Automated SaltStack Minion Updates through winrepo

This blog article is a follow-up to the previous article that explains a different way to do minion updates. For Windows minions there’s an even easier method to run the update automatically. This is by using winrepo. Winrepo is a mechanism provided by SaltStack to build a package manager like yum or apt on Linux. The beauty of it is that it already contains a package for the salt-minion installation which can be leveraged for automated mass updates as well. It also seems to include some way of wrapping mechanism that overcomes the issue of salt-minion service restart.

Installing winrepo

To install winrepo the SaltStack master must have internet connection. There is only 1 command needed to run on the master which initializes the winrepo:

salt-run winrepo.update_git_repos

After that you will find the directory /srv/salt/win/repo-ng/salt-winrepo-ng/_ which contains all predefined repo files (make sure you include the _ character).

In this directory there is a specification for the salt-minion installation (salt-minion.sls). If you have a closer look at the file, you will find different sections that represent different salt-minion versions with some details how they are handled.

In the version I was using at creation of the blog, salt-minion version 3006.4 and 3005.4 were fully supported. All versions which have CVEs are handled in a separate list in the file and will only be supported for removal, not for updates.

Using winrepo

There are some commands you should be aware of when using winrepo.

salt ‘<minionname>’ pkg.list_pkgs

Lists all packages that are installed on the minion and identified by SaltStack.

salt ‘<minionname>’ pkg.list_available salt-minion-py3

Lists all available versions of the package salt-minon-py3 including the CVE-versions which only can be uninstalled.

salt ‘<minionname>’ pkg.install ‘salt-minion-py3‘ version 3006.4

Installs salt-minion version 3006.4 on the target (requires previous minion installation on the target). Be aware that the winrepo package is called ‘salt-minion-py3’. This includes update installations.

salt ‘<minionname>’ pkg.remove ‘salt-minion-py3’

Removes salt-minion from the target.

The related commands will show up in the UI as jobs:

Additional note

In some situations, I saw that after an upgrade of the salt-minion through winrepo, the upgrade in general was running fine, however there was still a running .exe installation process in the Windows task manager. Once I killed it manually everything looked good.

I will monitor this behavior and provide an update once new information is available.

Have fun!

• Author
• Recent Posts

Christian Ferber

Senior Staff Solution Architect Cloud Management at VMware by Broadcom

Christian has joined VMware in July 2015 as Senior Systems Engineer Cloud Management. Through his work in various cloud projects before and at VMware he has gained experience in datacenter, server, storage, networking and cloud management technologies. Today his primary focus is on automation and operation topics with integration into many surrounding solutions like containers, configuration management, directory services and others. He is responsible for the management components in the VMware Cloud Foundation (VCF) product family for enterprise customers in Germany.

Latest posts by Christian Ferber (see all)

• 1-node Kubernetes Template for CentOS Stream 9 in VCF Automation - 30. September 2024
• Aria Automation custom resources with dynamic types - 9. August 2024
• Database-as-a-Service with Data Services Manager and Aria Automation - 4. July 2024