Create virtual machines with a grain of salt

02.09.2020 | Mattias Giese in howto


During a recent project I was tasked with an interesting challenge. A fully automated deployment pipeline which was initially based upon SUSE Manager [3] 2.x was to be migrated to Uyuni [4]. During the course of the project we also migrated a good portion of custom automation code we developed to a Salt-based approach with states and reactors/beacons. This blog post describes how we use Salt to create virtual machines on automatically deployed hypervisors.


The customer is a multi-national company with retail stores in many cities. For every store a server with a custom configuration needs to be deployed and shipped out. In order to simplify replacements and hardware supportability the ‘server’ itself is not installed on the bare metal but as a virtual machine inside a Xen-based [5] hypervisor. But this is also an overhead because every server needs to be installed ‘twice’. First, we install the Xen Hypervisor (based on OpenSUSE Leap [2]) and directly after that we create and install the virtual machine (also based on OpenSUSE Leap) which will run workload as specified by the customer.

The nitty-gritty details

The system we developed features a few core components. One is a central API bridge, which connects different aspects of the system, for example infrastructure services like DNS, Salt, the customers internal ERP/CRM as well as Uyuni itself. Another component is a custom web interface through which a user may initiate or cancel a deployment. After the user starts a new deployment process our API bridge talks to the Uyuni/cobbler [13] API, which then creates a custom PXE boot configuration for the specified host. The target system will then initiate the automatic installation (based on AutoYaST [10]). During and after the installation the system communicates with our API bridge in order to inform it on the current status, which will then coordinate and initiate the following steps. After reaching its ‘high state’ (Salt-speak, meaning the system enforced the desired state in terms of configuration) we start the deployment of the virtual machine, which will then function as the central server for the given retail store. Before the migration project we would create the virtual machine through the integrated SUSE Manager XMLRPC-API [11] and initiate another AutoYaST-based installation. This worked fine, but there surely was room for improvement, for example in terms of installation time.

Salt to the rescue

With salt we are able to facilitate a powerful and flexible automation platform to achieve our goals and simplify the infrastructure for the deployment process. Instead of relying on cobbler or the SUSE Manager APIs we are using Salt reactors [7] and salt-virt [8] to accelerate the preparation of the central store servers. After the hypervisor finished installation and was successfully configured for Xen we send a notification to the Salt message bus. This triggers our API bridge, which will then use salt-virt to create the virtual machine. The following snippets show a over-simplified version of the code in use, which runs inside the API bridge on the Salt master.

First, we import the necessary Python modules:

Then, we initialize a LocalClient in order to talk to salt and execute commands, as well as configure the logging module:

Now we define how the virtual machine should be configured. In the production code we also handle custom pillar data for the new minion, which is later used to help configure the customer workload. Additionally we create an autosign entry for the new virtual machines in order to automate the whole Salt bootstrap procedure.

This section purges pre-existing minion keys. The salt.wheel [9] module is useful for all the different aspects of key management. First, we load the current configuration for the salt-master, which is then used by the instance of salt.wheel.WheelClient. Now we are able to list and manage minion keys on our master.

And now on to the creation of the virtual machine itself. The virt.init command takes the complete definition of our virtual machine and uses libvirt to create it. Because of certain race conditions we define the virtual machine and then try several times to start it up (virt.start):

The base of the virtual machine is rather static, as we do not differentiate between different hardware platforms. Because of that we chose to use an image-based deployment approach in order to speed up the deployment tremendously.

We based our image on the default JeOS (Just enough operating system) Kiwi [6] definition from the OpenSUSE project (available here [12]). We adjust the package selection (to include the salt-minion package, for example) and configure Salt:

The provisioning_helper.firstboot state handles the initial bootstrap of the machine. This part is crucial because we need to do the following:

  1. Reboot the system
  2. Apply the ‘Highstate’ of the virtual machine
  3. Inform the deployment system about the status
  4. Reboot the system and verify its startup
  5. Remove bootstrap data

Only if we were able to enforce the desired state (as defined in Salt) and rebooted the VM successfully we may complete the deployment process and inform the user.

The complete process on the high level works something like this:

Eigene Darstellung, CC-BY-SA
Eigene Darstellung, CC-BY-SA


Salt is a really flexible platform that can be used to automate a multitude of processes. Starting with some custom Python code is easy and the states and reactors system is really robust. The message bus of Salt is really cool and makes it easy to react on things happening in your infrastructure. This was my first real deep dive into Salt (besides the usual config management with states and reactors) and I can say that I love it, besides some quirks that surface here and there. I guess that’s just the way it is with every non-trivial software project.

Mattias Giese
Mattias Giese
Mattias Giese is working as a Linux consultant and trainer at B1 Systems. If he isn't involved in systems management and automation projects where he works with a plethora of different tools that he glues together to create efficient workflows, he likes to mess around with chic mechanical keyboards and adjust the configuration of his tools in order to achieve zen laziness.


Haben Sie Anmerkungen oder Nachfragen? Melden Sie sich unter
Col 2