Installing Windows Agents with SaltStack Config

Over the last week, I have been deep diving into SaltStack Config. So today, I had a use case come up around how to automate the installation of a Windows agent with SaltStack Config.

Note: Although in this example, I chose to install the Wavefront agent for integrating with VMware Tanzu Observability, this example is generic enough to give you an understanding on how to execute commands for installing agents on SaltStack Config Minions.

To begin with, I had a look around at the official documentation around installing VMware Tanzu Observability for a Windows machine. https://docs.wavefront.com/windows.html

The connectivity into Wavefront requires two agents

  • Wavefront Proxy Agent
  • Telegraf Agent

You can install the Wavefront proxy & Telegraf agent on the same host or on separate hosts. In the example below I go through installing both on the same host.

The documentation for installing the proxy agent seemed clear, however what wasn’t clear, is how to install the Telegraf agent via the command line.

So after a few trial runs with SaltStack Config, I was able to create the following state file.

Let’s dig into what is happening within this sls file:

  1. First, we download both the Wavefront proxy agent & the Telegraf agent from the official repo. If the file is hosted on an HTTP or FTP server, the source_hash argument is also required in the arguments list. More info here.
  2. Next we install the Wavefront Proxy agent. I have one requisite in this command, which means, it has a dependency on the download_proxy command completing, before executing the install.
  3. Next we install the Telegraf agent. Again, I use requisites but this time it’s a list to make sure the download _telegraf _agent command is completed and that the install _wavefront _proxy command is completed.

    Note: Additionally, I have used a Pillar to pass in the API token required to connect to Wavefront. Pillars can be encrypted. To understand more about using Pillars to store sensitive data, I suggest looking at this link https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/

  4. I put the state in a sleep for 10 seconds. This is to make sure the install is fully completed within the guest OS, before modifying the underlying config files. However since ‘sleep’ isn’t a native command in cmd.exe. I have the ability to specify the shell I want to execute this command within (i.e. PowerShell).
  5. Update the Telegraf config file to point to my Wavefront proxy service (aka itself). This is done by using the file.append command. With this function, a single string of text or a list of strings may be appended to a file.

    More info here

  6. Lastly, we restart the Telegraf service. Again, I have another requisite, which is a watch. This means it will only restart the service if the configuration file has been modified from step 5. More info on Watch here

Since state files are written in YAML, it makes it really easy to understand what is happening at each stage. The first line in each block of code is a friendly user-defined name for what function is going to be executed. This makes self commenting much easier.

Note: It is still in YAML at the end of the day, so I wouldn’t be using special characters or make it too complex when defining the first line within a block of code. It might save troubleshooting down the track.

Once executing this state file on all my Windows Minions, it automatically connected to Wavefront and now I can monitor them from Day 0.

Salt makes everything better.