blog Justfile for Salt deployments

Tags:
saltstack justfile

Now that just made it into debian trixie , it has become easier to install it everywhere. I have recently been updating some of my dev environment, and have started using it with my existing salt configuration to make it easier while testing.

Salt State

One of the key points of making things easier, is to have a a special file.managed state with multiple source entries.

# jinja|yaml
# salt://defaults/init.sls
/home/my/Justfile:
  file.managed:
    - source:
        - salt://defaults/file/{{grains.id}}.justfile
        - salt://defaults/file/default.justfile

With this setup, I can create a custom Justfile for the server I am working on, or fallback to a default one.

Default Justfile

# salt://defaults/file/default.justfile
_help:
    @just --list --unsorted

# Apply default server configuration
[group('server')]
apply *args:
    sudo salt-call state.apply {{ args }}

# Check changes
[group('server')]
diff *args:
    sudo salt-call state.test {{ args }}

# Deploy Salt Minion
[group('server')]
minion:
    @just apply salt.minion

# Default Settings
[group('server')]
defaults *args:
    @just apply defaults

For my default server Justfile (which also gets copied to the start of my custom files), I have a few basic entries.

Especially when developing, I find it easier to use salt-call from the minion, instead of trying to target from the master. I start having a basic apply *args state that expands into sudo salt-call state.apply {{ args }} that I can use for either deploying the entire state, or any specific state. Mirroring this, I have an diff *args that maps to state.test that I can use to verify what would be deploy.

Because each of my entries has an *args entry, I could also run just apply test=True and let it expand into sudo salt-call state.apply test=True and it would work the same as my just diff statement.

Custom Justfile

I only have a few servers that I use, so each one tends to be assigned to a specific role.

For servers that are running a lot of docker containers, I am experimenting with two helpers.

[group('docker')]
exec id shell="/bin/bash":
    sudo docker exec -it {{ id }} {{ shell }}

[group('docker')]
container *name:
    sudo journalctl CONTAINER_NAME={{ name }}

For my web tier server, I am using Caddy in container, so I have a shortcut to apply just those settings.

# Deploy caddy configuration
[group('apps')]
caddy *args:
    @just apply caddy.docker {{ args }}

When deploying Mastodon, I have a shortcut for that as well

# Mastodon
[group('apps')]
mastodon *args:
    @just apply mastodon.premigrate {{ args }}
    @just apply mastodon.docker {{ args }}

From my salt master, I have a few more cluster specific rules

# Show Salt Log
[group('salt-master')]
tail:
    sudo salt-run state.event pretty=True

# Update Repos
[group('salt-master')]
update:
    @just apply salt.repos
    sudo salt-call saltutil.sync_all
    sudo salt-run saltutil.sync_all

# Update Salt Mine
[group('remote')]
mine:
    sudo salt '*' mine.update

# Redhat defaults
[group('remote')]
redhat:
    sudo salt -G os_family:redhat state.apply defaults.redhat

# Debian defaults
[group('remote')]
debian:
    sudo salt -G os_family:debian state.apply defaults.debian

Having a server specific Justfile when I login to my server, has helped quite a bit with streamlining common tasks, and helps a lot with documentation.

I have also found that adding group() statements to the Justfiles when combined with @just --list --unsorted also helps.