$30 off During Our Annual Pro Sale. View Details »

Getting Started with Salt

Getting Started with Salt

DjangoCon US 2013

Peter Baumgartner

September 03, 2013
Tweet

More Decks by Peter Baumgartner

Other Decks in Technology

Transcript

  1. Getting Started with Salt

    View Slide

  2. Peter Baumgartner
    Founder, Lincoln Loop

    View Slide

  3. What is SaltStack?

    View Slide

  4. “SaltStack delivers a dynamic
    infrastructure communication bus
    used for orchestration, remote
    execution, configuration management
    and much more.”

    View Slide

  5. View Slide

  6. SaltStack is
    Configuration Management

    View Slide

  7. Configuration Management

    View Slide

  8. root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    Before Configuration Management

    View Slide

  9. root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    /etc/nginx/nginx.conf.OLD
    Before Configuration Management

    View Slide

  10. root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    /etc/nginx/nginx.conf.OLD
    /etc/nginx/nginx.conf.BAK
    Before Configuration Management

    View Slide

  11. root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    /etc/nginx/nginx.conf.OLD
    /etc/nginx/nginx.conf.BAK
    /etc/nginx/nginx.conf.20130617.bak
    Before Configuration Management

    View Slide

  12. View Slide

  13. After Configuration Management

    View Slide

  14. Version control your servers
    Self-documenting
    Repeatable
    Reusable
    Benefits

    View Slide

  15. SaltStack is
    Remote Execution

    View Slide

  16. Run command(s)
    against remote server(s)
    e.g. Fabric, Capistrano, Func
    Remote Execution

    View Slide

  17. Deploy your code
    Run one-off scripts
    Critical package updates
    System monitoring/alerting
    https://github.com/lincolnloop/salmon
    Remote Execution Examples

    View Slide

  18. Why Choose SaltStack?

    View Slide

  19. Python
    YAML
    Jinja2
    Familiar Tools

    View Slide

  20. Great Documentation (>800 pages)
    Insanely responsive (IRC, GitHub)
    Backed by for-profit org
    Community

    View Slide

  21. Why Choose SaltStack?

    View Slide

  22. Why Not Choose SaltStack?

    View Slide

  23. Young Project
    Moves Fast
    Not SSH
    (SSH support soon)
    https://github.com/saltstack/salt/issues/5913
    https://github.com/saltstack/salt/issues/5914
    Caution

    View Slide

  24. Let’s Learn Salt!

    View Slide

  25. First...
    a vocabulary lesson

    View Slide

  26. Chef: knife, recipe, cookbook
    Puppet: terminus, metaparameters
    Ansible: playbook, inventory
    Everything is Terrible

    View Slide

  27. Chef: knife, recipe, cookbook
    Puppet: terminus, metaparameters
    Ansible: playbook, inventory
    Salt might be the worst offender...
    Everything is Terrible

    View Slide

  28. Mas•ter
    ˈmastər (noun)
    Server that manages the whole
    stack (auth, states, pillars)

    View Slide

  29. Min•ion
    ˈminyən (noun)
    A server controlled by the master

    View Slide

  30. State
    stāt (noun)
    A declarative representation of
    system state.
    (how you want the minion configured)

    View Slide

  31. Grain
    grān (noun)
    Static information about a minion
    (RAM, CPUs, OS, etc.)

    View Slide

  32. Pil•lar
    ˈpilər (noun)
    Variables for one or more minions
    (ports, file paths, configuration parameters)

    View Slide

  33. View Slide

  34. Top File
    täp fīl (noun)
    Matches states or pillars
    to minions

    View Slide

  35. High•state
    hīstāt (noun)
    All the state data for a minion

    View Slide

  36. View Slide

  37. Let’s Really Get Started

    View Slide

  38. Binaries for most distros
    Pip install (for bleeding edge)
    http://bootstrap.saltstack.org
    (it probably does what you want)
    Installation Options

    View Slide

  39. root@master:~# apt-get install salt-master
    Master Server
    ...or run master-less

    View Slide

  40. # apt-get install salt-minion
    # echo "salt 10.10.1.1" >> /etc/hosts
    # salt-key -a minion.lincolnloop.com
    Accept the minion key on the master
    Point minion to the master
    Minion

    View Slide

  41. Write Your First
    State

    View Slide

  42. nginx:
    pkg.installed
    /srv/salt/mystate.sls
    (or /srv/salt/mystate/init.sls)
    Install a Package

    View Slide

  43. Create your
    Top File

    View Slide

  44. base:
    myserver.lincolnloop.com:
    - mystate
    /srv/salt/top.sls
    The Top File

    View Slide

  45. Highstate!

    View Slide

  46. # salt 'myserver.lincolnloop.com' state.highstate
    # salt-call state.highstate
    ...or pull from the minion
    Push from the master
    Highstate
    ...or master-less
    # salt-call state.highstate --local

    View Slide

  47. [INFO ] Executing state pkg.installed for nginx
    [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $
    {Version}\n' -W" in directory '/'
    [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e
    "^.+$"' in directory '/'
    [INFO ] Executing command 'apt-get -q update' in directory '/'
    [INFO ] Executing command 'apt-get -q -y -o DPkg::Options::=--force-confold
    -o DPkg::Options::=--force-confdef install nginx' in directory '/'
    [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $
    {Version}\n' -W" in directory '/'
    [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e
    "^.+$"' in directory '/'
    [INFO ] Installed Packages:
    libgeoip1 changed from absent to 1.4.8+dfsg-2
    nginx changed from absent to 1.1.19-1
    libxml2 changed from absent to 2.7.8.dfsg-5.1ubuntu4
    nginx-common changed from absent to 1.1.19-1
    libfreetype6 changed from absent to 2.4.8-1ubuntu2
    nginx-full changed from absent to 1.1.19-1
    xml-core changed from absent to 0.13
    geoip-database changed from absent to 20111220-1
    libxslt1.1 changed from absent to 1.1.26-8ubuntu1
    libjpeg-turbo8 changed from absent to 1.1.90+svn733-0ubuntu4
    libgd2-noxpm changed from absent to 2.0.36~rc1~dfsg-6ubuntu2
    sgml-base changed from absent to 1.26+nmu1ubuntu1
    libjpeg8 changed from absent to 8c-2ubuntu7
    ,,,

    View Slide

  48. [INFO ] Loading fresh modules for state activity
    local:
    ----------
    State: - pkg
    Name: nginx
    Function: installed
    Result: True
    Comment: The following packages were installed/updated: nginx.
    Changes: libgeoip1: { new : 1.4.8+dfsg-2
    old :
    }
    nginx: { new : 1.1.19-1
    old :
    }
    libxml2: { new : 2.7.8.dfsg-5.1ubuntu4
    old :
    }
    nginx-common: { new : 1.1.19-1
    old :
    }
    libfreetype6: { new : 2.4.8-1ubuntu2
    old :
    }
    nginx-full: { new : 1.1.19-1
    old :
    }
    ...

    View Slide

  49. View Slide

  50. View Slide

  51. Leveling Up Your
    States

    View Slide

  52. pete:
    user.present:
    - shell: /bin/bash
    - home: /home/pete
    - groups:
    - sudo
    Create a User

    View Slide

  53. pete:
    user.present:
    - shell: /bin/bash
    - home: /home/pete
    - groups:
    - sudo
    ssh_auth.present:
    - user: pete
    - source: salt://pete.pub
    - require:
    - user: pete
    Add an SSH Key

    View Slide

  54. [email protected]/ipmb/mysite.git:
    git.latest:
    - rev: develop
    - target: /usr/local/src/mysite
    - require:
    - pkg: git-core
    Checkout a Repo

    View Slide

  55. python manage.py syncdb --noinput:
    cmd.run:
    - cwd: /usr/local/src/mysite
    - require:
    - git: [email protected]/me/mysite.git
    Run Arbitrary Commands

    View Slide

  56. Over 50 built-in
    pip, virtualenv
    mysql, postgres
    services, files, cron
    ...or build your own (in Python)
    Built-in States

    View Slide

  57. Using
    Pillars

    View Slide

  58. Pil•lar
    ˈpilər (noun)
    Variables for one or more minions
    (ports, file paths, configuration parameters)

    View Slide

  59. mysite:
    - branch: develop
    /srv/pillar/mysite.sls
    Example Pillar

    View Slide

  60. base:
    'myserver.lincolnloop.com':
    - mysite
    /srv/pillar/top.sls
    Pillar Top File

    View Slide

  61. base:
    '*':
    - default
    '*.lincolnloop.com':
    - lincoln_loop
    'os:Ubuntu':
    - match: grain
    - pkgs.ubuntu
    /srv/pillar/top.sls
    Advanced Pillar Top File

    View Slide

  62. [email protected]/ipmb/mysite.git:
    git.latest:
    - rev: {{ pillar.mysite.branch }}
    - target: /usr/local/src/mysite
    - require:
    - pkg: git-core
    Adding Pillars to a State

    View Slide

  63. [email protected]/ipmb/mysite.git:
    git.latest:
    - rev: {{ pillar.mysite.get('branch', 'master') }}
    - target: /usr/local/src/mysite
    - require:
    - pkg: git-core
    Setting a Default

    View Slide

  64. redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb
    Using Grains in a Pillar

    View Slide

  65. /etc/redis.conf:
    file.managed:
    - template: jinja
    - source: salt://packages/redis_server/redis.conf.jinja
    - defaults:
    maxmemory: {{ pillar.get('redis_maxmemory', '64mb') }}
    Using Pillars in Files

    View Slide

  66. daemonize yes
    pidfile /var/run/redis.pid
    port 6379
    bind 127.0.0.1
    maxmemory {{ maxmemory }}
    ...
    /srv/salt/redis_server/redis.conf.jinja
    Using Pillars in Files

    View Slide

  67. Salt-cloud
    Custom Modules
    Scheduler
    Renderers
    Returners
    Advanced Topics

    View Slide

  68. Tips & Tricks

    View Slide

  69. output_mode: mixed
    Tips & Tricks

    View Slide

  70. Jinja2 is powerful
    Don't go nuts
    Tips & Tricks

    View Slide

  71. Update often
    ...and review the change log
    Tips & Tricks

    View Slide

  72. Tips & Tricks
    Test before you deploy
    Make friends with Vagrant or Docker

    View Slide

  73. Thank you!
    Questions?
    Peter Baumgartner
    http://lincolnloop.com
    @ipmb

    View Slide