Getting Started with Salt

Transcript

1. Getting Started with Salt

2. Peter Baumgartner Founder, Lincoln Loop

3. What is SaltStack?

4. “SaltStack delivers a dynamic infrastructure communication bus used for orchestration,

   remote execution, configuration management and much more.”
5. None

6. SaltStack is Configuration Management

7. Configuration Management

8. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf Before Configuration Management

9. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD Before Configuration Management

10. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK Before Configuration Management

11. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK /etc/nginx/nginx.conf.20130617.bak Before Configuration Management

12. None

13. After Configuration Management

14. Version control your servers Self-documenting Repeatable Reusable Benefits

15. SaltStack is Remote Execution

16. Run command(s) against remote server(s) e.g. Fabric, Capistrano, Func Remote

    Execution

17. Deploy your code Run one-off scripts Critical package updates System

    monitoring/alerting https://github.com/lincolnloop/salmon Remote Execution Examples

18. Why Choose SaltStack?

19. Python YAML Jinja2 Familiar Tools

20. Great Documentation (>800 pages) Insanely responsive (IRC, GitHub) Backed by

    for-profit org Community

21. Why Choose SaltStack?

22. Why Not Choose SaltStack?

23. Young Project Moves Fast Not SSH (SSH support soon) https://github.com/saltstack/salt/issues/5913

    https://github.com/saltstack/salt/issues/5914 Caution

24. Let’s Learn Salt!

25. First... a vocabulary lesson

26. Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory

    Everything is Terrible

27. Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory

    Salt might be the worst offender... Everything is Terrible

28. Mas•ter ˈmastər (noun) Server that manages the whole stack (auth,

    states, pillars)

29. Min•ion ˈminyən (noun) A server controlled by the master

30. State stāt (noun) A declarative representation of system state. (how

    you want the minion configured)

31. Grain grān (noun) Static information about a minion (RAM, CPUs,

    OS, etc.)

32. Pil•lar ˈpilər (noun) Variables for one or more minions (ports,

    file paths, configuration parameters)
33. None

34. Top File täp fīl (noun) Matches states or pillars to

    minions

35. High•state hīstāt (noun) All the state data for a minion

36. None

37. Let’s Really Get Started

38. Binaries for most distros Pip install (for bleeding edge) http://bootstrap.saltstack.org

    (it probably does what you want) Installation Options

39. root@master:~# apt-get install salt-master Master Server ...or run master-less

40. # apt-get install salt-minion # echo "salt 10.10.1.1" >> /etc/hosts

    # salt-key -a minion.lincolnloop.com Accept the minion key on the master Point minion to the master Minion

41. Write Your First State

42. nginx: pkg.installed /srv/salt/mystate.sls (or /srv/salt/mystate/init.sls) Install a Package

43. Create your Top File

44. base: myserver.lincolnloop.com: - mystate /srv/salt/top.sls The Top File

45. Highstate!

46. # salt 'myserver.lincolnloop.com' state.highstate # salt-call state.highstate ...or pull from

    the minion Push from the master Highstate ...or master-less # salt-call state.highstate --local

47. [INFO ] Executing state pkg.installed for nginx [INFO ] Executing

    command "dpkg-query --showformat='${Status} ${Package} $ {Version}\n' -W" in directory '/' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/' [INFO ] Executing command 'apt-get -q update' in directory '/' [INFO ] Executing command 'apt-get -q -y -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-confdef install nginx' in directory '/' [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version}\n' -W" in directory '/' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/' [INFO ] Installed Packages: libgeoip1 changed from absent to 1.4.8+dfsg-2 nginx changed from absent to 1.1.19-1 libxml2 changed from absent to 2.7.8.dfsg-5.1ubuntu4 nginx-common changed from absent to 1.1.19-1 libfreetype6 changed from absent to 2.4.8-1ubuntu2 nginx-full changed from absent to 1.1.19-1 xml-core changed from absent to 0.13 geoip-database changed from absent to 20111220-1 libxslt1.1 changed from absent to 1.1.26-8ubuntu1 libjpeg-turbo8 changed from absent to 1.1.90+svn733-0ubuntu4 libgd2-noxpm changed from absent to 2.0.36~rc1~dfsg-6ubuntu2 sgml-base changed from absent to 1.26+nmu1ubuntu1 libjpeg8 changed from absent to 8c-2ubuntu7 ,,,

48. [INFO ] Loading fresh modules for state activity local: ----------

    State: - pkg Name: nginx Function: installed Result: True Comment: The following packages were installed/updated: nginx. Changes: libgeoip1: { new : 1.4.8+dfsg-2 old : } nginx: { new : 1.1.19-1 old : } libxml2: { new : 2.7.8.dfsg-5.1ubuntu4 old : } nginx-common: { new : 1.1.19-1 old : } libfreetype6: { new : 2.4.8-1ubuntu2 old : } nginx-full: { new : 1.1.19-1 old : } ...
49. None
50. None

51. Leveling Up Your States

52. pete: user.present: - shell: /bin/bash - home: /home/pete - groups:

    - sudo Create a User

53. pete: user.present: - shell: /bin/bash - home: /home/pete - groups:

    - sudo ssh_auth.present: - user: pete - source: salt://pete.pub - require: - user: pete Add an SSH Key

54. [email protected]/ipmb/mysite.git: git.latest: - rev: develop - target: /usr/local/src/mysite - require:

    - pkg: git-core Checkout a Repo

55. python manage.py syncdb --noinput: cmd.run: - cwd: /usr/local/src/mysite - require:

    - git: [email protected]/me/mysite.git Run Arbitrary Commands

56. Over 50 built-in pip, virtualenv mysql, postgres services, files, cron

    ...or build your own (in Python) Built-in States

57. Using Pillars

58. Pil•lar ˈpilər (noun) Variables for one or more minions (ports,

    file paths, configuration parameters)

59. mysite: - branch: develop /srv/pillar/mysite.sls Example Pillar

60. base: 'myserver.lincolnloop.com': - mysite /srv/pillar/top.sls Pillar Top File

61. base: '*': - default '*.lincolnloop.com': - lincoln_loop 'os:Ubuntu': - match:

    grain - pkgs.ubuntu /srv/pillar/top.sls Advanced Pillar Top File

62. [email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.branch }} - target: /usr/local/src/mysite

    - require: - pkg: git-core Adding Pillars to a State

63. [email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.get('branch', 'master') }} - target:

    /usr/local/src/mysite - require: - pkg: git-core Setting a Default

64. redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb Using Grains in a

    Pillar

65. /etc/redis.conf: file.managed: - template: jinja - source: salt://packages/redis_server/redis.conf.jinja - defaults:

    maxmemory: {{ pillar.get('redis_maxmemory', '64mb') }} Using Pillars in Files

66. daemonize yes pidfile /var/run/redis.pid port 6379 bind 127.0.0.1 maxmemory {{

    maxmemory }} ... /srv/salt/redis_server/redis.conf.jinja Using Pillars in Files

67. Salt-cloud Custom Modules Scheduler Renderers Returners Advanced Topics

68. Tips & Tricks

69. output_mode: mixed Tips & Tricks

70. Jinja2 is powerful Don't go nuts Tips & Tricks

71. Update often ...and review the change log Tips & Tricks

72. Tips & Tricks Test before you deploy Make friends with

    Vagrant or Docker

73. Thank you! Questions? Peter Baumgartner http://lincolnloop.com @ipmb