Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Salt - The New Configuration Management Tool

Salt - The New Configuration Management Tool

These are a PDF Printout of the presentation. The PDF Conversion didn't really go all that well, so I highly recommend looking at the HTML5 slides. The HTML5 slides can be found here:

http://www.justincarmony.com/slides/salt-intro/

While there are several popular configuration management tools such as puppet and chef, there is a new kid on the block: Salt. In this presentation we’ll learn about how salt uniquely approaches remote execution and configuration management and just how fast it is. We’ll show you how to get started up in minutes and easily manage multiple servers. We’ll discuss some of the differences between salt and others like puppet and chef. Finally, time permitting, we’ll discuss how to write custom modules to extend salt much easier than others.

So come see why Salt is one of the fastest growing projects on GitHub, and why small startups and even large corporations are making the switch to salt.

42e57550044496027f9a3a4303f13362?s=128

Justin Carmony

June 23, 2013
Tweet

Transcript

  1. INTRO TO SALTSTACK THE NEW CONFIGURATION MANAGEMENT SYSTEM Presented by

    / Justin Carmony @JustinCarmony
  2. Slides split up into multiple sections. Slides both vertical and

    horizontal.
  3. Test Vertical Slide

  4. ABOUT PRESENTER Director of Development @ Deseret Digital Media President

    of Utah PHP Usergroup 8+ years of professional web development Goofy dad
  5. None
  6. None
  7. ABOUT THIS PRESENTATION Slides & code examples will be posted

    online Feel free to ask on-topic questions We'll have time for questions at the end Feel free to talk and/or contact me afterward the presentation
  8. OUR GOAL Understand Some Server Challenges Facing Teams Basic introduction

    to Salt about what it does Live demo on how it can help solve common problems Get you excited to go try out & learn more about salt
  9. LETS START WITH A STORY

  10. YOU'RE A HAPPY DEVELOPER

  11. YOU'RE PART OF A

  12. SMALL TEAM OF DEVS

  13. YOU HAVE A NEW WEBSITE

  14. ON A SMALL CLOUD SERVER

  15. YOU START GETTING LOTS OF USERS ...

  16. ... AND YOU NEED TO QUICKLY SCALE.

  17. YOU ASK YOUR BOSS TO HIRE A SYS ADMIN. "WE

    DON'T HAVE THE BUDGET!"
  18. SO YOUR TEAM DECIDES TO ASK:

  19. ... AND YOU START DEPLOYING MORE SERVERS ...

  20. ... AND SOME MORE ...

  21. ... AND MAYBE JUST A FEW MORE ...

  22. UNTIL IT IS A GIANT MESS!

  23. SCENARIO: JOHN GETS FIRED

  24. YOU HAVE A DOZEN SERVERS HE HAS SSH KEYS ON

    HALF OF THEM.
  25. HOW ARE YOU GOING TO ENSURE YOU'VE REVOKED HIS ACCESS

    EVERYWHERE?
  26. THE PROBLEM: AD-HOC SERVER MANAGEMENT

  27. THE CLOUD Doesn't Require a Sys Admin Simple to deploy

    many servers But complex to solve large scaling issues Long-term management requires fore-thought & planning
  28. THE DEVELOPER Can relatively easily setup a production environment Typically

    doesn't know how to manage many servers long- term Busy programming, last priority is "sysadmin stuff"
  29. THE BUSINESS Hard to justify a "Sys Admin" when devs

    can do "okay" job. Usually hit scaling problems before profitability
  30. THE SOLUTION: DEVELOPERS NEED TO THINK LIKE OPS

  31. DEVOPS We've been putting more dev into ops, but we

    need to put more ops into dev. Ops is a state of mind. — Theo Schlossnagle CEO, OmniTI “
  32. NEED TO APPLY BEST PRACTICES FOR SERVER ENVIRONMENTS Source Control

    for Configuration Ensure Servers are Configured The Same Automate Upgrades, Changes, & new Deployments
  33. INTRODUCING CONFIGURATION MANAGEMENT

  34. WHAT CAN CONFIGURATION MANAGEMENT DO? Manage Packages Manage Services Manage

    Configuration Manage Files Manage Users
  35. POPULAR TOOLS Puppet Chef CFEngine

  36. SO WHAT IS SALT?

  37. WHAT IS SALT SaltStack takes a new approach to infrastructure

    management by developing software that is easy enough to get running in minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with them in seconds. SaltStack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management and much more. — About SaltStack, SaltStack.org “
  38. A DIFFERENT APPROACH Salt is a simple system that focuses

    on two things: Scalable, Fast Communication (Flow) Quickly get information / data from a server (State)
  39. SALT BASICS Minions connect to Master via ZeroMQ Minions authenticate

    with master via AES (pub/priv) keys Master can send module commands to minions to execute Execution is in parallel Modules are just python modules
  40. WHAT DOES THIS GIVE US? Extremely Scalable (~10k Minions per

    Server) Great Flexibility (just write a python module for new functionality) Simple, Avoids Complexity Great Building Blocks for Automation
  41. BUILT ON TOP OF SALT Configuration Management Remote Execution

  42. NEW / UPCOMING FUNCTIONALITY VM / Cloud Management Monitoring

  43. 100% OPEN SOURCE Everything is open source! Apache License No

    "watered-down" community edition 8th Most Unique Contributors on GitHub in 2012 Extremely Open & Friendly Community
  44. WHO USES SALT

  45. INSTALLING SALT ITS SO EASY EVEN I CAN DO IT

  46. BASIC SALT SETUP

  47. SETTING UP THE MASTER Install salt-master via Salt Bootstrap, Pip,

    Apt, Yum, Source, etc Edit Configuration (i.e. /etc/salt/master) File Roots Pillar Roots Restart salt-master (i.e. /etc/init.d/salt-master restart) f i l e _ r o o t s : b a s e : - / s r v / s a l t p i l l a r _ r o o t s : b a s e : - / s r v / p i l l a r
  48. None
  49. SETTING UP THE MINIONS

  50. Install salt-minion via Salt Bootstrap, Pip, Apt, Yum, Source, etc

    Set FQDN on the server (OR set ID Manually in Config) Edit Configuration (i.e. /etc/salt/minion) Set Master Server Pillar Roots Restart Minion m a s t e r : m a s t e r . s a l t d e m o . c o m p i l l a r _ r o o t s : b a s e : - / s r v / p i l l a r
  51. VIEW MINION KEYS On the salt master, list the current

    keys u s e r @ s a l t - m a s t e r : ~ $ s u d o s a l t - k e y - L A c c e p t e d K e y s : U n a c c e p t e d K e y s : w e b 1 . s a l t - d e m o . c o m R e j e c t e d K e y s :
  52. ACCEPT MINION KEYS Accept the key (view it before hand

    to make sure it's legit) u s e r @ s a l t - m a s t e r : ~ $ s u d o s a l t - k e y - a w e b 1 . s a l t - d e m o . c o m A c c e p t e d K e y s : w e b 1 . s a l t - d e m o . c o m U n a c c e p t e d K e y s : R e j e c t e d K e y s :
  53. THAT'S IT! WE'RE READY TO ROCK & ROLL.

  54. REMOTE EXECUTION "DO MY BIDING, MINIONS!"

  55. TARGETING MINIONS Use "salt" command on master to communicate to

    minions Example: Test Ping to All Minions u s e r @ s a l t - m a s t e r : ~ $ s u d o s a l t ' * ' t e s t . p i n g w e b 1 . s a l t d e m o . c o m : T r u e
  56. TARGETING TYPES OF MINIONS s a l t ' d

    b * ' t e s t . p i n g s a l t - L w e b 1 . s a l t d e m o . c o m , d b 2 . s a l t d e m o . c o m t e s t . p i n g s a l t - G ' o s : U b u n t u ' t e s t . p i n g s a l t - C ' G @ o s : D e b i a n a n d w e b * ' t e s t . p i n g
  57. EXECUTE COMMAND ON SERVERS Example: Restart Apache u s e

    r @ m a s t e r : ~ $ s u d o s a l t ' w e b * ' c m d . r u n " / e t c / i n i t . d / a p a c h e 2 r e s t a r t "
  58. EXECUTE MODULES ON SERVERS Example: Restart Apache u s e

    r @ s a l t - m a s t e r : ~ $ s u d o s a l t ' w e b * ' a p a c h e . s i g n a l r e s t a r t
  59. LOTS OF MODULES Here are just some of them: apache,

    apt, cron, disk, file, mount, mysql, network, puppet, service, solr, state, test, useradd, win_disk, win_service, win_useradd
  60. CONFIGURATION MANAGEMENT KEEPING YOUR SERVERS CONFIGURED THE SAME

  61. OVERVIEW Define a State Tree Assign Parts of State Tree

    to Servers Minion will download it's state definition from the tree Minion will compare its current state vs state tree Minion will make changes to match state tree & report back
  62. WHAT IS STATE? Example using English: State Tree: Apache is

    installed & running Server Minion: Apache is not installed nor running
  63. TOP.SLS FILE Defines which servers have which parts of the

    state tree applied to them. Example top.sls file: b a s e : ' * ' : - c o r e . t o o l s - c o r e . u s e r s ' w e b 1 . s a l t d e m o . c o m ' : - a p a c h e 2 - p h p 5
  64. DIFFERENT ENVIRONMENTS b a s e : ' * '

    : # S t u f f f o r a l l s e r v e r s d e v : ' * ' : # s t u f f f o r d e v s t a g e s t a g e : ' * ' : # s t u f f f o r s t a b l e s t a g e p r o d : ' * ' : # s t u f f f o r p r o d s t a g e
  65. TREE MAPS TO FILES Base is your file_roots apache2 =>

    apache2/init.sls core => core/init.sls core.tools => core/tools.sls
  66. ANATOMY OF A STATE DECLARATION Example of a user definition

    j u s t i n : # # I D u s e r : # # T y p e - p r e s e n t # # F u n c t i o n - s h e l l : / b i n / b a s h - h o m e : / h o m e / j u s t i n - p a s s w o r d : $ 1 $ M G 4 P b s H 9 $ . w 6 8 M 3 y d / k U m E S w q 3 c R M 9 1
  67. LETS INSTALL & MANAGE APACHE2 a p a c h

    e 2 : p k g : - i n s t a l l e d s e r v i c e : - r u n n i n g / e t c / a p a c h e 2 / a p a c h e 2 . c o n f : f i l e : - m a n a g e d - s o u r c e : s a l t : / / f i l e s / e t c / a p a c h e 2 / a p a c h e 2 . c o n f - w a t c h _ i n : - s e r v i c e : a p a c h e 2
  68. JINJA TEMPLATES a p a c h e : p

    k g . i n s t a l l e d : { % i f g r a i n s [ ' o s ' ] = = ' R e d H a t ' % } - n a m e : h t t p d { % e l i f g r a i n s [ ' o s ' ] = = ' U b u n t u ' % } - n a m e : a p a c h e 2 { % e n d i f % }
  69. APPLYING THE HIGH STATE You just call the state.highstate function

    s a l t ' * ' s t a t e . h i g h s t a t e
  70. None
  71. RANDOM TIPS FOR USING SALT COMMON PITFALLS WHILE GETTING STARTED

    WITH SALT
  72. DEBUGGING SALT Run things in the foreground: # R u

    n m a s t e r i n f o r e g r o u n d / e t c / i n i t . d / s a l t - m a s t e r s t o p s a l t - m a s t e r - L # R u n m i n i o n i n f o r e g r o u n d / e t c / i n i t . d / s a l t - m i n i o n s t o p s a l t - m i n i o n - L
  73. DEBUGGING SALT Run things manualy from the minion s a

    l t - c a l l - l d e b u g s t a t e . h i g h s t a t e
  74. OTHER TIDBITS yaml chokes on tabs, make sure you use

    spaces I use sublime text configured to always use spaces Use 127.0.1.1 in hosts file to set FQDN Test what is the FQDN with: p y t h o n - c ' i m p o r t s o c k e t ; p r i n t ( s o c k e t . g e t f q d n ( ) ) ; '
  75. YOU'VE BEEN INTRODUCED TO SALT NOW WHAT?

  76. CHECKOUT MY SALT AWS DEMO Uses Vagrant & AWS to

    setup a test 5 server environment. https://github.com/JustinCarmonyDotCom/salt-demo
  77. CHECKOUT SALT'S DOCUMENTATION & TUTORIALS Salt has some (and getting

    better all the time). very good docs
  78. JOIN THE SUPER FRIENDLY IRC CHANNEL irc.freenode.net #salt

  79. TRY IT OUT! Blog/tweet/discuss your experience

  80. IT'S OPEN SOURCE, GET INVOLVED Very Pull Request friendly (They

    even have accepted PR's from me!)