Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting Started with Salt

Getting Started with Salt

DjangoCon US 2013


Peter Baumgartner

September 03, 2013

More Decks by Peter Baumgartner

Other Decks in Technology


  1. Getting Started with Salt

  2. Peter Baumgartner Founder, Lincoln Loop

  3. What is SaltStack?

  4. “SaltStack delivers a dynamic infrastructure communication bus used for orchestration,

    remote execution, configuration management and much more.”
  5. None
  6. SaltStack is Configuration Management

  7. Configuration Management

  8. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf Before Configuration Management

  9. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD Before Configuration Management

  10. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK Before Configuration Management

  11. root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK /etc/nginx/nginx.conf.20130617.bak Before Configuration Management

  12. None
  13. After Configuration Management

  14. Version control your servers Self-documenting Repeatable Reusable Benefits

  15. SaltStack is Remote Execution

  16. Run command(s) against remote server(s) e.g. Fabric, Capistrano, Func Remote

  17. Deploy your code Run one-off scripts Critical package updates System

    monitoring/alerting https://github.com/lincolnloop/salmon Remote Execution Examples
  18. Why Choose SaltStack?

  19. Python YAML Jinja2 Familiar Tools

  20. Great Documentation (>800 pages) Insanely responsive (IRC, GitHub) Backed by

    for-profit org Community
  21. Why Choose SaltStack?

  22. Why Not Choose SaltStack?

  23. Young Project Moves Fast Not SSH (SSH support soon) https://github.com/saltstack/salt/issues/5913

    https://github.com/saltstack/salt/issues/5914 Caution
  24. Let’s Learn Salt!

  25. First... a vocabulary lesson

  26. Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory

    Everything is Terrible
  27. Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory

    Salt might be the worst offender... Everything is Terrible
  28. Mas•ter ˈmastər (noun) Server that manages the whole stack (auth,

    states, pillars)
  29. Min•ion ˈminyən (noun) A server controlled by the master

  30. State stāt (noun) A declarative representation of system state. (how

    you want the minion configured)
  31. Grain grān (noun) Static information about a minion (RAM, CPUs,

    OS, etc.)
  32. Pil•lar ˈpilər (noun) Variables for one or more minions (ports,

    file paths, configuration parameters)
  33. None
  34. Top File täp fīl (noun) Matches states or pillars to

  35. High•state hīstāt (noun) All the state data for a minion

  36. None
  37. Let’s Really Get Started

  38. Binaries for most distros Pip install (for bleeding edge) http://bootstrap.saltstack.org

    (it probably does what you want) Installation Options
  39. root@master:~# apt-get install salt-master Master Server ...or run master-less

  40. # apt-get install salt-minion # echo "salt" >> /etc/hosts

    # salt-key -a minion.lincolnloop.com Accept the minion key on the master Point minion to the master Minion
  41. Write Your First State

  42. nginx: pkg.installed /srv/salt/mystate.sls (or /srv/salt/mystate/init.sls) Install a Package

  43. Create your Top File

  44. base: myserver.lincolnloop.com: - mystate /srv/salt/top.sls The Top File

  45. Highstate!

  46. # salt 'myserver.lincolnloop.com' state.highstate # salt-call state.highstate ...or pull from

    the minion Push from the master Highstate ...or master-less # salt-call state.highstate --local
  47. [INFO ] Executing state pkg.installed for nginx [INFO ] Executing

    command "dpkg-query --showformat='${Status} ${Package} $ {Version}\n' -W" in directory '/' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/' [INFO ] Executing command 'apt-get -q update' in directory '/' [INFO ] Executing command 'apt-get -q -y -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-confdef install nginx' in directory '/' [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version}\n' -W" in directory '/' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/' [INFO ] Installed Packages: libgeoip1 changed from absent to 1.4.8+dfsg-2 nginx changed from absent to 1.1.19-1 libxml2 changed from absent to 2.7.8.dfsg-5.1ubuntu4 nginx-common changed from absent to 1.1.19-1 libfreetype6 changed from absent to 2.4.8-1ubuntu2 nginx-full changed from absent to 1.1.19-1 xml-core changed from absent to 0.13 geoip-database changed from absent to 20111220-1 libxslt1.1 changed from absent to 1.1.26-8ubuntu1 libjpeg-turbo8 changed from absent to 1.1.90+svn733-0ubuntu4 libgd2-noxpm changed from absent to 2.0.36~rc1~dfsg-6ubuntu2 sgml-base changed from absent to 1.26+nmu1ubuntu1 libjpeg8 changed from absent to 8c-2ubuntu7 ,,,
  48. [INFO ] Loading fresh modules for state activity local: ----------

    State: - pkg Name: nginx Function: installed Result: True Comment: The following packages were installed/updated: nginx. Changes: libgeoip1: { new : 1.4.8+dfsg-2 old : } nginx: { new : 1.1.19-1 old : } libxml2: { new : 2.7.8.dfsg-5.1ubuntu4 old : } nginx-common: { new : 1.1.19-1 old : } libfreetype6: { new : 2.4.8-1ubuntu2 old : } nginx-full: { new : 1.1.19-1 old : } ...
  49. None
  50. None
  51. Leveling Up Your States

  52. pete: user.present: - shell: /bin/bash - home: /home/pete - groups:

    - sudo Create a User
  53. pete: user.present: - shell: /bin/bash - home: /home/pete - groups:

    - sudo ssh_auth.present: - user: pete - source: salt://pete.pub - require: - user: pete Add an SSH Key
  54. git@github.com/ipmb/mysite.git: git.latest: - rev: develop - target: /usr/local/src/mysite - require:

    - pkg: git-core Checkout a Repo
  55. python manage.py syncdb --noinput: cmd.run: - cwd: /usr/local/src/mysite - require:

    - git: git@github.com/me/mysite.git Run Arbitrary Commands
  56. Over 50 built-in pip, virtualenv mysql, postgres services, files, cron

    ...or build your own (in Python) Built-in States
  57. Using Pillars

  58. Pil•lar ˈpilər (noun) Variables for one or more minions (ports,

    file paths, configuration parameters)
  59. mysite: - branch: develop /srv/pillar/mysite.sls Example Pillar

  60. base: 'myserver.lincolnloop.com': - mysite /srv/pillar/top.sls Pillar Top File

  61. base: '*': - default '*.lincolnloop.com': - lincoln_loop 'os:Ubuntu': - match:

    grain - pkgs.ubuntu /srv/pillar/top.sls Advanced Pillar Top File
  62. git@github.com/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.branch }} - target: /usr/local/src/mysite

    - require: - pkg: git-core Adding Pillars to a State
  63. git@github.com/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.get('branch', 'master') }} - target:

    /usr/local/src/mysite - require: - pkg: git-core Setting a Default
  64. redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb Using Grains in a

  65. /etc/redis.conf: file.managed: - template: jinja - source: salt://packages/redis_server/redis.conf.jinja - defaults:

    maxmemory: {{ pillar.get('redis_maxmemory', '64mb') }} Using Pillars in Files
  66. daemonize yes pidfile /var/run/redis.pid port 6379 bind maxmemory {{

    maxmemory }} ... /srv/salt/redis_server/redis.conf.jinja Using Pillars in Files
  67. Salt-cloud Custom Modules Scheduler Renderers Returners Advanced Topics

  68. Tips & Tricks

  69. output_mode: mixed Tips & Tricks

  70. Jinja2 is powerful Don't go nuts Tips & Tricks

  71. Update often ...and review the change log Tips & Tricks

  72. Tips & Tricks Test before you deploy Make friends with

    Vagrant or Docker
  73. Thank you! Questions? Peter Baumgartner http://lincolnloop.com @ipmb