Salt Bundle

Table of Contents

1. What is Salt Bundle?
2. Client Registration with Salt Bundle as a Minion
- 2.1. Using the Salt Bundle with the Salt Minion
- 2.2. Switching from Salt Minion to Salt Bundle
3. SSH Push with the Salt Bundle
4. Extend Salt Bundle with Python packages using pip

1. What is Salt Bundle?

The Salt Bundle is a single binary package containing Salt Minion, Python 3, required Python modules, and libraries.

The Salt Bundle is shipped with Python 3 and all the requirements for Salt to run. Thus Salt Bundle does not use the Python version install on the client as system software. The Salt Bundle can be installed on clients that do not meet the requirements for a given Salt version.

It is also possible to use the Salt Bundle on systems that run a Salt Minion connected to a Salt Master other than the SUSE Manager Salt Master.

2. Client Registration with Salt Bundle as a Minion

The registration method with the Salt Bundle is the recommended registration method. This section explains the advantages and limitations of the current implementation. The Salt Bundle is provided as the venv-salt-minion that consists of Salt, Python 3, and the Python modules Salt depends on. Bootstrapping with Web UI is using Salt Bundle as well, so bootstrapping with Web UI is not Python dependant. Using the Salt Bundle, it is no longer needed that the client provides any Python interpreter or modules.

If you bootstrap new clients, registration with the Salt Bundle is the default method. You can switch existing clients to the Salt Bundle method. If you switch, the salt-minion package and its dependencies will stay installed.

2.1. Using the Salt Bundle with the Salt Minion

The Salt Bundle can be used with the Salt Minion managed by the Salt Master other than SUSE Manager Server at the same time. If the Salt Bundle is installed on a client SUSE Manager Server will manage the configuration files of the Salt Bundle, the configuration files of salt-minion will not be managed in this case. For more information, see Salt Bundle configuration.

To bootstrap a client with the Salt Minion managed by the Salt Master other than SUSE Manager Server it is recommended to use mgr-bootstrap --force-bundle when generating the bootstrap script, or to set FORCE_VENV_SALT_MINION to 1 in the bootstrap script.
For bootstrapping with Web UI mgr_force_venv_salt_minion set to true pillar can be specified globally. For more information, see Salt States and Pillars.

2.2. Switching from Salt Minion to Salt Bundle

The Salt state util.mgr_switch_to_venv_minion is available to switch from salt-minion to venv-salt-minion. It is recommended to switch to venv-salt-minion in two steps to avoid trouble with shifting processes:

Procedure: Switching with util.mgr_switch_to_venv_minion state to venv-salt-minion

Apply util.mgr_switch_to_venv_minion with no pillar specified first. This will result in the switch to venv-salt-minion with copying configuration files etc. It will not clean up the original salt-minion configurations and its packages.
```
salt <minion_id> state.apply util.mgr_switch_to_venv_minion
```
Apply util.mgr_switch_to_venv_minion with mgr_purge_non_venv_salt set to True to remove salt-minion and with mgr_purge_non_venv_salt_files set to True to remove all the files related to salt-minion. This second step ensures the first step was processed, and then removes the old configuration files and the now obsolete salt-minion package.
```
salt <minion_id> state.apply util.mgr_switch_to_venv_minion pillar='{"mgr_purge_non_venv_salt_files": True, "mgr_purge_non_venv_salt": True}'
```

In case of running the second step of switching with skipping the first step, state apply process could fail as it requires stopping the salt-minion which is used to execute the command on the client side.

On the other hand, it is also possible to avoid installing the Salt Bundle and keep using salt-minion instead. In this case, specify one of these options:

Execute mgr-bootstrap with --no-bundle option.
Set AVOID_VENV_SALT_MINION to 1 in the generated bootstrap script.
For bootstrap state set the mgr_avoid_venv_salt_minion pillar to True.

3. SSH Push with the Salt Bundle

The Salt Bundle is also used when performing SSH Push actions to clients.

A shell script deploys the Salt Bundle onto the target system without installing venv-salt-minion before any Salt command is executed. Because the Salt Bundle contains the whole Salt code base, no salt-thin is deployed. SSH Push (including bootstrapping using the Web UI) uses the Python 3 interpreter within the bundle. The target system does not need to have any other Python interpreter installed.

The Python 3 deployed with the Bundle is used to handle SSH Push session on the client, so SSH Push (including bootstrapping with Web UI) is not dependant on Python installed on the system.

Using salt-thin can be enabled as a fallback method, but it requires Python 3 to be installed on the client. This method is not recommended nor supported and exists for development purposes only. Set web.ssh_use_salt_thin to true in the /etc/rhn/rhn.conf configuration file.

The bootstrap repository must be created before bootstrapping the client with Web UI. SSH Push is using the Salt Bundle taken from the bootstrap repository based on the detected target operating system. For more information, see client-configuration:bootstrap-repository.adoc#_prepare_to_create_a_bootstrap_repository.
SSH Push is using /var/tmp to deploy Salt Bundle to and execute Salt commands on the client with the bundled Python. Therefore you must not mount /var/tmp with the noexec option. It is not possible to bootstrap the clients, which have /var/tmp mounted with noexec option, with the Web UI because the bootstrap process is using SSH Push to reach a client.

4. Extend Salt Bundle with Python packages using pip

The Salt Bundle includes pip to make it possible to extend the functionality of the bundled Salt Minion with extra Python packages.

By default, salt <minion_id> pip.install <package-name> installs the Python package specified by <package_name> into /var/lib/venv-salt-minion/local.

If needed, the path /var/lib/venv-salt-minion/local can be overridden by setting the VENV_PIP_TARGET environment variable for the venv-salt-minion.service. It is recommended to use a systemd drop-in configuration file for the service. It could be done with the configuration file /etc/systemd/system/venv-salt-minion.service.d/10-pip-destination.conf:

[Service]
Environment=VENV_PIP_TARGET=/new/path/local/venv-salt-minion/pip

The Python packages installed through pip are not changing on updating the Salt Bundle. To ensure that such packages are available and functional after an update, it is recommended to install them with a Salt state that is applied after Salt Bundle updates.