Salt - The New Configuration Management Tool

Transcript

1. INTRO TO SALTSTACK THE NEW CONFIGURATION MANAGEMENT SYSTEM Presented by

   / Justin Carmony @JustinCarmony

2. Slides split up into multiple sections. Slides both vertical and

   horizontal.

3. Test Vertical Slide

4. ABOUT PRESENTER Director of Development @ Deseret Digital Media President

   of Utah PHP Usergroup 8+ years of professional web development Goofy dad
5. None
6. None

7. ABOUT THIS PRESENTATION Slides & code examples will be posted

   online Feel free to ask on-topic questions We'll have time for questions at the end Feel free to talk and/or contact me afterward the presentation

8. OUR GOAL Understand Some Server Challenges Facing Teams Basic introduction

   to Salt about what it does Live demo on how it can help solve common problems Get you excited to go try out & learn more about salt

9. LETS START WITH A STORY

10. YOU'RE A HAPPY DEVELOPER

11. YOU'RE PART OF A

12. SMALL TEAM OF DEVS

13. YOU HAVE A NEW WEBSITE

14. ON A SMALL CLOUD SERVER

15. YOU START GETTING LOTS OF USERS ...

16. ... AND YOU NEED TO QUICKLY SCALE.

17. YOU ASK YOUR BOSS TO HIRE A SYS ADMIN. "WE

    DON'T HAVE THE BUDGET!"

18. SO YOUR TEAM DECIDES TO ASK:

19. ... AND YOU START DEPLOYING MORE SERVERS ...

20. ... AND SOME MORE ...

21. ... AND MAYBE JUST A FEW MORE ...

22. UNTIL IT IS A GIANT MESS!

23. SCENARIO: JOHN GETS FIRED

24. YOU HAVE A DOZEN SERVERS HE HAS SSH KEYS ON

    HALF OF THEM.

25. HOW ARE YOU GOING TO ENSURE YOU'VE REVOKED HIS ACCESS

    EVERYWHERE?

26. THE PROBLEM: AD-HOC SERVER MANAGEMENT

27. THE CLOUD Doesn't Require a Sys Admin Simple to deploy

    many servers But complex to solve large scaling issues Long-term management requires fore-thought & planning

28. THE DEVELOPER Can relatively easily setup a production environment Typically

    doesn't know how to manage many servers long- term Busy programming, last priority is "sysadmin stuff"

29. THE BUSINESS Hard to justify a "Sys Admin" when devs

    can do "okay" job. Usually hit scaling problems before profitability

30. THE SOLUTION: DEVELOPERS NEED TO THINK LIKE OPS

31. DEVOPS We've been putting more dev into ops, but we

    need to put more ops into dev. Ops is a state of mind. — Theo Schlossnagle CEO, OmniTI “

32. NEED TO APPLY BEST PRACTICES FOR SERVER ENVIRONMENTS Source Control

    for Configuration Ensure Servers are Configured The Same Automate Upgrades, Changes, & new Deployments

33. INTRODUCING CONFIGURATION MANAGEMENT

34. WHAT CAN CONFIGURATION MANAGEMENT DO? Manage Packages Manage Services Manage

    Configuration Manage Files Manage Users

35. POPULAR TOOLS Puppet Chef CFEngine

36. SO WHAT IS SALT?

37. WHAT IS SALT SaltStack takes a new approach to infrastructure

    management by developing software that is easy enough to get running in minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with them in seconds. SaltStack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management and much more. — About SaltStack, SaltStack.org “

38. A DIFFERENT APPROACH Salt is a simple system that focuses

    on two things: Scalable, Fast Communication (Flow) Quickly get information / data from a server (State)

39. SALT BASICS Minions connect to Master via ZeroMQ Minions authenticate

    with master via AES (pub/priv) keys Master can send module commands to minions to execute Execution is in parallel Modules are just python modules

40. WHAT DOES THIS GIVE US? Extremely Scalable (~10k Minions per

    Server) Great Flexibility (just write a python module for new functionality) Simple, Avoids Complexity Great Building Blocks for Automation

41. BUILT ON TOP OF SALT Configuration Management Remote Execution

42. NEW / UPCOMING FUNCTIONALITY VM / Cloud Management Monitoring

43. 100% OPEN SOURCE Everything is open source! Apache License No

    "watered-down" community edition 8th Most Unique Contributors on GitHub in 2012 Extremely Open & Friendly Community

44. WHO USES SALT

45. INSTALLING SALT ITS SO EASY EVEN I CAN DO IT

46. BASIC SALT SETUP

47. SETTING UP THE MASTER Install salt-master via Salt Bootstrap, Pip,

    Apt, Yum, Source, etc Edit Configuration (i.e. /etc/salt/master) File Roots Pillar Roots Restart salt-master (i.e. /etc/init.d/salt-master restart) f i l e _ r o o t s : b a s e : - / s r v / s a l t p i l l a r _ r o o t s : b a s e : - / s r v / p i l l a r
48. None

49. SETTING UP THE MINIONS

50. Install salt-minion via Salt Bootstrap, Pip, Apt, Yum, Source, etc

    Set FQDN on the server (OR set ID Manually in Config) Edit Configuration (i.e. /etc/salt/minion) Set Master Server Pillar Roots Restart Minion m a s t e r : m a s t e r . s a l t d e m o . c o m p i l l a r _ r o o t s : b a s e : - / s r v / p i l l a r

51. VIEW MINION KEYS On the salt master, list the current

    keys u s e r @ s a l t - m a s t e r : ~ $ s u d o s a l t - k e y - L A c c e p t e d K e y s : U n a c c e p t e d K e y s : w e b 1 . s a l t - d e m o . c o m R e j e c t e d K e y s :

52. ACCEPT MINION KEYS Accept the key (view it before hand

    to make sure it's legit) u s e r @ s a l t - m a s t e r : ~ $ s u d o s a l t - k e y - a w e b 1 . s a l t - d e m o . c o m A c c e p t e d K e y s : w e b 1 . s a l t - d e m o . c o m U n a c c e p t e d K e y s : R e j e c t e d K e y s :

53. THAT'S IT! WE'RE READY TO ROCK & ROLL.

54. REMOTE EXECUTION "DO MY BIDING, MINIONS!"

55. TARGETING MINIONS Use "salt" command on master to communicate to

    minions Example: Test Ping to All Minions u s e r @ s a l t - m a s t e r : ~ $ s u d o s a l t ' * ' t e s t . p i n g w e b 1 . s a l t d e m o . c o m : T r u e

56. TARGETING TYPES OF MINIONS s a l t ' d

    b * ' t e s t . p i n g s a l t - L w e b 1 . s a l t d e m o . c o m , d b 2 . s a l t d e m o . c o m t e s t . p i n g s a l t - G ' o s : U b u n t u ' t e s t . p i n g s a l t - C ' G @ o s : D e b i a n a n d w e b * ' t e s t . p i n g

57. EXECUTE COMMAND ON SERVERS Example: Restart Apache u s e

    r @ m a s t e r : ~ $ s u d o s a l t ' w e b * ' c m d . r u n " / e t c / i n i t . d / a p a c h e 2 r e s t a r t "

58. EXECUTE MODULES ON SERVERS Example: Restart Apache u s e

    r @ s a l t - m a s t e r : ~ $ s u d o s a l t ' w e b * ' a p a c h e . s i g n a l r e s t a r t

59. LOTS OF MODULES Here are just some of them: apache,

    apt, cron, disk, file, mount, mysql, network, puppet, service, solr, state, test, useradd, win_disk, win_service, win_useradd

60. CONFIGURATION MANAGEMENT KEEPING YOUR SERVERS CONFIGURED THE SAME

61. OVERVIEW Define a State Tree Assign Parts of State Tree

    to Servers Minion will download it's state definition from the tree Minion will compare its current state vs state tree Minion will make changes to match state tree & report back

62. WHAT IS STATE? Example using English: State Tree: Apache is

    installed & running Server Minion: Apache is not installed nor running

63. TOP.SLS FILE Defines which servers have which parts of the

    state tree applied to them. Example top.sls file: b a s e : ' * ' : - c o r e . t o o l s - c o r e . u s e r s ' w e b 1 . s a l t d e m o . c o m ' : - a p a c h e 2 - p h p 5

64. DIFFERENT ENVIRONMENTS b a s e : ' * '

    : # S t u f f f o r a l l s e r v e r s d e v : ' * ' : # s t u f f f o r d e v s t a g e s t a g e : ' * ' : # s t u f f f o r s t a b l e s t a g e p r o d : ' * ' : # s t u f f f o r p r o d s t a g e

65. TREE MAPS TO FILES Base is your file_roots apache2 =>

    apache2/init.sls core => core/init.sls core.tools => core/tools.sls

66. ANATOMY OF A STATE DECLARATION Example of a user definition

    j u s t i n : # # I D u s e r : # # T y p e - p r e s e n t # # F u n c t i o n - s h e l l : / b i n / b a s h - h o m e : / h o m e / j u s t i n - p a s s w o r d : $ 1 $ M G 4 P b s H 9 $ . w 6 8 M 3 y d / k U m E S w q 3 c R M 9 1

67. LETS INSTALL & MANAGE APACHE2 a p a c h

    e 2 : p k g : - i n s t a l l e d s e r v i c e : - r u n n i n g / e t c / a p a c h e 2 / a p a c h e 2 . c o n f : f i l e : - m a n a g e d - s o u r c e : s a l t : / / f i l e s / e t c / a p a c h e 2 / a p a c h e 2 . c o n f - w a t c h _ i n : - s e r v i c e : a p a c h e 2

68. JINJA TEMPLATES a p a c h e : p

    k g . i n s t a l l e d : { % i f g r a i n s [ ' o s ' ] = = ' R e d H a t ' % } - n a m e : h t t p d { % e l i f g r a i n s [ ' o s ' ] = = ' U b u n t u ' % } - n a m e : a p a c h e 2 { % e n d i f % }

69. APPLYING THE HIGH STATE You just call the state.highstate function

    s a l t ' * ' s t a t e . h i g h s t a t e
70. None

71. RANDOM TIPS FOR USING SALT COMMON PITFALLS WHILE GETTING STARTED

    WITH SALT

72. DEBUGGING SALT Run things in the foreground: # R u

    n m a s t e r i n f o r e g r o u n d / e t c / i n i t . d / s a l t - m a s t e r s t o p s a l t - m a s t e r - L # R u n m i n i o n i n f o r e g r o u n d / e t c / i n i t . d / s a l t - m i n i o n s t o p s a l t - m i n i o n - L

73. DEBUGGING SALT Run things manualy from the minion s a

    l t - c a l l - l d e b u g s t a t e . h i g h s t a t e

74. OTHER TIDBITS yaml chokes on tabs, make sure you use

    spaces I use sublime text configured to always use spaces Use 127.0.1.1 in hosts file to set FQDN Test what is the FQDN with: p y t h o n - c ' i m p o r t s o c k e t ; p r i n t ( s o c k e t . g e t f q d n ( ) ) ; '

75. YOU'VE BEEN INTRODUCED TO SALT NOW WHAT?

76. CHECKOUT MY SALT AWS DEMO Uses Vagrant & AWS to

    setup a test 5 server environment. https://github.com/JustinCarmonyDotCom/salt-demo

77. CHECKOUT SALT'S DOCUMENTATION & TUTORIALS Salt has some (and getting

    better all the time). very good docs

78. JOIN THE SUPER FRIENDLY IRC CHANNEL irc.freenode.net #salt

79. TRY IT OUT! Blog/tweet/discuss your experience

80. IT'S OPEN SOURCE, GET INVOLVED Very Pull Request friendly (They

    even have accepted PR's from me!)