Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SaltStack 101
Search
Marconi Moreto
January 28, 2014
Technology
10
1k
SaltStack 101
Presented on Pizzapy (
http://pizzapy.ph/
)
Marconi Moreto
January 28, 2014
Tweet
Share
More Decks by Marconi Moreto
See All by Marconi Moreto
Development Mini Toolbox
marconi
1
170
Introduction to Docker
marconi
4
1.3k
Assets Build Automation
marconi
2
300
Concurrency with Gevent
marconi
3
400
Django Quickstart
marconi
1
120
Other Decks in Technology
See All in Technology
バッチ処理で悩むバックエンドエンジニアに捧げるAWS Glue入門
diggymo
3
190
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
420
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
2
160
2025年になってもまだMySQLが好き
yoku0825
8
4.6k
なぜSaaSがMCPサーバーをサービス提供するのか?
sansantech
PRO
8
2.7k
Automating Web Accessibility Testing with AI Agents
maminami373
0
1.2k
Webアプリケーションにオブザーバビリティを実装するRust入門ガイド
nwiizo
6
750
エラーとアクセシビリティ
schktjm
1
1.2k
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
nagisa53
10
3k
生成AIでセキュリティ運用を効率化する話
sakaitakeshi
0
520
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
440
サラリーマンの小遣いで作るtoCサービス - Cloudflare Workersでスケールする開発戦略
shinaps
2
400
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.4k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Six Lessons from altMBA
skipperchong
28
4k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.5k
Docker and Python
trallard
45
3.6k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Fireside Chat
paigeccino
39
3.6k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Transcript
SaltStack 101 Marconi Moreto @marconimjr
What is SaltStack? “Salt delivers a dynamic communication bus for
infrastructures that can be used for orchestration, remote execution, con!guration management and much more.” ๏ Python ๏ ØMQ
Terminology ๏ Master ๏ Minion ๏ State !les ๏ Grains
๏ Pillars
Server Setup ๏ Master Minion ๏ Masterless ๏ Multi Master
Master Minion Master Minion Minion Minion
Masterless Minion Minion Minion Minion Minion
Installing Master $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update
$ sudo apt-get install salt-master $ sudo service salt-master status salt-master start/running, process 4044 Installing Minion $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update $ sudo apt-get install salt-minion $ sudo service salt-minion status salt-minion start/running, process 4901
Con!gure Master # /etc/salt/master ... - #interface: 0.0.0.0 + interface:
127.0.0.1 $ sudo service salt-master restart Con!gure Minion # /etc/salt/minion ... - #master: salt + master: 127.0.0.1 state_auto_order: True $ sudo service salt-master restart
Key Management $ sudo salt-key -L Accepted Keys: Unaccepted Keys:
sandbox Rejected Keys: $ sudo salt-key -a sandbox The following keys are going to be accepted: Unaccepted Keys: sandbox Proceed? [n/Y] Y Key for minion sandbox accepted. $ sudo salt-key -L Accepted Keys: sandbox Unaccepted Keys: Rejected Keys:
Sending Commands 1/2 $ sudo salt sandbox test.ping sandbox: True
$ sudo salt -G 'os:Ubuntu' service.available salt-minion sandbox: True $ sudo salt '*' cmd.run 'lsb_release -a' sandbox: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04 LTS Release: 12.04 Codename: precise
Sending Commands 2/2 $ sudo salt '*' cmd.exec_code python 'from
__future__ import braces' sandbox: File "/tmp/tmplI2lSy", line 1 from __future__ import braces SyntaxError: not a chance $ sudo salt '*' service.available nginx sandbox: False $ sudo salt '*' pkg.install nginx sandbox: … $ sudo salt '*' service.available nginx sandbox: True
Salt States (SLS !les)
Writing State !les 1/7 # /etc/salt/master ... - #file_roots: -
# base: - # - /srv/salt + file_roots: + base: + - /srv/salt $ sudo service salt-master restart Enable !le server Create top !le # /srv/salt/top.sls base: '*': - webserver
Writing State !les 2/7 # /srv/salt/webserver.sls ... nginx: pkg: -
installed service: - running - watch: - pkg: nginx - file: default_conf default_conf: file.exists: - name: /etc/nginx/sites-enabled/default Webserver state !le
$ sudo salt ‘*’ state.highstate ... Summary ------------ Succeeded: 3
Failed: 0 ------------ Total: 3 Writing State !les 3/7 Execute state
Writing State !les 4/7 SLS Rendering # /srv/salt/webserver.sls nginx: pkg:
- installed service: - running - watch: - pkg: nginx - file: app_conf - require: - file: app_conf - file: symlink_app_conf - cmd: nginx_default_config ...
Writing State !les 5/7 # /srv/salt/webserver.sls ... app_conf: file.managed: -
name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: {% if grains['id'] == 'sandbox' %} is_test: True {% else %} is_test: False {% endif %} ...
Writing State !les 6/7 # /srv/salt/webserver.sls ... symlink_app_conf: file.symlink: -
name: /etc/nginx/sites-enabled/app.conf - target: /etc/nginx/sites-available/app.conf - force: True - makedirs: True nginx_default_config: cmd.run: - name: rm -f /etc/nginx/sites-enabled/default
Writing State !les 7/7 # /srv/salt/app/nginx.conf server { listen 80
default; client_max_body_size 4G; keepalive_timeout 5; {% if is_test %} server_name _; {% else %} server_name sandbox.com; {% endif %} location / { {% if is_test %} auth_basic "Restricted"; auth_basic_user_file /var/www/.htpasswd; {% endif %} proxy_pass http://127.0.0.1:8000; proxy_redirect off; proxy_buffering off; } }
It Works!
Pillars
Setup Pillars 1/3 # /etc/salt/master ... - #pillar_roots: - #
base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar $ sudo service salt-master restart Enable !le server Create top !le # /srv/pillar/top.sls base: '*': - settings
Setup Pillars 2/3 # /srv/salt/app/nginx.conf server { ... ssl on;
ssl_certificate {{ ssl_certificate }}; ssl_certificate_key {{ ssl_certificate_key }}; ... } # /srv/salt/webserver.sls app_conf: file.managed: - name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: ... ssl_certificate: {{ pillar['ssl_certificate'] }} ssl_certificate_key: {{ pillar['ssl_certificate_key'] }}
Setup Pillars 3/3 $ sudo salt ‘*’ state.highstate ... Summary
------------ Succeeded: 5 Failed: 0 ------------ Total: 5 $ sudo cat /etc/nginx/sites-enabled/app.conf server { ... ssl on; ssl_certificate /etc/nginx/conf.d/sandbox.crt; ssl_certificate_key /etc/nginx/conf.d/sandbox.key; ... }
Don’t want no Master
Going Masterless 1/2 # /etc/salt/minion ... - #file_client: remote +
file_client: local ... - #file_roots: - # base: - # - /srv/salt + file_roots: + base: + - /srv/salt ... - #pillar_roots: - # base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar
Going Masterless 2/2 $ sudo service salt-minion restart Or $
sudo salt-call --local ...
Thank you Marconi Moreto @marconimjr http://marconijr.com https://github.com/marconi