1
0

windows.rst 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532
  1. .. _windows:
  2. =======
  3. Windows
  4. =======
  5. Salt has full support for running the Salt minion on Windows. You must connect
  6. Windows Salt minions to a Salt master on a supported operating system to
  7. control your Salt Minions.
  8. Many of the standard Salt modules have been ported to work on Windows and many
  9. of the Salt States currently work on Windows as well.
  10. .. _windows-installer:
  11. Installation from the Official SaltStack Repository
  12. ===================================================
  13. **Latest stable build from the selected branch**:
  14. |windownload|
  15. The output of ``md5sum <salt minion exe>`` should match the contents of the
  16. corresponding md5 file.
  17. `Earlier builds from supported branches <https://repo.saltstack.com/windows/>`__
  18. `Archived builds from unsupported branches <https://repo.saltstack.com/windows/archive/>`__
  19. .. note::
  20. The installation executable installs dependencies that the Salt minion
  21. requires.
  22. The 64bit installer has been tested on Windows 7 64bit and Windows Server
  23. 2008R2 64bit. The 32bit installer has been tested on Windows 2008 Server 32bit.
  24. Please file a bug report on our GitHub repo if issues for other platforms are
  25. found.
  26. There are installers available for Python 2 and Python 3.
  27. The installer will detect previous installations of Salt and ask if you would
  28. like to remove them. Clicking OK will remove the Salt binaries and related files
  29. but leave any existing config, cache, and PKI information.
  30. Salt Minion Installation
  31. ========================
  32. If the system is missing the appropriate version of the Visual C++
  33. Redistributable (vcredist) the user will be prompted to install it. Click ``OK``
  34. to install the vcredist. Click ``Cancel`` to abort the installation without
  35. making modifications to the system.
  36. If Salt is already installed on the system the user will be prompted to remove
  37. the previous installation. Click ``OK`` to uninstall Salt without removing the
  38. configuration, PKI information, or cached files. Click ``Cancel`` to abort the
  39. installation before making any modifications to the system.
  40. After the Welcome and the License Agreement, the installer asks for two bits of
  41. information to configure the minion; the master hostname and the minion name.
  42. The installer will update the minion config with these options.
  43. If the installer finds an existing minion config file, these fields will be
  44. populated with values from the existing config, but they will be grayed out.
  45. There will also be a checkbox to use the existing config. If you continue, the
  46. existing config will be used. If the checkbox is unchecked, default values are
  47. displayed and can be changed. If you continue, the existing config file in
  48. ``c:\salt\conf`` will be removed along with the ``c:\salt\conf\minion.d``
  49. directory. The values entered will be used with the default config.
  50. The final page allows you to start the minion service and optionally change its
  51. startup type. By default, the minion is set to ``Automatic``. You can change the
  52. minion start type to ``Automatic (Delayed Start)`` by checking the 'Delayed
  53. Start' checkbox.
  54. .. note::
  55. Highstates that require a reboot may fail after reboot because salt
  56. continues the highstate before Windows has finished the booting process.
  57. This can be fixed by changing the startup type to 'Automatic (Delayed
  58. Start)'. The drawback is that it may increase the time it takes for the
  59. 'salt-minion' service to actually start.
  60. The ``salt-minion`` service will appear in the Windows Service Manager and can
  61. be managed there or from the command line like any other Windows service.
  62. .. code-block:: bat
  63. sc start salt-minion
  64. net start salt-minion
  65. Installation Prerequisites
  66. --------------------------
  67. Most Salt functionality should work just fine right out of the box. A few Salt
  68. modules rely on PowerShell. The minimum version of PowerShell required for Salt
  69. is version 3. If you intend to work with DSC then Powershell version 5 is the
  70. minimum.
  71. .. _windows-installer-options:
  72. Silent Installer Options
  73. ========================
  74. The installer can be run silently by providing the ``/S`` option at the command
  75. line. The installer also accepts the following options for configuring the Salt
  76. Minion silently:
  77. ========================= =====================================================
  78. Option Description
  79. ========================= =====================================================
  80. ``/master=`` A string value to set the IP address or hostname of
  81. the master. Default value is 'salt'. You can pass a
  82. single master or a comma-separated list of masters.
  83. Setting the master will cause the installer to use
  84. the default config or a custom config if defined.
  85. ``/minion-name=`` A string value to set the minion name. Default value
  86. is 'hostname'. Setting the minion name causes the
  87. installer to use the default config or a custom
  88. config if defined.
  89. ``/start-minion=`` Either a 1 or 0. '1' will start the salt-minion
  90. service, '0' will not. Default is to start the
  91. service after installation.
  92. ``/start-minion-delayed`` Set the minion start type to
  93. ``Automatic (Delayed Start)``.
  94. ``/default-config`` Overwrite the existing config if present with the
  95. default config for salt. Default is to use the
  96. existing config if present. If ``/master`` and/or
  97. ``/minion-name`` is passed, those values will be used
  98. to update the new default config.
  99. ``/custom-config=`` A string value specifying the name of a custom config
  100. file in the same path as the installer or the full
  101. path to a custom config file. If ``/master`` and/or
  102. ``/minion-name`` is passed, those values will be used
  103. to update the new custom config.
  104. ``/S`` Runs the installation silently. Uses the above
  105. settings or the defaults.
  106. ``/?`` Displays command line help.
  107. ========================= =====================================================
  108. .. note::
  109. ``/start-service`` has been deprecated but will continue to function as
  110. expected for the time being.
  111. .. note::
  112. ``/default-config`` and ``/custom-config=`` will backup an existing config
  113. if found. A timestamp and a ``.bak`` extension will be added. That includes
  114. the ``minion`` file and the ``minion.d`` directory.
  115. Here are some examples of using the silent installer:
  116. .. code-block:: bat
  117. # Install the Salt Minion
  118. # Configure the minion and start the service
  119. Salt-Minion-2017.7.1-Py2-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=yourminionname
  120. .. code-block:: bat
  121. # Install the Salt Minion
  122. # Configure the minion but don't start the minion service
  123. Salt-Minion-2017.7.1-Py3-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=yourminionname /start-minion=0
  124. .. code-block:: bat
  125. # Install the Salt Minion
  126. # Configure the minion using a custom config and configuring multimaster
  127. Salt-Minion-2017.7.1-Py3-AMD64-Setup.exe /S /custom-config=windows_minion /master=prod_master1,prod_master2
  128. Running the Salt Minion on Windows as an Unprivileged User
  129. ==========================================================
  130. Notes:
  131. - These instructions were tested with Windows Server 2008 R2
  132. - They are generalizable to any version of Windows that supports a salt-minion
  133. Create the Unprivileged User that the Salt Minion will Run As
  134. -------------------------------------------------------------
  135. 1. Click ``Start`` > ``Control Panel`` > ``User Accounts``.
  136. 2. Click ``Add or remove user accounts``.
  137. 3. Click ``Create new account``.
  138. 4. Enter ``salt-user`` (or a name of your preference) in the ``New account name`` field.
  139. 5. Select the ``Standard user`` radio button.
  140. 6. Click the ``Create Account`` button.
  141. 7. Click on the newly created user account.
  142. 8. Click the ``Create a password`` link.
  143. 9. In the ``New password`` and ``Confirm new password`` fields, provide
  144. a password (e.g "SuperSecretMinionPassword4Me!").
  145. 10. In the ``Type a password hint`` field, provide appropriate text (e.g. "My Salt Password").
  146. 11. Click the ``Create password`` button.
  147. 12. Close the ``Change an Account`` window.
  148. Add the New User to the Access Control List for the Salt Folder
  149. ---------------------------------------------------------------
  150. 1. In a File Explorer window, browse to the path where Salt is installed (the default path is ``C:\Salt``).
  151. 2. Right-click on the ``Salt`` folder and select ``Properties``.
  152. 3. Click on the ``Security`` tab.
  153. 4. Click the ``Edit`` button.
  154. 5. Click the ``Add`` button.
  155. 6. Type the name of your designated Salt user and click the ``OK`` button.
  156. 7. Check the box to ``Allow`` the ``Modify`` permission.
  157. 8. Click the ``OK`` button.
  158. 9. Click the ``OK`` button to close the ``Salt Properties`` window.
  159. Update the Windows Service User for the ``salt-minion`` Service
  160. ---------------------------------------------------------------
  161. 1. Click ``Start`` > ``Administrative Tools`` > ``Services``.
  162. 2. In the Services list, right-click on ``salt-minion`` and select ``Properties``.
  163. 3. Click the ``Log On`` tab.
  164. 4. Click the ``This account`` radio button.
  165. 5. Provide the account credentials created in section A.
  166. 6. Click the ``OK`` button.
  167. 7. Click the ``OK`` button to the prompt confirming that the user ``has been
  168. granted the Log On As A Service right``.
  169. 8. Click the ``OK`` button to the prompt confirming that ``The new logon name
  170. will not take effect until you stop and restart the service``.
  171. 9. Right-Click on ``salt-minion`` and select ``Stop``.
  172. 10. Right-Click on ``salt-minion`` and select ``Start``.
  173. .. _building-developing-windows:
  174. Building and Developing on Windows
  175. ==================================
  176. This document will explain how to set up a development environment for Salt on
  177. Windows. The development environment allows you to work with the source code to
  178. customize or fix bugs. It will also allow you to build your own installation.
  179. There are several scripts to automate creating a Windows installer as well as
  180. setting up an environment that facilitates developing and troubleshooting Salt
  181. code. They are located in the ``pkg\windows`` directory in the Salt repo
  182. `(here) <https://github.com/saltstack/salt/tree/develop/pkg/windows>`_.
  183. Scripts:
  184. --------
  185. =================== ===========
  186. Script Description
  187. =================== ===========
  188. ``build_env_2.ps1`` A PowerShell script that sets up a Python 2 build
  189. environment
  190. ``build_env_3.ps1`` A PowerShell script that sets up a Python 3 build
  191. environment
  192. ``build_pkg.bat`` A batch file that builds a Windows installer based on the
  193. contents of the ``C:\Python27`` directory
  194. ``build.bat`` A batch file that fully automates the building of the
  195. Windows installer using the above two scripts
  196. =================== ===========
  197. .. note::
  198. The ``build.bat`` and ``build_pkg.bat`` scripts both accept a parameter to
  199. specify the version of Salt that will be displayed in the Windows installer.
  200. If no version is passed, the version will be determined using git.
  201. Both scripts also accept an additional parameter to specify the version of
  202. Python to use. The default is 2.
  203. Prerequisite Software
  204. ---------------------
  205. The only prerequisite is `Git for Windows <https://git-scm.com/download/win/>`_.
  206. .. _create-build-environment:
  207. Create a Build Environment
  208. --------------------------
  209. 1. Working Directory
  210. ^^^^^^^^^^^^^^^^^^^^
  211. Create a ``Salt-Dev`` directory on the root of ``C:``. This will be our working
  212. directory. Navigate to ``Salt-Dev`` and clone the
  213. `Salt <https://github.com/saltstack/salt/>`_ repo from GitHub.
  214. Open a command line and type:
  215. .. code-block:: bat
  216. cd \
  217. md Salt-Dev
  218. cd Salt-Dev
  219. git clone https://github.com/saltstack/salt
  220. Go into the ``salt`` directory and checkout the version of salt to work with
  221. (2016.3 or higher).
  222. .. code-block:: bat
  223. cd salt
  224. git checkout 2017.7.2
  225. 2. Setup the Python Environment
  226. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  227. Navigate to the ``pkg\windows`` directory and execute the **build_env.ps1**
  228. PowerShell script.
  229. .. code-block:: bat
  230. cd pkg\windows
  231. powershell -file build_env_2.ps1
  232. .. note::
  233. You can also do this from Explorer by navigating to the ``pkg\windows``
  234. directory, right clicking the **build_env_2.ps1** powershell script and
  235. selecting **Run with PowerShell**
  236. This will download and install Python 2 with all the dependencies needed to
  237. develop and build Salt.
  238. .. note::
  239. If you get an error or the script fails to run you may need to change the
  240. execution policy. Open a powershell window and type the following command:
  241. .. code-block:: powershell
  242. Set-ExecutionPolicy RemoteSigned
  243. 3. Salt in Editable Mode
  244. ^^^^^^^^^^^^^^^^^^^^^^^^
  245. Editable mode allows you to more easily modify and test the source code. For
  246. more information see the `Pip documentation
  247. <https://pip.pypa.io/en/stable/reference/pip_install/#editable-installs>`_.
  248. Navigate to the root of the ``salt`` directory and install Salt in editable mode
  249. with ``pip``
  250. .. code-block:: bat
  251. cd \Salt-Dev\salt
  252. pip install -e .
  253. .. note::
  254. The ``.`` is important
  255. .. note::
  256. If ``pip`` is not recognized, you may need to restart your shell to get the
  257. updated path
  258. .. note::
  259. If ``pip`` is still not recognized make sure that the Python Scripts folder
  260. is in the System ``%PATH%``. (``C:\Python2\Scripts``)
  261. 4. Setup Salt Configuration
  262. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  263. Salt requires a minion configuration file and a few other directories. The
  264. default config file is named ``minion`` located in ``C:\salt\conf``. The
  265. easiest way to set this up is to copy the contents of the
  266. ``salt\pkg\windows\buildenv`` directory to ``C:\salt``.
  267. .. code-block:: bat
  268. cd \
  269. md salt
  270. xcopy /s /e \Salt-Dev\salt\pkg\windows\buildenv\* \salt\
  271. Now go into the ``C:\salt\conf`` directory and edit the minion config file named
  272. ``minion`` (no extension). You need to configure the master and id parameters in
  273. this file. Edit the following lines:
  274. .. code-block:: bat
  275. master: <ip or name of your master>
  276. id: <name of your minion>
  277. .. _create-windows-installer:
  278. Create a Windows Installer
  279. ==========================
  280. To create a Windows installer, follow steps 1 and 2 from
  281. :ref:`Create a Build Environment <create-build-environment>` above. Then proceed
  282. to 3 below:
  283. 3. Install Salt
  284. ---------------
  285. To create the installer for Window we install Salt using Python instead of pip.
  286. Navigate to the root ``salt`` directory and install Salt.
  287. .. code-block:: bat
  288. cd \Salt-Dev\salt
  289. python setup.py install
  290. 4. Create the Windows Installer
  291. -------------------------------
  292. Navigate to the ``pkg\windows`` directory and run the ``build_pkg.bat``
  293. with the build version (2017.7.2) and the Python version as parameters.
  294. .. code-block:: bat
  295. cd pkg\windows
  296. build_pkg.bat 2017.7.2 2
  297. ^^^^^^^^ ^
  298. | |
  299. # build version -- |
  300. # python version ------
  301. .. note::
  302. If no version is passed, the ``build_pkg.bat`` will guess the version number
  303. using git. If the python version is not passed, the default is 2.
  304. .. _create-windows-installer-easy:
  305. Creating a Windows Installer: Alternate Method (Easier)
  306. =======================================================
  307. Clone the `Salt <https://github.com/saltstack/salt/>`_ repo from GitHub into the
  308. directory of your choice. We're going to use ``Salt-Dev``.
  309. .. code-block:: bat
  310. cd \
  311. md Salt-Dev
  312. cd Salt-Dev
  313. git clone https://github.com/saltstack/salt
  314. Go into the ``salt`` directory and checkout the version of Salt you want to
  315. build.
  316. .. code-block:: bat
  317. cd salt
  318. git checkout 2017.7.2
  319. Then navigate to ``pkg\windows`` and run the ``build.bat`` script with the
  320. version you're building.
  321. .. code-block:: bat
  322. cd pkg\windows
  323. build.bat 2017.7.2 3
  324. ^^^^^^^^ ^
  325. | |
  326. # build version |
  327. # python version --
  328. This will install everything needed to build a Windows installer for Salt using
  329. Python 3. The binary will be in the ``salt\pkg\windows\installer`` directory.
  330. .. _test-salt-minion:
  331. Testing the Salt minion
  332. =======================
  333. 1. Create the directory ``C:\salt`` (if it doesn't exist already)
  334. 2. Copy the example ``conf`` and ``var`` directories from
  335. ``pkg\windows\buildenv`` into ``C:\salt``
  336. 3. Edit ``C:\salt\conf\minion``
  337. .. code-block:: bash
  338. master: ipaddress or hostname of your salt-master
  339. 4. Start the salt-minion
  340. .. code-block:: bash
  341. cd C:\Python27\Scripts
  342. python salt-minion -l debug
  343. 5. On the salt-master accept the new minion's key
  344. .. code-block:: bash
  345. sudo salt-key -A
  346. This accepts all unaccepted keys. If you're concerned about security just
  347. accept the key for this specific minion.
  348. 6. Test that your minion is responding
  349. On the salt-master run:
  350. .. code-block:: bash
  351. sudo salt '*' test.version
  352. You should get the following response: ``{'your minion hostname': True}``
  353. Packages Management Under Windows 2003
  354. ======================================
  355. Windows Server 2003 and Windows XP have both reached End of Support. Though Salt
  356. is not officially supported on operating systems that are EoL, some
  357. functionality may continue to work.
  358. On Windows Server 2003, you need to install optional component "WMI Windows
  359. Installer Provider" to get a full list of installed packages. If you don't have
  360. this, salt-minion can't report some installed software.