RamNode logo
    Sign UpLogin
    SaltStack on Your VPS Series
    Part 3 of 6

    Provisioning OpenStack Resources with Salt Cloud

    Provision VMs via OpenStack APIs, auto-install minions, and deploy entire environments from map files.

    35 minutes

    What Salt Cloud Does

    Salt Cloud provisions cloud VMs via provider APIs. When you create a VM through Salt Cloud:

    1. Salt Cloud calls the cloud provider API to create the instance
    2. Once reachable via SSH, Salt Cloud installs the Salt minion
    3. The minion key is pre-accepted on the master
    4. The instance is immediately available for state application

    Installing Salt Cloud

    sudo apt install salt-cloud -y
salt-cloud --version

    OpenStack Prerequisites

    You need: Keystone credentials, Network ID, Security group, SSH key pair, Image ID, and Flavor/Size.

    sudo apt install python3-openstackclient -y
source ~/openstack-rc.sh

openstack image list
openstack flavor list
openstack network list
openstack security group list

    Configuring the OpenStack Provider

    /etc/salt/cloud.providers.d/openstack.conf
    my-openstack:
  driver: openstack
  auth:
    username: your_openstack_username
    password: your_openstack_password
    project_name: your_project_name
    auth_url: https://your-openstack-cloud:5000/v3
    user_domain_name: Default
    project_domain_name: Default
  region_name: RegionOne
  ssh_key_name: my-salt-key
  ssh_key_file: /root/.ssh/id_rsa
  ssh_username: ubuntu
  minion:
    master: your.salt.master.ip
    sudo chmod 600 /etc/salt/cloud.providers.d/openstack.conf
sudo salt-cloud --list-providers
sudo salt-cloud --list-images my-openstack
sudo salt-cloud --list-sizes my-openstack

    Creating VM Profiles

    /etc/salt/cloud.profiles.d/openstack-profiles.conf
    web-small:
  provider: my-openstack
  image: Ubuntu 22.04 LTS
  size: m1.small
  networks:
    - net-id: YOUR_NETWORK_ID
  security_groups:
    - default
    - web-servers
  key_name: my-salt-key

db-medium:
  provider: my-openstack
  image: Ubuntu 22.04 LTS
  size: m1.medium
  networks:
    - net-id: YOUR_NETWORK_ID
  security_groups:
    - default
    - database-servers
  volumes:
    - size: 100
      display_name: db-data

    Creating Instances

    # Single instance
sudo salt-cloud -p web-small web-01

# Multiple instances in parallel
sudo salt-cloud -p web-small web-01 web-02 web-03

# Verbose output
sudo salt-cloud -p web-small web-02 -l debug

    Map Files for IaC Deployments

    /etc/salt/cloud.maps.d/production.map
    web-small:
  - web-01:
      minion:
        grains:
          role: webserver
          environment: production
  - web-02:
      minion:
        grains:
          role: webserver
          environment: production

db-medium:
  - db-01:
      minion:
        grains:
          role: database
          environment: production
    # Preview
sudo salt-cloud -m /etc/salt/cloud.maps.d/production.map --assume-yes --query

# Deploy
sudo salt-cloud -m /etc/salt/cloud.maps.d/production.map

# Apply config to all new instances
sudo salt -G 'environment:production' state.highstate

    Managing Volumes

    sudo salt-cloud --create-volume my-openstack size=50 name=web-data
sudo salt-cloud --attach-volume web-01 web-data
sudo salt-cloud --detach-volume web-01 web-data
sudo salt-cloud --delete-volume my-openstack web-data

    Floating IPs

    web-public:
  provider: my-openstack
  image: Ubuntu 22.04 LTS
  size: m1.small
  networks:
    - net-id: YOUR_PRIVATE_NETWORK_ID
  floating_ip_pool: external

    Post-Deployment

    sudo salt 'web-01' state.apply nginx
sudo salt 'web-01' state.highstate
sudo salt -G 'role:webserver' state.highstate

    Querying & Destroying Instances

    sudo salt-cloud -Q
sudo salt-cloud -a show_instance web-01
sudo salt-cloud -d web-01
sudo salt-cloud -d -m /etc/salt/cloud.maps.d/production.map

    Userdata Scripts

    /etc/salt/cloud.userdata/common.sh
    #!/bin/bash
# Runs on first boot before Salt minion install

if [ ! -f /swapfile ]; then
  fallocate -l 1G /swapfile
  chmod 600 /swapfile
  mkswap /swapfile
  swapon /swapfile
  echo '/swapfile none swap sw 0 0' >> /etc/fstab
fi

sysctl -w net.core.somaxconn=65535
echo 'net.core.somaxconn=65535' >> /etc/sysctl.conf

    Security Notes

    • Credentials: Never commit provider config files to version control
    • SSH key rotation: Use a dedicated key for Salt Cloud, rotated periodically
    • Network segmentation: Put the Salt master on a private network if possible
    • Minion verification: Consider accept_keys: False for high-security environments

    What's Next

    You can now provision OpenStack VMs through Salt. In Part 4, we deploy a complete LAMP stack with proper role separation using Salt states.

    Part 2: States & FormulasPart 4: LAMP Stack