Wednesday, October 21, 2015

Saltstack Setup for Nutanix on Acropolis

In the spirit of my recent posts around config management and orchestration tools, I’ve also seen several customers using Saltstack and want to show how it is very straightforward to set up and use with Nutanix and the Acropolis Hypervisor (AHV). Saltstack is a powerful tool to help deploy 'states' or idempotent (repeatably identical) sets of expected configuration criteria to your VMs. Also, internally, Acropolis uses Saltstack for our own security and config management. You can find help for creating a master image from my post here: With your baseline gold image, let’s first install our Salt-master server:
  1. Create a clone from your gold image and set themaster hostname and a static IP address. I’ll be using Ubuntu 14.04 but for other OS images, please use the relevant package manager.
  2. Make sure to register the salt master in DNS so that all of the worker nodes will be able to resolve it correctly. By default, the master expects to use the name ‘salt’ but this can be customized.
  3. Add the salt repo: add-apt-repository ppa:saltstack/salt
  4. Install the salt-master package: apt-get install salt-master –y
  5. Ensure you have the current hostname and salt-master key ready to insert in your /etc/salt/minion file by running this command on the master and copying the output: salt-key –F master
Now we can prep a new worker template with the salt-minion pre-installed:
  1. Create a clone from your gold image, I’ll be using Ubuntu again but for other OS images, please use the relevant package manager.
  2. Add the salt repo: add-apt-repository ppa:saltstack/salt
  3. Install the salt-minion package: apt-get install salt-minion –y
  4. Depending on whether you customized the salt-master hostname, either uncomment or replace the salt master hostname and IP which is in the /etc/salt/minion config file as:
  5. Add the salt-master key to the /etc/salt/minion config file:
  6. With the salt-minion pre-installed, make sure to remove the /etc/salt/minion_id and any other minion identification files: rm /etc/salt/minion_id  rm /etc/salt/minion.*
  7. Shutdown the salt-minion template.
Now after cloning (recommendations here) the VMs will power-on, grab their hostname from DNS/DHCP, and create a new minion-id that will register with the salt master. You can accept the new salt-minions en masse from the salt-master with: salt-key –A –y, then they will be ready to apply formulas. Other options for boostrapping minions include preseeding the keys on the master:
Also you have the option of disabling the authentication step, with the necessary "only do this if you know what you're doing" caveats, by editing the /etc/salt/master:
Finally, you also have the option of just using SSH via the salt-ssh package for an agentless (Ansible-like?) deployment: For this to work, you will need to enable passwordless-SSH and I described preparing for that here.

For next steps, you could use Salt to deploy some sample workloads like vim or nginx:


And you can find more example formulas on github to work with and modify to suit your intended environment:

If you want a quick ELK stack deployment on a single host:

  1. Clone the example on the salt-master server: git clone
  2. Move the state files to the salt repo directory: mv elasticsearch-logstash-kibana/kibana /srv/salt/
  3. Apply to one of your guest VMs: salt vm_name state.sls kibana


  1. This comment has been removed by the author.

  2. Hi Andrew, great post!
    I just go started with saltstack and I was wondering if there is a way to create/start/clone a Nutanix VM using salt.

    1. Hi! Right now Salt isn't creating the VM's, the creation/cloning is just done either through Prism (UI), Acropolis (API) or via the acli (command-line).