Beginning with the release of VMware Aria Automation Config 8.10.2, we introduced the Highstate workspace. In this post, we will show you how to leverage Aria Automation Config to apply a highstate to the deployed minions, create a job, and a schedule to continuously apply the highstate. Highstates are a collection of state files that can be run against your minions to apply all states outlined in a top.sls state file.
By the end of this post, you will know how to leverage highstates to more efficiently manage your infrastructure and ensure the minions running on the systems keep them in the desired state.
The Highstate Workspace
The Highstate workspace is used to manage and monitor your system’s configuration. You can see a historical view of highstate runs across your infrastructure to get insights and trends related to configuration drift across all minions. You can see highstate compliance across your environment from the States tab and Minions tabs. This global level helps you assess the overall state of your system’s configuration since the latest highstate run.
Across all levels, the latest highstate data is pulled from each minion, whether the data is from a recent highstate run or from many highstate runs. You can use the Limit by drop-down menu in the States tab to ensure that the Highstate workspace only displays the most recent data
As a systems administrator, you are aware of the importance of keeping your system’s configuration in compliance, identifying any systems with failures or changes, and bringing those systems back into compliance as quickly as possible. The Highstate workspace provides valuable insight into your system’s configuration and includes tools that can help you manage configuration drift.
What is a highstate?
Instead of manually configuring each minion and each application one-by-one, you can use the Aria Automation Config state management system to create state files that you can apply to many minions simultaneously. These state files can include a set of instructions that tell Aria Automation Config which operations to run on the minion and in which order. The state management system also ensures each minion is configured properly and as efficiently as possible.
However, if you have hundreds of state files and thousands of minions, running each state file takes time. A faster, more intuitive way to apply state files to your minions is to run highstate. When you run highstate, the state.highstate function is called. The state.highstate function applies all Salt states outlined in a top.sls file that you create on your Salt master.
Running highstate can be useful in the following scenarios:
- You are setting up your infrastructure for the first time and need to standardize configurations across your environment.
- You have critical systems that must remain in compliance.
- The Schedules workspace in Aria Automation Config can be used to schedule a highstate job to ensure that your machines are configured properly.
What happens when a highstate is applied?
When a highstate is applied, Aria Automation Config will sync down all of the dynamic modules from the file server, for a specific environment, to the minion. This function synchronizes custom modules, states, beacons, grains, returners, output modules, renderers, and utils.
Once the top file and states are in place, a running a highstate will run all states defined in the top file against all minions those states are assigned to.
While running highstate, if a configuration has drifted, Aria Automation Config puts minions and applications back into its compliant configuration state. If a configuration must change, Aria Automation Config quickly deploys those changes to the affected minions. You can then use the Highstate workspace to see what changes were made during the last highstate run. Charts and reports in the workspace also help visualize the changes across your infrastructure.
Consider testing your changes in a development environment or staging environment. If your states succeed, you can apply them in your production environment.
You can also run highstate in dry run mode. If you run highstate in dry run mode, Aria Automation Config generates a job return that shows what changes would be made on each minion if the states were applied. To learn more about dry run mode, see How do I create jobs.
- Note: You must create and configure the
top.slsfile on your Salt master before you run highstate for the first time. See Organizing states in the Salt user guide for more information about Salt states and thetop.slsfile.
Scoping the top.sls state file
There are a number of ways to target specific minions in your top.sls file. The top.sls file maps states to a group of targets and consists of the environment, target criteria, and state files to run. The minions download the top.sls file and attempt to match the expressions in it. If a minion matches the expression, it runs the specified state files. For example, you might organize your top.sls file to apply certain state files to all minions, some to CentOS minions, and others to minions whose IDs contain the string web.
base:
'*':
- vim
- scripts
'os:CentOS':
- match: grain
- centos-config
'*web*':
- apache
- djangoRunning your Highstate
After you configure the top.sls file, you can run your first highstate.
To run a highstate:
- Click the States tab in the Highstate workspace.
- Click Run Highstate.
- In the dialog box, select the target to run highstate on.
- Click Run Highstate.
After the highstate run is finished, you can view the results of your first highstate run at several levels:
- Global level: see highstate returns across your environment
- Target level: see highstate returns by target group
- Minion level: see highstate returns by minion
Create a Job
With the highstate top.sls file created and tested, lets proceed to creating a job, so the highstate may be scheduled to run periodically.
Create a new job.
- Click Config > Jobs in the side menu to open the Jobs workspace.
- Click the Create Job button.
- Define a name for the Job.
- Define a Target, if desired.
- Set the function to state.highstate.
- Save the Job.
Schedule the Highstate Job
Now that we have created the highstate top.sls file, and created the Apply Highstate job, we are ready to proceed to schedule the job to run periodically.
- Note: When creating a schedule keep in mind your organizations needs and time frame for maintaining drift within your environment. Also, you may set the schedule to apply to target groups of minions which may need more or less frequent updates then other systems in the organization.
To create a new schedule for a job:
- Click Config > Schedules in the side menu to open the Schedules workspace.
- Click Create Schedule.
- Select the Highstate job, created in the previous step.
- Select the Target.
- Decide on how often to run the highstate job.
- Click Save and confirm the schedule now appears in the table of upcoming scheduled jobs.
With the highstate top.sls file, and the Apply Highstate job scheduled, you can ensure the environment will be kept at the desired state.
For additional information see our YouTube playlist, Cloud Management blog, and TechZone for additional content.
