Salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.
Salt is a core component of Security Onion as it manages all processes on all nodes. In a distributed deployment, the manager node controls all other nodes via salt. These non-manager nodes are referred to as salt minions.
You can use salt’s
test.ping to verify that all your nodes are up:
sudo salt \* test.ping
Similarly, you can use salt’s
cmd.run to execute a command on all your nodes at once. For example, to check disk space on all nodes:
sudo salt \* cmd.run 'df'
If you want to force a node to do a full update of all salt states, you can run
so-checkin. This will execute
salt-call state.highstate -l info which outputs to the terminal with the log level set to
info so that you can see exactly what’s happening:
Many of the options that are configurable in Security Onion are done by going to Administration and then Configuration.
Salt Minion Startup Options¶
Currently, the salt-minion service startup is delayed by 30 seconds. This was implemented to avoid some issues that we have seen regarding Salt states that used the ip_interfaces grain to grab the management interface IP.
Diagnostic logs can be found in
You may see the following error in the salt-master log located at
[ERROR ] Event iteration failed with exception: 'list' object has no attribute 'items'
The root cause of this error is a state trying to run on a minion when another state is already running. This error now occurs in the log due to a change in the exception handling within Salt’s event module. Previously, in the case of an exception, the code would just pass. However, the exception is now logged. The error can be ignored as it is not an indication of any issue with the minions.