Automated SaltStack Minion Updates through winrepo

This blog article is a follow-up to the previous article that explains a different way to do minion updates. For Windows minions there’s an even easier method to run the update automatically. This is by using winrepo. Winrepo is a mechanism provided by SaltStack to build a package manager like yum or apt on Linux. The beauty of it is that it already contains a package for the salt-minion installation which can be leveraged for automated mass updates as well. It also seems to include some way of wrapping mechanism that overcomes the issue of salt-minion service restart.

Installing winrepo

To install winrepo the SaltStack master must have internet connection. There is only 1 command needed to run on the master which initializes the winrepo:

salt-run winrepo.update_git_repos

After that you will find the directory /srv/salt/win/repo-ng/salt-winrepo-ng/_ which contains all predefined repo files (make sure you include the _ character).

In this directory there is a specification for the salt-minion installation (salt-minion.sls). If you have a closer look at the file, you will find different sections that represent different salt-minion versions with some details how they are handled.

In the version I was using at creation of the blog, salt-minion version 3006.4 and 3005.4 were fully supported. All versions which have CVEs are handled in a separate list in the file and will only be supported for removal, not for updates.

Using winrepo

There are some commands you should be aware of when using winrepo.

salt ‘<minionname>’ pkg.list_pkgs

Lists all packages that are installed on the minion and identified by SaltStack.

salt ‘<minionname>’ pkg.list_available salt-minion-py3

Lists all available versions of the package salt-minon-py3 including the CVE-versions which only can be uninstalled.

salt ‘<minionname>’ pkg.install ‘salt-minion-py3‘ version 3006.4

Installs salt-minion version 3006.4 on the target (requires previous minion installation on the target). Be aware that the winrepo package is called ‘salt-minion-py3’. This includes update installations.

salt ‘<minionname>’ pkg.remove ‘salt-minion-py3’

Removes salt-minion from the target.

The related commands will show up in the UI as jobs:

Additional note

In some situations, I saw that after an upgrade of the salt-minion through winrepo, the upgrade in general was running fine, however there was still a running .exe installation process in the Windows task manager. Once I killed it manually everything looked good.

I will monitor this behavior and provide an update once new information is available.

Have fun!

• Author
• Recent Posts

Christian Ferber

Senior Staff Solution Architect Cloud Management at VMware Global Inc.

Christian ist seit Juli 2015 bei VMware als Senior Systems Engineer für Enterprise Management tätig. Durch die Arbeit in diversen Cloud-Projekten auch in seinen vergangenen Tätigkeiten hat er Erfahrung im Bereich Rechenzentrumsthemen wie Server, Storage, Networking und Cloud-Management aufgebaut.Heute liegt sein Schwerpunkt im Bereich Automatisierung, Betriebsmonitoring bzw. Analyse und Verrechnung. Er betreut die vRealize Produktfamilie für Enterprise-Kunden in Deutschland.

Latest posts by Christian Ferber (see all)

• Approval with Jira change ticket - 4. January 2024
• Automated SaltStack Minion Updates through winrepo - 9. November 2023
• Automated SaltStack Minion Updates - 27. October 2023