which states can be "promoted" from dev, to QA, to
Salt's fileserver allows for more than one root directory per environment, like in the below example, which uses both a local directory and a secondary location shared to the salt master via NFS:
# In the master config file (/etc/salt/master)
- /srv/salt
- /mnt/salt-nfs/base
Salt's fileserver collapses the list of root directories into a single virtual
environment containing all files from each root. If the same file exists at the
same relative path in more than one root, then the top-most match "wins". For
example, if /srv/salt/foo.txt
and /mnt/salt-nfs/base/foo.txt
exist, then salt://foo.txt
will point to /srv/salt/foo.txt
When using multiple fileserver backends, the order in which they are listed
in the fileserver_backend
parameter also matters. If both
and git
backends contain a file with the same relative path,
and roots
appears before git
in the
list, then the file in roots
"win", and the file in gitfs will be ignored.
A more thorough explanation of how Salt's modular fileserver works can be found here. We recommend reading this.
Configure a multiple-environment setup like so:
- /srv/salt/prod
- /srv/salt/qa
- /srv/salt/prod
- /srv/salt/dev
- /srv/salt/qa
- /srv/salt/prod
Given the path inheritance described above, files within /srv/salt/prod
would be available in all environments. Files within /srv/salt/qa
would be
available in both qa
, and dev
. Finally, the files within
would only be available within the dev
Based on the order in which the roots are defined, new files/states can be
placed within /srv/salt/dev
, and pushed out to the dev hosts for testing.
Those files/states can then be moved to the same relative path within
, and they are now available only in the dev
and qa
environments, allowing them to be pushed to QA hosts and tested.
Finally, if moved to the same relative path within /srv/salt/prod
, the
files are now available in all three environments.
As an example, consider a simple website, installed to /var/www/foobarcom
Below is a top.sls that can be used to deploy the website:
- webserver.foobarcom
- webserver.foobarcom
- webserver.foobarcom
Using pillar, roles can be assigned to the hosts:
webserver_role: prod
webserver_role: qa
webserver_role: dev
And finally, the SLS to deploy the website:
{% if pillar.get('webserver_role', '') %}
- source: salt://webserver/src/foobarcom
- env: {{ pillar['webserver_role'] }}
- user: www
- group: www
- dir_mode: 755
- file_mode: 644
{% endif %}
Given the above SLS, the source for the website should initially be placed in
First, let's deploy to dev. Given the configuration in the top file, this can
be done using state.highstate
salt --pillar 'webserver_role:dev' state.highstate
However, in the event that it is not desirable to apply all states configured
in the top file (which could be likely in more complex setups), it is possible
to apply just the states for the foobarcom
website, using state.sls
salt --pillar 'webserver_role:dev' state.sls webserver.foobarcom
Once the site has been tested in dev, then the files can be moved from
, and deployed using the following:
salt --pillar 'webserver_role:qa' state.sls webserver.foobarcom
Finally, once the site has been tested in qa, then the files can be moved from
, and deployed using the following:
salt --pillar 'webserver_role:prod' state.sls webserver.foobarcom
Thanks to Salt's fileserver inheritance, even though the files have been moved
to within /srv/salt/prod
, they are still available from the same
URI in both the qa and dev environments.
The best way to continue learning about Salt States is to read through the reference documentation and to look through examples of existing state trees. Many pre-configured state trees can be found on GitHub in the saltstack-formulas collection of repositories.
If you have any questions, suggestions, or just want to chat with other people who are using Salt, we have a very active community and we'd love to hear from you.
In addition, by continuing to part 5, you can learn about the powerful orchestration of which Salt is capable.