Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SaltStack 101

0f59545fe4b3d43c7e98710b0c17af9f?s=47 Marconi Moreto
January 28, 2014
Technology
10
950

SaltStack 101

Presented on Pizzapy (http://pizzapy.ph/)

0f59545fe4b3d43c7e98710b0c17af9f?s=128

Marconi Moreto

January 28, 2014
Tweet

More Decks by Marconi Moreto

See All by Marconi Moreto
0f59545fe4b3d43c7e98710b0c17af9f?s=48 marconi
1
100
0f59545fe4b3d43c7e98710b0c17af9f?s=48 marconi
4
1k
0f59545fe4b3d43c7e98710b0c17af9f?s=48 marconi
2
270
0f59545fe4b3d43c7e98710b0c17af9f?s=48 marconi
3
370
0f59545fe4b3d43c7e98710b0c17af9f?s=48 marconi
1
73

Other Decks in Technology

See All in Technology
14c35b43867f0995b8052b1a6783c721?s=48 sugitk
0
320
532348a1aba5a909e283624c3d2a9a95?s=48 shift_evolve
0
1.8k
33d6320b53f63f6627508095633cf5ce?s=48 yosuke_matsuura
PRO
0
2k
317216a637255b5f667dfa4173f83ab1?s=48 watal
2
980
E83ff81bc5a881c33dcff37eb160ce12?s=48 kochizufan
0
1.6k
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
370
Dacd98e0fcfc478b24f9cd7ec9208904?s=48 manabusakai
0
570
93c80c388fe9d8f9df7d030549a0ff0b?s=48 chaspy
0
130
7a29c02251394fc05ebd88c631c562dc?s=48 takufujii
0
130
9eca6d3a5658ef22998083a3d8e7ec44?s=48 shigeruoda
0
120
B1dca90d4b3ffd2ccd918774e1ba170d?s=48 hmatsu47
PRO
0
160
93dcbac1a838bbec898747bb92aa47cc?s=48 sadonosake
0
1.6k

Featured

See All Featured
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
167
20k
48c098b6579220a67a6ba949be6e4b5a?s=48 revolveconf
204
10k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
91
9k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
123
8.3k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
336
17k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
172
7.9k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
11k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
68
4.6k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9.1k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
11
1.3k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
277
17k

Transcript

  1. SaltStack 101 Marconi Moreto @marconimjr

  2. What is SaltStack? “Salt delivers a dynamic communication bus for

    infrastructures that can be used for orchestration, remote execution, con!guration management and much more.” ๏ Python ๏ ØMQ

  3. Terminology ๏ Master ๏ Minion ๏ State !les ๏ Grains

    ๏ Pillars

  4. Server Setup ๏ Master Minion ๏ Masterless ๏ Multi Master

  5. Master Minion Master Minion Minion Minion

  6. Masterless Minion Minion Minion Minion Minion

  7. Installing Master $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update

    $ sudo apt-get install salt-master $ sudo service salt-master status salt-master start/running, process 4044 Installing Minion $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update $ sudo apt-get install salt-minion $ sudo service salt-minion status salt-minion start/running, process 4901

  8. Con!gure Master # /etc/salt/master ... - #interface: 0.0.0.0 + interface:

    127.0.0.1 $ sudo service salt-master restart Con!gure Minion # /etc/salt/minion ... - #master: salt + master: 127.0.0.1 state_auto_order: True $ sudo service salt-master restart

  9. Key Management $ sudo salt-key -L Accepted Keys: Unaccepted Keys:

    sandbox Rejected Keys: $ sudo salt-key -a sandbox The following keys are going to be accepted: Unaccepted Keys: sandbox Proceed? [n/Y] Y Key for minion sandbox accepted. $ sudo salt-key -L Accepted Keys: sandbox Unaccepted Keys: Rejected Keys:

  10. Sending Commands 1/2 $ sudo salt sandbox test.ping sandbox: True

    $ sudo salt -G 'os:Ubuntu' service.available salt-minion sandbox: True $ sudo salt '*' cmd.run 'lsb_release -a' sandbox: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04 LTS Release: 12.04 Codename: precise

  11. Sending Commands 2/2 $ sudo salt '*' cmd.exec_code python 'from

    __future__ import braces' sandbox: File "/tmp/tmplI2lSy", line 1 from __future__ import braces SyntaxError: not a chance $ sudo salt '*' service.available nginx sandbox: False $ sudo salt '*' pkg.install nginx sandbox: … $ sudo salt '*' service.available nginx sandbox: True

  12. Salt States (SLS !les)

  13. Writing State !les 1/7 # /etc/salt/master ... - #file_roots: -

    # base: - # - /srv/salt + file_roots: + base: + - /srv/salt $ sudo service salt-master restart Enable !le server Create top !le # /srv/salt/top.sls base: '*': - webserver

  14. Writing State !les 2/7 # /srv/salt/webserver.sls ... nginx: pkg: -

    installed service: - running - watch: - pkg: nginx - file: default_conf default_conf: file.exists: - name: /etc/nginx/sites-enabled/default Webserver state !le

  15. $ sudo salt ‘*’ state.highstate ... Summary ------------ Succeeded: 3

    Failed: 0 ------------ Total: 3 Writing State !les 3/7 Execute state

  16. Writing State !les 4/7 SLS Rendering # /srv/salt/webserver.sls nginx: pkg:

    - installed service: - running - watch: - pkg: nginx - file: app_conf - require: - file: app_conf - file: symlink_app_conf - cmd: nginx_default_config ...

  17. Writing State !les 5/7 # /srv/salt/webserver.sls ... app_conf: file.managed: -

    name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: {% if grains['id'] == 'sandbox' %} is_test: True {% else %} is_test: False {% endif %} ...

  18. Writing State !les 6/7 # /srv/salt/webserver.sls ... symlink_app_conf: file.symlink: -

    name: /etc/nginx/sites-enabled/app.conf - target: /etc/nginx/sites-available/app.conf - force: True - makedirs: True nginx_default_config: cmd.run: - name: rm -f /etc/nginx/sites-enabled/default

  19. Writing State !les 7/7 # /srv/salt/app/nginx.conf server { listen 80

    default; client_max_body_size 4G; keepalive_timeout 5; {% if is_test %} server_name _; {% else %} server_name sandbox.com; {% endif %} location / { {% if is_test %} auth_basic "Restricted"; auth_basic_user_file /var/www/.htpasswd; {% endif %} proxy_pass http://127.0.0.1:8000; proxy_redirect off; proxy_buffering off; } }

  20. It Works!

  21. Pillars

  22. Setup Pillars 1/3 # /etc/salt/master ... - #pillar_roots: - #

    base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar $ sudo service salt-master restart Enable !le server Create top !le # /srv/pillar/top.sls base: '*': - settings

  23. Setup Pillars 2/3 # /srv/salt/app/nginx.conf server { ... ssl on;

    ssl_certificate {{ ssl_certificate }}; ssl_certificate_key {{ ssl_certificate_key }}; ... } # /srv/salt/webserver.sls app_conf: file.managed: - name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: ... ssl_certificate: {{ pillar['ssl_certificate'] }} ssl_certificate_key: {{ pillar['ssl_certificate_key'] }}

  24. Setup Pillars 3/3 $ sudo salt ‘*’ state.highstate ... Summary

    ------------ Succeeded: 5 Failed: 0 ------------ Total: 5 $ sudo cat /etc/nginx/sites-enabled/app.conf server { ... ssl on; ssl_certificate /etc/nginx/conf.d/sandbox.crt; ssl_certificate_key /etc/nginx/conf.d/sandbox.key; ... }

  25. Don’t want no Master

  26. Going Masterless 1/2 # /etc/salt/minion ... - #file_client: remote +

    file_client: local ... - #file_roots: - # base: - # - /srv/salt + file_roots: + base: + - /srv/salt ... - #pillar_roots: - # base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar

  27. Going Masterless 2/2 $ sudo service salt-minion restart Or $

    sudo salt-call --local ...

  28. Thank you Marconi Moreto @marconimjr http://marconijr.com https://github.com/marconi