A few weeks ago, I was tasked with updating the Salt minion running on 50+ nodes from the version packaged in the Ubuntu repo to the version packaged in the official Saltstack repo. I thought it would be fun to try this using the existing Salt deployment.
#!/usr/bin/env bash # install salt from salt repo wget -O - https://repo.saltstack.com/py3/ubuntu/xx.xx/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add - echo "deb http://repo.saltstack.com/py3/ubuntu/xx.xx/amd64/latest xenial main" | sudo tee /etc/apt/sources.list.d/saltstack.list sudo apt update sudo apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' salt-minion sudo systemctl restart salt-minion
Briefly, the script downloads Salt’s signing key and adds the repository to
/etc/apt/sources.list.d/ where apt can find it. It then updates salt-minion with dpkg options that ensure the old config files in
/etc/salt/ are left untouched by the upgrade process. Finally, the script restarts the salt-minion service.
I stuck the script
/srv/salt/scripts/update-salt-minion and called it from my salt master with
salt '*' cmd.script salt://scripts/update-salt-minion.
After about 5 minutes, the job had finished. In most cases, the salt minions even returned successfully.