Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SaltStack 101
Search
Marconi Moreto
January 28, 2014
Technology
1.1k
10
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
SaltStack 101
Presented on Pizzapy (
http://pizzapy.ph/
)
Marconi Moreto
January 28, 2014
More Decks by Marconi Moreto
See All by Marconi Moreto
Development Mini Toolbox
marconi
1
190
Introduction to Docker
marconi
4
1.3k
Assets Build Automation
marconi
2
320
Concurrency with Gevent
marconi
3
430
Django Quickstart
marconi
1
130
Other Decks in Technology
See All in Technology
“全部コピーしない”ファイルデータの活用 : — FSx for ONTAP × S3 Tables × Icebergで作るメタデータカタログ
yoshiki0705
0
590
NDIAS CTF 2026 問題解説会資料
bata_24
0
180
Text-to-SQLをAgentCoreで実現し、生成されるSQLの精度を定量的に評価する
yakumo
2
710
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
380
ZOZOTOWNの進化と信頼性を両立する負荷試験
zozotech
PRO
0
150
SRE Next 2026 何でも屋からの脱却
bto
0
210
脱金融のフューチャー・デザイン / Future Design Beyond Finance
ks91
PRO
0
140
オブザーバビリティ、本当に活用できてる? 〜API連携×生成AIで成熟度を自動評価〜
dmmsre
1
2.4k
DMM.com 購入改善推進チーム におけるCodeRabbitを用いた レビューフロー改善の一例
ysknsid25
2
560
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
2.7k
しぶいSRE: サーバから見えない障害にどう向き合うか。ラストワンマイルのデバッグ実践 / Shibui SRE
kanny
12
5.4k
デジタル・デザイン:次の50年を描く「進化する青写真」
y150saya
0
840
Featured
See All Featured
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
180
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
The Language of Interfaces
destraynor
162
27k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
220
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
180
The agentic SEO stack - context over prompts
schlessera
0
840
How to make the Groovebox
asonas
2
2.3k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
62
44k
Are puppies a ranking factor?
jonoalderson
1
3.7k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Transcript
SaltStack 101 Marconi Moreto @marconimjr
What is SaltStack? “Salt delivers a dynamic communication bus for
infrastructures that can be used for orchestration, remote execution, con!guration management and much more.” ๏ Python ๏ ØMQ
Terminology ๏ Master ๏ Minion ๏ State !les ๏ Grains
๏ Pillars
Server Setup ๏ Master Minion ๏ Masterless ๏ Multi Master
Master Minion Master Minion Minion Minion
Masterless Minion Minion Minion Minion Minion
Installing Master $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update
$ sudo apt-get install salt-master $ sudo service salt-master status salt-master start/running, process 4044 Installing Minion $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update $ sudo apt-get install salt-minion $ sudo service salt-minion status salt-minion start/running, process 4901
Con!gure Master # /etc/salt/master ... - #interface: 0.0.0.0 + interface:
127.0.0.1 $ sudo service salt-master restart Con!gure Minion # /etc/salt/minion ... - #master: salt + master: 127.0.0.1 state_auto_order: True $ sudo service salt-master restart
Key Management $ sudo salt-key -L Accepted Keys: Unaccepted Keys:
sandbox Rejected Keys: $ sudo salt-key -a sandbox The following keys are going to be accepted: Unaccepted Keys: sandbox Proceed? [n/Y] Y Key for minion sandbox accepted. $ sudo salt-key -L Accepted Keys: sandbox Unaccepted Keys: Rejected Keys:
Sending Commands 1/2 $ sudo salt sandbox test.ping sandbox: True
$ sudo salt -G 'os:Ubuntu' service.available salt-minion sandbox: True $ sudo salt '*' cmd.run 'lsb_release -a' sandbox: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04 LTS Release: 12.04 Codename: precise
Sending Commands 2/2 $ sudo salt '*' cmd.exec_code python 'from
__future__ import braces' sandbox: File "/tmp/tmplI2lSy", line 1 from __future__ import braces SyntaxError: not a chance $ sudo salt '*' service.available nginx sandbox: False $ sudo salt '*' pkg.install nginx sandbox: … $ sudo salt '*' service.available nginx sandbox: True
Salt States (SLS !les)
Writing State !les 1/7 # /etc/salt/master ... - #file_roots: -
# base: - # - /srv/salt + file_roots: + base: + - /srv/salt $ sudo service salt-master restart Enable !le server Create top !le # /srv/salt/top.sls base: '*': - webserver
Writing State !les 2/7 # /srv/salt/webserver.sls ... nginx: pkg: -
installed service: - running - watch: - pkg: nginx - file: default_conf default_conf: file.exists: - name: /etc/nginx/sites-enabled/default Webserver state !le
$ sudo salt ‘*’ state.highstate ... Summary ------------ Succeeded: 3
Failed: 0 ------------ Total: 3 Writing State !les 3/7 Execute state
Writing State !les 4/7 SLS Rendering # /srv/salt/webserver.sls nginx: pkg:
- installed service: - running - watch: - pkg: nginx - file: app_conf - require: - file: app_conf - file: symlink_app_conf - cmd: nginx_default_config ...
Writing State !les 5/7 # /srv/salt/webserver.sls ... app_conf: file.managed: -
name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: {% if grains['id'] == 'sandbox' %} is_test: True {% else %} is_test: False {% endif %} ...
Writing State !les 6/7 # /srv/salt/webserver.sls ... symlink_app_conf: file.symlink: -
name: /etc/nginx/sites-enabled/app.conf - target: /etc/nginx/sites-available/app.conf - force: True - makedirs: True nginx_default_config: cmd.run: - name: rm -f /etc/nginx/sites-enabled/default
Writing State !les 7/7 # /srv/salt/app/nginx.conf server { listen 80
default; client_max_body_size 4G; keepalive_timeout 5; {% if is_test %} server_name _; {% else %} server_name sandbox.com; {% endif %} location / { {% if is_test %} auth_basic "Restricted"; auth_basic_user_file /var/www/.htpasswd; {% endif %} proxy_pass http://127.0.0.1:8000; proxy_redirect off; proxy_buffering off; } }
It Works!
Pillars
Setup Pillars 1/3 # /etc/salt/master ... - #pillar_roots: - #
base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar $ sudo service salt-master restart Enable !le server Create top !le # /srv/pillar/top.sls base: '*': - settings
Setup Pillars 2/3 # /srv/salt/app/nginx.conf server { ... ssl on;
ssl_certificate {{ ssl_certificate }}; ssl_certificate_key {{ ssl_certificate_key }}; ... } # /srv/salt/webserver.sls app_conf: file.managed: - name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: ... ssl_certificate: {{ pillar['ssl_certificate'] }} ssl_certificate_key: {{ pillar['ssl_certificate_key'] }}
Setup Pillars 3/3 $ sudo salt ‘*’ state.highstate ... Summary
------------ Succeeded: 5 Failed: 0 ------------ Total: 5 $ sudo cat /etc/nginx/sites-enabled/app.conf server { ... ssl on; ssl_certificate /etc/nginx/conf.d/sandbox.crt; ssl_certificate_key /etc/nginx/conf.d/sandbox.key; ... }
Don’t want no Master
Going Masterless 1/2 # /etc/salt/minion ... - #file_client: remote +
file_client: local ... - #file_roots: - # base: - # - /srv/salt + file_roots: + base: + - /srv/salt ... - #pillar_roots: - # base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar
Going Masterless 2/2 $ sudo service salt-minion restart Or $
sudo salt-call --local ...
Thank you Marconi Moreto @marconimjr http://marconijr.com https://github.com/marconi