Getting Started with Salt (PyCon 2014)

Getting Started with Salt.

Peter Baumgartner Founder of Lincoln Loop

What is SaltStack?

“SaltStack delivers a dynamic infrastructure communication bus used for orchestration,
remote execution, conﬁguration management and much more.”

SaltStack is: Conﬁguration Management

Conﬁguration Management

Before Conﬁguration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf

Before Conﬁguration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD

Before Conﬁguration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK

Before Conﬁguration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK /etc/nginx/nginx.conf.20130617.bak

After Conﬁguration Management

Getting Started with Salt. Version control your servers Self-documenting Repeatable
Reusable Beneﬁts

SaltStack is: Remote Execution

Remote Execution Run command(s) against remote server(s) ! e.g. Fabric,
Capistrano, Func

Remote Execution Examples Deploy your code Run one-off scripts Critical
package updates System monitoring

Why Choose SaltStack?

Familiar Tools Python YAML Jinja2

Community Great Documentation (>800 pages) ! Insanely responsive (IRC, GitHub)
! Backed by for-proﬁt org

Why Choose SaltStack?

Why Not Choose SaltStack?

Caution Young Project Moves Fast Not SSH   (SSH support
is “alpha”)

Let’s Learn Salt!

First... a vocabulary lesson

Everything is Terrible Chef: knife, recipe, cookbook Puppet: terminus, metaparameters
Ansible: playbook, inventory

Everything is Terrible Chef: knife, recipe, cookbook Puppet: terminus, metaparameters
Ansible: playbook, inventory ! Salt might be the worst offender…

Mas•ter ˈmastər (noun) Server that manages the whole stack (auth,
states, pillars)

Min•ion ˈminyən (noun) A server controlled by the master

State stāt (noun) A declarative representation of system state  (how
you want the minion conﬁgured)

Grain grān (noun) Static information about a minion (RAM, CPUs,
OS, etc.)

Pil•lar ˈpilər (noun) Variables for one or more minions  
(ports, ﬁle paths, conﬁguration parameters)

Top File täp fīl (noun) Matches states or pillars to
minions

High•state hīstāt (noun) All the state data for a minion

Let’s Really Get Started

Installation Options Binaries for most distros Pip install (for bleeding
edge) http://bootstrap.saltstack.org  (it probably does what you want)

Master Server root@master:~# apt-get install salt-master ...or run master-less

Minion # apt-get install salt-minion # echo "salt 10.10.1.1" >>
/etc/hosts # salt-key -a minion.lincolnloop.com Accept the minion key on the master Point minion to the master

Write Your First State

Install a Package nginx: pkg.installed /srv/salt/mystate.sls

Create your Top File

base: myserver: - mystate /srv/salt/top.sls   The Top File

Highstate!

# salt 'myserver' state.highstate # salt-call state.highstate ...or pull from
the minion Push from the master Highstate ...or master-less # salt-call state.highstate --local

[INFO ] Loading fresh modules for state activity [INFO ]
Running state [nginx] at time 13:12:03.314726 [INFO ] Executing state pkg.installed for nginx [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version} ${Architecture}\n' -W" in directory '/home/pete' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+ $"' in directory '/home/pete' [INFO ] Executing command 'apt-get -q update' in directory '/home/pete' [INFO ] Executing command ['apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force- confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nginx'] in directory '/home/pete' [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version} ${Architecture}\n' -W" in directory '/home/pete' [INFO ] In stalled Packages: libgd3 changed from absent to 2.1.0-2 libxpm4 changed from absent to 1:3.5.10-1 ttf-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1 nginx-common changed from absent to 1.4.1-3ubuntu1.3 libvpx1 changed from absent to 1.2.0-2 fonts-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1 nginx-full changed from absent to 1.4.1-3ubuntu1.3 fontconfig-config changed from absent to 2.10.93-0ubuntu1 libxslt1.1 changed from absent to 1.1.28-2 libtiff5 changed from absent to 4.0.2-4ubuntu3 libjpeg-turbo8 changed from absent to 1.3.0-0ubuntu1.1 libjbig0 changed from absent to 2.0-2ubuntu1 nginx changed from absent to 1.4.1-3ubuntu1.3 libjpeg8 changed from absent to 8c-2ubuntu8 libfontconfig1 changed from absent to 2.10.93-0ubuntu1 ! [INFO ] Loading fresh modules for state activity [INFO ] Completed state [nginx] at time 13:13:32.491024

local: ---------- ID: nginx Function: pkg.installed Result: True Comment: The
following packages were installed/updated: nginx. Changes: ---------- fontconfig-config: ---------- new: 2.10.93-0ubuntu1 old: fonts-dejavu-core: ---------- new: 2.33+svn2514-3ubuntu1 old: libfontconfig1: ---------- new: 2.10.93-0ubuntu1 old: libgd3: ---------- new: 2.1.0-2 old: libjbig0: ---------- new: 2.0-2ubuntu1 old:

libjpeg-turbo8: ---------- new: 1.3.0-0ubuntu1.1 old: libjpeg8: ---------- new: 8c-2ubuntu8 old:
libtiff5: ---------- new: 4.0.2-4ubuntu3 old: libvpx1: ---------- new: 1.2.0-2 old: libxpm4: ---------- new: 1:3.5.10-1 old: libxslt1.1: ---------- new: 1.1.28-2 old:

nginx: ---------- new: 1.4.1-3ubuntu1.3 old: nginx-common: ---------- new: 1.4.1-3ubuntu1.3 old:
nginx-full: ---------- new: 1.4.1-3ubuntu1.3 old: ttf-dejavu-core: ---------- new: 2.33+svn2514-3ubuntu1 old: ! Summary ------------ Succeeded: 1 Failed: 0 ------------ Total: 1

Leveling Up Your States

Create a User pete: user.present: - shell: /bin/bash - home:
/home/pete - groups: - sudo

Add an SSH Key pete: user.present: - shell: /bin/bash -
home: /home/pete - groups: - sudo ssh_auth.present: - user: pete - source: salt://pete.pub - require: - user: pete

Checkout a Repo [email protected]/ipmb/mysite.git: git.latest: - rev: develop - target:
/usr/local/src/mysite - require: - pkg: git-core

Run Arbitrary Commands python manage.py syncdb --noinput: cmd.run: - cwd:
/usr/local/src/mysite - require: - git: [email protected]/ipmb/mysite.git

Built-in States Over 50 built-in pip, virtualenv mysql, postgres services,
ﬁles, cron ...or build your own (in Python)

Using Pillars

Pil•lar ˈpilər (noun) Variables for one or more minions  
(ports, ﬁle paths, conﬁguration parameters)

mysite: - branch: develop /srv/pillar/mysite.sls Example Pillar

base: 'myserver': - mysite /srv/pillar/top.sls Pillar Top File

base: '*': - default '*.lincolnloop.com': - lincoln_loop 'os:Ubuntu': - match:
grain - pkgs.ubuntu /srv/pillar/top.sls Advanced Pillar Top File

[email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.branch }} - target: /usr/local/src/mysite
- require: - pkg: git-core Adding Pillars to a State

[email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.get('branch', 'master') }} - target:
/usr/local/src/mysite - require: - pkg: git-core Setting a Default

redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb Using Grains in a
Pillar

/etc/redis.conf: file.managed: - template: jinja - source: salt://redis_server/redis.conf.jinja - defaults:
maxmemory: {{ pillar.redis_maxmemory }} Using Pillars in Files

daemonize yes pidfile /var/run/redis.pid port 6379 bind 127.0.0.1 maxmemory {{
maxmemory }} ... Using Pillars in Files /srv/salt/redis_server/redis.conf.jinja 

Advanced Topics Salt-cloud Custom Modules Scheduler Renderers Returners Reactor

Tips & Tricks

Tips & Tricks output_mode: mixed

Tips & Tricks Jinja2 is powerful Don't go nuts

Tips & Tricks Update often ...and review the change log

Tips & Tricks Test before you deploy Make friends with
Vagrant or Docker

Thank you! Questions? ! Peter Baumgartner http://lincolnloop.com @ipmb

Getting Started with Salt (PyCon 2014)

Getting Started with Salt (PyCon 2014)

More Decks by Peter Baumgartner

Other Decks in Technology

Featured

Transcript