Salt - The New Configuration Management Tool

INTRO TO SALTSTACK
THE NEW CONFIGURATION MANAGEMENT SYSTEM
Presented by /
Justin Carmony @JustinCarmony

View Slide

Slides split up into multiple sections.
Slides both vertical and horizontal.

View Slide

Test Vertical Slide

View Slide

ABOUT PRESENTER
Director of Development
@ Deseret Digital Media
President of Utah PHP Usergroup
8+ years of professional web development
Goofy dad

View Slide

View Slide

ABOUT THIS PRESENTATION
Slides & code examples will be posted online
Feel free to ask on-topic questions
We'll have time for questions at the end
Feel free to talk and/or contact me
afterward the presentation

View Slide

OUR GOAL
Understand Some Server Challenges Facing Teams
Basic introduction to Salt about what it does
Live demo on how it can help solve common problems
Get you excited to go try out & learn more about salt

View Slide

LETS START
WITH A STORY

View Slide

YOU'RE A HAPPY DEVELOPER

View Slide

YOU'RE PART OF A

View Slide

SMALL TEAM OF DEVS

View Slide

YOU HAVE A NEW WEBSITE

View Slide

ON A SMALL CLOUD SERVER

View Slide

YOU START GETTING LOTS OF USERS ...

View Slide

... AND YOU NEED TO QUICKLY SCALE.

View Slide

YOU ASK YOUR BOSS TO HIRE A SYS ADMIN.
"WE DON'T HAVE THE BUDGET!"

View Slide

SO YOUR TEAM DECIDES TO ASK:

View Slide

... AND YOU START DEPLOYING MORE SERVERS ...

View Slide

... AND SOME MORE ...

View Slide

... AND MAYBE JUST A FEW MORE ...

View Slide

UNTIL IT IS A GIANT MESS!

View Slide

SCENARIO: JOHN GETS FIRED

View Slide

YOU HAVE A DOZEN SERVERS
HE HAS SSH KEYS ON HALF OF THEM.

View Slide

HOW ARE YOU GOING TO ENSURE YOU'VE
REVOKED HIS ACCESS EVERYWHERE?

View Slide

THE PROBLEM:
AD-HOC SERVER MANAGEMENT

View Slide

THE CLOUD
Doesn't Require a Sys Admin
Simple to deploy many servers
But complex to solve large scaling issues
Long-term management requires
fore-thought & planning

View Slide

THE DEVELOPER
Can relatively easily setup a production environment
Typically doesn't know how to manage many servers long-
term
Busy programming, last priority is "sysadmin stuff"

View Slide

THE BUSINESS
Hard to justify a "Sys Admin"
when devs can do "okay" job.
Usually hit scaling problems
before profitability

View Slide

THE SOLUTION:
DEVELOPERS NEED TO THINK LIKE OPS

View Slide

DEVOPS
We've been putting more dev into ops,
but we need to put more ops into dev.
Ops is a state of mind.
— Theo Schlossnagle
CEO, OmniTI
“

View Slide

NEED TO APPLY BEST PRACTICES
FOR SERVER ENVIRONMENTS
Source Control for Configuration
Ensure Servers are Configured The Same
Automate Upgrades, Changes, & new Deployments

View Slide

INTRODUCING
CONFIGURATION MANAGEMENT

View Slide

WHAT CAN CONFIGURATION
MANAGEMENT DO?
Manage Packages
Manage Services
Manage Configuration
Manage Files
Manage Users

View Slide

POPULAR TOOLS
Puppet
Chef
CFEngine

View Slide

SO WHAT IS SALT?

View Slide

WHAT IS SALT
SaltStack takes a new approach to infrastructure
management by developing software that is easy enough to
get running in minutes, scalable enough to manage tens of
thousands of servers, and fast enough to communicate with
them in seconds. SaltStack delivers a dynamic infrastructure
communication bus used for orchestration, remote execution,
configuration management and much more.
— About SaltStack, SaltStack.org
“

View Slide

A DIFFERENT APPROACH
Salt is a simple system that focuses on two things:
Scalable, Fast Communication (Flow)
Quickly get information / data from a server (State)

View Slide

SALT BASICS
Minions connect to Master via ZeroMQ
Minions authenticate with master via AES (pub/priv) keys
Master can send module commands to minions to execute
Execution is in parallel
Modules are just python modules

View Slide

WHAT DOES THIS GIVE US?
Extremely Scalable (~10k Minions per Server)
Great Flexibility (just write a python module for new
functionality)
Simple, Avoids Complexity
Great Building Blocks for Automation

View Slide

BUILT ON TOP OF SALT
Configuration Management
Remote Execution

View Slide

NEW / UPCOMING FUNCTIONALITY
VM / Cloud Management
Monitoring

View Slide

100% OPEN SOURCE
Everything is open source! Apache License
No "watered-down" community edition
8th Most Unique Contributors on GitHub in 2012
Extremely Open & Friendly Community

View Slide

WHO USES SALT

View Slide

INSTALLING SALT
ITS SO EASY EVEN I CAN DO IT

View Slide

BASIC SALT SETUP

View Slide

SETTING UP THE MASTER
Install salt-master via Salt Bootstrap, Pip, Apt, Yum, Source,
etc
Edit Configuration (i.e. /etc/salt/master)
File Roots
Pillar Roots
Restart salt-master (i.e. /etc/init.d/salt-master restart)
f
i
l
e
_
r
o
o
t
s
:
b
a
s
e
:
- /
s
r
v
/
s
a
l
t
p
i
l
l
a
r
_
r
o
o
t
s
:
b
a
s
e
:
- /
s
r
v
/
p
i
l
l
a
r

View Slide

View Slide

SETTING UP THE MINIONS

View Slide

Install salt-minion via Salt Bootstrap, Pip, Apt, Yum, Source,
etc
Set FQDN on the server (OR set ID Manually in Config)
Edit Configuration (i.e. /etc/salt/minion)
Set Master Server
Pillar Roots
Restart Minion
m
a
s
t
e
r
: m
a
s
t
e
r
.
s
a
l
t
d
e
m
o
.
c
o
m
p
i
l
l
a
r
_
r
o
o
t
s
:
b
a
s
e
:
- /
s
r
v
/
p
i
l
l
a
r

View Slide

VIEW MINION KEYS
On the salt master, list the current keys
u
s
e
r
@
s
a
l
t
-
m
a
s
t
e
r
:
~
$ s
u
d
o s
a
l
t
-
k
e
y -
L
A
c
c
e
p
t
e
d K
e
y
s
:
U
n
a
c
c
e
p
t
e
d K
e
y
s
:
w
e
b
1
.
s
a
l
t
-
d
e
m
o
.
c
o
m
R
e
j
e
c
t
e
d K
e
y
s
:

View Slide

ACCEPT MINION KEYS
Accept the key (view it before hand to make sure it's legit)
u
s
e
r
@
s
a
l
t
-
m
a
s
t
e
r
:
~
$ s
u
d
o s
a
l
t
-
k
e
y -
a w
e
b
1
.
s
a
l
t
-
d
e
m
o
.
c
o
m
A
c
c
e
p
t
e
d K
e
y
s
:
w
e
b
1
.
s
a
l
t
-
d
e
m
o
.
c
o
m
U
n
a
c
c
e
p
t
e
d K
e
y
s
:
R
e
j
e
c
t
e
d K
e
y
s
:

View Slide

THAT'S IT! WE'RE READY TO ROCK & ROLL.

View Slide

REMOTE EXECUTION
"DO MY BIDING, MINIONS!"

View Slide

TARGETING MINIONS
Use "salt" command on master to communicate to minions
Example: Test Ping to All Minions
u
s
e
r
@
s
a
l
t
-
m
a
s
t
e
r
:
~
$ s
u
d
o s
a
l
t '
*
' t
e
s
t
.
p
i
n
g
w
e
b
1
.
s
a
l
t
d
e
m
o
.
c
o
m
:
T
r
u
e

View Slide

TARGETING TYPES OF MINIONS
s
a
l
t '
d
b
*
' t
e
s
t
.
p
i
n
g
s
a
l
t -
L w
e
b
1
.
s
a
l
t
d
e
m
o
.
c
o
m
,
d
b
2
.
s
a
l
t
d
e
m
o
.
c
o
m t
e
s
t
.
p
i
n
g
s
a
l
t -
G '
o
s
:
U
b
u
n
t
u
' t
e
s
t
.
p
i
n
g
s
a
l
t -
C '
G
@
o
s
:
D
e
b
i
a
n a
n
d w
e
b
*
' t
e
s
t
.
p
i
n
g

View Slide

EXECUTE COMMAND ON SERVERS
Example: Restart Apache
u
s
e
r
@
m
a
s
t
e
r
:
~
$ s
u
d
o s
a
l
t '
w
e
b
*
' c
m
d
.
r
u
n "
/
e
t
c
/
i
n
i
t
.
d
/
a
p
a
c
h
e
2 r
e
s
t
a
r
t
"

View Slide

EXECUTE MODULES ON SERVERS
Example: Restart Apache
u
s
e
r
@
s
a
l
t
-
m
a
s
t
e
r
:
~
$ s
u
d
o s
a
l
t '
w
e
b
*
' a
p
a
c
h
e
.
s
i
g
n
a
l r
e
s
t
a
r
t

View Slide

LOTS OF MODULES
Here are just some of them:
apache, apt, cron, disk, file, mount, mysql, network, puppet,
service, solr, state, test, useradd, win_disk, win_service,
win_useradd

View Slide

CONFIGURATION
MANAGEMENT
KEEPING YOUR SERVERS CONFIGURED THE SAME

View Slide

OVERVIEW
Define a State Tree
Assign Parts of State Tree to Servers
Minion will download it's state definition from the tree
Minion will compare its current state vs state tree
Minion will make changes to match state tree & report
back

View Slide

WHAT IS STATE?
Example using English:
State Tree: Apache is installed & running
Server Minion: Apache is not installed nor running

View Slide

TOP.SLS FILE
Defines which servers have which parts of the state tree
applied to them.
Example top.sls file:
b
a
s
e
:
'
*
'
:
- c
o
r
e
.
t
o
o
l
s
- c
o
r
e
.
u
s
e
r
s
'
w
e
b
1
.
s
a
l
t
d
e
m
o
.
c
o
m
'
:
- a
p
a
c
h
e
2
- p
h
p
5

View Slide

DIFFERENT ENVIRONMENTS
b
a
s
e
:
'
*
'
:
# S
t
u
f
f f
o
r a
l
l s
e
r
v
e
r
s
d
e
v
:
'
*
'
:
# s
t
u
f
f f
o
r d
e
v s
t
a
g
e
s
t
a
g
e
:
'
*
'
:
# s
t
u
f
f f
o
r s
t
a
b
l
e s
t
a
g
e
p
r
o
d
:
'
*
'
:
# s
t
u
f
f f
o
r p
r
o
d s
t
a
g
e

View Slide

TREE MAPS TO FILES
Base is your file_roots
apache2 => apache2/init.sls
core => core/init.sls
core.tools => core/tools.sls

View Slide

ANATOMY OF A STATE DECLARATION
Example of a user definition
j
u
s
t
i
n
: #
# I
D
u
s
e
r
: #
# T
y
p
e
- p
r
e
s
e
n
t #
# F
u
n
c
t
i
o
n
- s
h
e
l
l
: /
b
i
n
/
b
a
s
h
- h
o
m
e
: /
h
o
m
e
/
j
u
s
t
i
n
- p
a
s
s
w
o
r
d
: $
1
$
M
G
4
P
b
s
H
9
$
.
w
6
8
M
3
y
d
/
k
U
m
E
S
w
q
3
c
R
M
9
1

View Slide

LETS INSTALL & MANAGE APACHE2
a
p
a
c
h
e
2
:
p
k
g
:
- i
n
s
t
a
l
l
e
d
s
e
r
v
i
c
e
:
- r
u
n
n
i
n
g
/
e
t
c
/
a
p
a
c
h
e
2
/
a
p
a
c
h
e
2
.
c
o
n
f
:
f
i
l
e
:
- m
a
n
a
g
e
d
- s
o
u
r
c
e
: s
a
l
t
:
/
/
f
i
l
e
s
/
e
t
c
/
a
p
a
c
h
e
2
/
a
p
a
c
h
e
2
.
c
o
n
f
- w
a
t
c
h
_
i
n
:
- s
e
r
v
i
c
e
: a
p
a
c
h
e
2

View Slide

JINJA TEMPLATES
a
p
a
c
h
e
:
p
k
g
.
i
n
s
t
a
l
l
e
d
:
{
% i
f g
r
a
i
n
s
[
'
o
s
'
] =
= '
R
e
d
H
a
t
' %
}
- n
a
m
e
: h
t
t
p
d
{
% e
l
i
f g
r
a
i
n
s
[
'
o
s
'
] =
= '
U
b
u
n
t
u
' %
}
- n
a
m
e
: a
p
a
c
h
e
2
{
% e
n
d
i
f %
}

View Slide

APPLYING THE HIGH STATE
You just call the state.highstate function
s
a
l
t '
*
' s
t
a
t
e
.
h
i
g
h
s
t
a
t
e

View Slide

View Slide

RANDOM TIPS FOR
USING SALT
COMMON PITFALLS WHILE GETTING STARTED WITH SALT

View Slide

DEBUGGING SALT
Run things in the foreground:
# R
u
n m
a
s
t
e
r i
n f
o
r
e
g
r
o
u
n
d
/
e
t
c
/
i
n
i
t
.
d
/
s
a
l
t
-
m
a
s
t
e
r s
t
o
p
s
a
l
t
-
m
a
s
t
e
r -
L
# R
u
n m
i
n
i
o
n i
n f
o
r
e
g
r
o
u
n
d
/
e
t
c
/
i
n
i
t
.
d
/
s
a
l
t
-
m
i
n
i
o
n s
t
o
p
s
a
l
t
-
m
i
n
i
o
n -
L

View Slide

DEBUGGING SALT
Run things manualy from the minion
s
a
l
t
-
c
a
l
l -
l d
e
b
u
g s
t
a
t
e
.
h
i
g
h
s
t
a
t
e

View Slide

OTHER TIDBITS
yaml chokes on tabs, make sure you use spaces
I use sublime text configured to always use spaces
Use 127.0.1.1 in hosts file to set FQDN
Test what is the FQDN with:
p
y
t
h
o
n -
c '
i
m
p
o
r
t
s
o
c
k
e
t
;
p
r
i
n
t
(
s
o
c
k
e
t
.
g
e
t
f
q
d
n
(
)
)
;
'

View Slide

YOU'VE BEEN INTRODUCED TO SALT
NOW WHAT?

View Slide

CHECKOUT MY SALT AWS DEMO
Uses Vagrant & AWS to setup a test 5 server environment.
https://github.com/JustinCarmonyDotCom/salt-demo

View Slide

CHECKOUT SALT'S DOCUMENTATION &
TUTORIALS
Salt has some (and getting better all the
time).
very good docs

View Slide

JOIN THE SUPER FRIENDLY IRC CHANNEL
irc.freenode.net #salt

View Slide

TRY IT OUT!
Blog/tweet/discuss your experience

View Slide

IT'S OPEN SOURCE, GET INVOLVED
Very Pull Request friendly
(They even have accepted PR's from me!)

View Slide

Salt - The New Configuration Management Tool

Salt - The New Configuration Management Tool

Justin Carmony

More Decks by Justin Carmony

Other Decks in Technology

Featured

Transcript