Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Salt: How To Be Truly Lazy

lexual
July 06, 2013

Salt: How To Be Truly Lazy

Talk on SaltStack given at PyCon Australia 2013

lexual

July 06, 2013
Tweet

More Decks by lexual

Other Decks in Technology

Transcript

  1. # salt's hello world >> salt '*' test.ping • Salt

    overview • Remote exec demo Agenda
  2. • Static info available at startup • Use to target

    for remote execution • Available in Configuration Management (Salt States) SALT GRAINS
  3. VERY ACTIVE COMMUNITY • 8th most unique contributors in 2012

    out of all github.com hosted projects. • Bugs often fixed in a few days, if not hours.
  4. EVERYTHING ON THE WIRE IS ENCRYPTED • PUBLIC KEYS TO

    AUTHENTICATE WITH MASTER • KEYS GENERATED FOR YOU, JUST TELL MASTER TO ACCEPT • AES ENCRYPTION FOR PAYLOAD COMMUNICATION
  5. # Install a minion wget -O - http://bootstrap.saltstack.org | sudo

    sh # Install a master wget -O - http://bootstrap.saltstack.org | sudo sh -s -- -M INSTALLING SALT (salt bootstrap)
  6. CONFIGURING MASTERS + MINIONS • Pretty much works out of

    the box • Shouldn't need to change master's config • Single change to minion config to know where the master is: # /etc/salt/minion # master: <ip/domain name of master> master: salt.lexual.com
  7. SALT EXECUTION MODULES ARE JUST PYTHON FUNCTIONS This is the

    actual code for: >> salt '*' test.ping # modules/test.py def ping(): return True
  8. B.C.M • A Google Doc with steps to follow to

    create a dev build or to deploy a new production server ;(
  9. • Single command to deploy dev or production build, from

    single salt state tree. • Dev & production builds nearly identical • Single command to spin up new cloud server as a new minion • Single command to spin up new virtual machine as new dev build. A.C.M
  10. SALT STATES: YAML + JINJA (CONFIGURATION MANAGEMENT) YAML # A

    list - a - b - c # A dict first_name: homer last_name: simpson JINJA (BASICALLY DJANGO TEMPLATE) {{ some_variable }} {% if True %} {% endif %} {% for foo in bars %}
  11. THIS IS JUST THE DEFAULT! CAN USE: • Python code

    • Jinja/Mako/Wempy • YAML/JSON • pydsl • Write your own "Renderer" • States are just a data structure!
  12. DEFAULTS Just the default Can always easily write your own

    in python: • renderers (default: yaml + jinja) • execution modules (python functions) • returners (default: send back to master) alternatives: mysql, redis, etc, etc. • state modules (mostly wrappers around exec modules) • Use, the source Luke. github.com/saltstack
  13. STATE TOP FILE (TARGETING) # /srv/salt/top.sls base: '*': - common

    'demo*': - sl 'role:django_website': - match: grain - django ...
  14. HIGH STATE • Tell Salt to look at the top.

    sls and apply the relevant states to the relevant minions • Idempotence • salt '*' state.highstate
  15. Riak example (1/3) Deploy a dozen near-identical servers • Only

    different configuration on each host was the IP in config file. # /etc/riak/app.config ... {pb_ip, "10.240.2.145" }, ... {http, [ {"127.0.0.1", 8098 }, {"10.240.2.145", 8098 } ]}, ...
  16. Riak example (2/3) (File Server) /etc/riak/app.config: file.managed: - source: salt://riak/app.config

    - mode: 644 - template: jinja - require: - pkg: riak - context: internal_ip:{{ salt['network.ip_addrs']()[0] }}
  17. Riak example (3/3) (single source config) • Only different configuration

    on each host was the IP in config file. # /srv/salt/riak/app.config ... {pb_ip, "{{ internal_ip }}" }, ... {http, [ {"127.0.0.1", 8098 }, {"{{ internal_ip }}", 8098 } ]}, ...
  18. PILLAR: GLOBAL VALUES FOR MINIONS • SECURITY: Sensitive Data •

    TARGETED (top.sls) • DRY #/srv/pillar/django.sls {% if grains['is_dev'] %} user: vagrant {% else %} user: ubuntu {% endif %}
  19. PILLAR (cont.) {{ pillar['user'] }}: user.present: - home: /home/{{ pillar['user']

    }} - groups: - sudo /home/{{ pillar['user'] }}/.vimrc file.managed: - source: salt://vimrc • Use to set password, and put into config file.
  20. SALT CLOUD pip install apache-libcloud salt-cloud sudo salt-cloud -p djangoproject

    djangoproj1 # wait 2m14.208s > sudo salt '*' test.ping djangoproj1: True
  21. CONCLUSION • Salt is awesome • Salt does *much* more

    than I have shown • The most important thing is you're using a CM tool, which one is much less important. • RTFM: it's fantastic!!
  22. linkd.in/12Kgg5K WE'RE HIRING! • Django/Python Developer • Melbourne Work with

    some cool tech: • Salt • Riak (no-SQL db) • Pandas/Numpy/Scipy • git • AWS
  23. > sudo salt '*' pkg.list_upgrades djangoproj1: ------------- ... python: 2.7.3-0ubuntu2.2

    python-minimal: 2.7.3-0ubuntu2.2 python-paramiko: 1.7.7.1-2ubuntu1 python2.7: 2.7.3-0ubuntu3.2 python2.7-minimal: 2.7.3-0ubuntu3.2 ...
  24. > sudo salt '*' pkg.list_upgrades djangoproj1: ------------- ... python: ----------

    new: 2.7.3-0ubuntu2.2 old: 2.7.3-0ubuntu2 python-minimal: ---------- new: 2.7.3-0ubuntu2.2 old: 2.7.3-0ubuntu2 ...
  25. > sudo salt '*' status.uptime djangoproj1: 00:51:31 up 11 min,

    0 users, load average: 0.06, 0.19, 0.15 > sudo salt 'django*' system.reboot > sleep 2m && sudo salt 'django*' test.ping djangoproj1: True
  26. > sudo salt 'dj*' cmd.run ls /etc/salt djangoproj1: minion minion.d

    minion.dpkg-dist pki > sudo salt 'dj*' cmd.exec_code python2 "print [x**2 for x in xrange(13)]" djangoproj1: [0, 1, 4, 9, 16, 25, 36, 49, 64, 81, 100, 121, 144] > salt 'dj*' cmd.exec_code python2 "import salt; print salt.version.__version__" djangoproj1: 0.15.3
  27. sudo salt '*' grains.item lsb_description demo4: lsb_description: Ubuntu 11.10 demo2:

    lsb_description: Ubuntu 12.04.2 LTS djangoproj1: lsb_description: Ubuntu 12.04.2 LTS demo1: lsb_description: Ubuntu 12.04.2 LTS
  28. sudo salt '*' cmd.run "python --version" demo4: Python 2.7.2+ demo2:

    Python 2.7.3 djangoproj1: Python 2.7.3 demo1: Python 2.7.3
  29. sudo salt '*' cmd.exec_code python "import sys; print sys.version" demo4:

    2.7.2+ (default, Jul 20 2012, 22:12:53) [GCC 4.6.1] demo2: 2.7.3 (default, Aug 1 2012, 05:14:39) [GCC 4.6.3] djangoproj1: 2.7.3 (default, Apr 10 2013, 06:20:15) [GCC 4.6.3] demo1: 2.7.3 (default, Aug 1 2012, 05:14:39) [GCC 4.6.3]