Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SaltStack 101
Search
Marconi Moreto
January 28, 2014
Technology
10
1k
SaltStack 101
Presented on Pizzapy (
http://pizzapy.ph/
)
Marconi Moreto
January 28, 2014
Tweet
Share
More Decks by Marconi Moreto
See All by Marconi Moreto
Development Mini Toolbox
marconi
1
150
Introduction to Docker
marconi
4
1.2k
Assets Build Automation
marconi
2
280
Concurrency with Gevent
marconi
3
390
Django Quickstart
marconi
1
95
Other Decks in Technology
See All in Technology
技術負債による事業の失敗はなぜ起こるのか / Why do business failures due to technical debt occur?
i35_267
0
190
地理情報とAPIのトレンド
nagix
0
160
「単なる OAuth 2.0 を認証に使うと、車が通れるほどのどでかいセキュリティー・ホールができる」のか検証してみた
terara
0
380
Git 研修 Advanced【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
200
テスト・設計研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
Flutter研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
160
プレイドにおけるDatadog APMの活用方法
plaidtech
PRO
2
120
[2024最新版]AWS Control Towerを使ったセキュアなマルチアカウント環境の作り方
hiashisan
0
270
What if...? 처음부터 다시 LLM 어플리케이션을 개발한다면
huffon
0
1k
テストケースの自動生成に生成AIの導入を試みた話と生成AIによる今後の期待
shift_evolve
0
190
コンテナ・K8s研修 - 後半 Kubernetes 基礎&ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
1
120
ACRiルーム最新情報とAMD GPUサーバーのご紹介
anjn
0
160
Featured
See All Featured
For a Future-Friendly Web
brad_frost
173
9.2k
How to Ace a Technical Interview
jacobian
274
23k
The Invisible Side of Design
smashingmag
294
50k
Navigating Team Friction
lara
181
13k
Web development in the modern age
philhawksworth
203
10k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
35
6.3k
Producing Creativity
orderedlist
PRO
340
39k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
78
15k
StorybookのUI Testing Handbookを読んだ
zakiyama
15
4.9k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
325
21k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
245
1.2M
Statistics for Hackers
jakevdp
792
220k
Transcript
SaltStack 101 Marconi Moreto @marconimjr
What is SaltStack? “Salt delivers a dynamic communication bus for
infrastructures that can be used for orchestration, remote execution, con!guration management and much more.” ๏ Python ๏ ØMQ
Terminology ๏ Master ๏ Minion ๏ State !les ๏ Grains
๏ Pillars
Server Setup ๏ Master Minion ๏ Masterless ๏ Multi Master
Master Minion Master Minion Minion Minion
Masterless Minion Minion Minion Minion Minion
Installing Master $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update
$ sudo apt-get install salt-master $ sudo service salt-master status salt-master start/running, process 4044 Installing Minion $ sudo add-apt-repository ppa:saltstack/salt $ sudo apt-get update $ sudo apt-get install salt-minion $ sudo service salt-minion status salt-minion start/running, process 4901
Con!gure Master # /etc/salt/master ... - #interface: 0.0.0.0 + interface:
127.0.0.1 $ sudo service salt-master restart Con!gure Minion # /etc/salt/minion ... - #master: salt + master: 127.0.0.1 state_auto_order: True $ sudo service salt-master restart
Key Management $ sudo salt-key -L Accepted Keys: Unaccepted Keys:
sandbox Rejected Keys: $ sudo salt-key -a sandbox The following keys are going to be accepted: Unaccepted Keys: sandbox Proceed? [n/Y] Y Key for minion sandbox accepted. $ sudo salt-key -L Accepted Keys: sandbox Unaccepted Keys: Rejected Keys:
Sending Commands 1/2 $ sudo salt sandbox test.ping sandbox: True
$ sudo salt -G 'os:Ubuntu' service.available salt-minion sandbox: True $ sudo salt '*' cmd.run 'lsb_release -a' sandbox: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04 LTS Release: 12.04 Codename: precise
Sending Commands 2/2 $ sudo salt '*' cmd.exec_code python 'from
__future__ import braces' sandbox: File "/tmp/tmplI2lSy", line 1 from __future__ import braces SyntaxError: not a chance $ sudo salt '*' service.available nginx sandbox: False $ sudo salt '*' pkg.install nginx sandbox: … $ sudo salt '*' service.available nginx sandbox: True
Salt States (SLS !les)
Writing State !les 1/7 # /etc/salt/master ... - #file_roots: -
# base: - # - /srv/salt + file_roots: + base: + - /srv/salt $ sudo service salt-master restart Enable !le server Create top !le # /srv/salt/top.sls base: '*': - webserver
Writing State !les 2/7 # /srv/salt/webserver.sls ... nginx: pkg: -
installed service: - running - watch: - pkg: nginx - file: default_conf default_conf: file.exists: - name: /etc/nginx/sites-enabled/default Webserver state !le
$ sudo salt ‘*’ state.highstate ... Summary ------------ Succeeded: 3
Failed: 0 ------------ Total: 3 Writing State !les 3/7 Execute state
Writing State !les 4/7 SLS Rendering # /srv/salt/webserver.sls nginx: pkg:
- installed service: - running - watch: - pkg: nginx - file: app_conf - require: - file: app_conf - file: symlink_app_conf - cmd: nginx_default_config ...
Writing State !les 5/7 # /srv/salt/webserver.sls ... app_conf: file.managed: -
name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: {% if grains['id'] == 'sandbox' %} is_test: True {% else %} is_test: False {% endif %} ...
Writing State !les 6/7 # /srv/salt/webserver.sls ... symlink_app_conf: file.symlink: -
name: /etc/nginx/sites-enabled/app.conf - target: /etc/nginx/sites-available/app.conf - force: True - makedirs: True nginx_default_config: cmd.run: - name: rm -f /etc/nginx/sites-enabled/default
Writing State !les 7/7 # /srv/salt/app/nginx.conf server { listen 80
default; client_max_body_size 4G; keepalive_timeout 5; {% if is_test %} server_name _; {% else %} server_name sandbox.com; {% endif %} location / { {% if is_test %} auth_basic "Restricted"; auth_basic_user_file /var/www/.htpasswd; {% endif %} proxy_pass http://127.0.0.1:8000; proxy_redirect off; proxy_buffering off; } }
It Works!
Pillars
Setup Pillars 1/3 # /etc/salt/master ... - #pillar_roots: - #
base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar $ sudo service salt-master restart Enable !le server Create top !le # /srv/pillar/top.sls base: '*': - settings
Setup Pillars 2/3 # /srv/salt/app/nginx.conf server { ... ssl on;
ssl_certificate {{ ssl_certificate }}; ssl_certificate_key {{ ssl_certificate_key }}; ... } # /srv/salt/webserver.sls app_conf: file.managed: - name: /etc/nginx/sites-available/app.conf - source: salt://app/nginx.conf - template: jinja - defaults: ... ssl_certificate: {{ pillar['ssl_certificate'] }} ssl_certificate_key: {{ pillar['ssl_certificate_key'] }}
Setup Pillars 3/3 $ sudo salt ‘*’ state.highstate ... Summary
------------ Succeeded: 5 Failed: 0 ------------ Total: 5 $ sudo cat /etc/nginx/sites-enabled/app.conf server { ... ssl on; ssl_certificate /etc/nginx/conf.d/sandbox.crt; ssl_certificate_key /etc/nginx/conf.d/sandbox.key; ... }
Don’t want no Master
Going Masterless 1/2 # /etc/salt/minion ... - #file_client: remote +
file_client: local ... - #file_roots: - # base: - # - /srv/salt + file_roots: + base: + - /srv/salt ... - #pillar_roots: - # base: - # - /srv/pillar + pillar_roots: + base: + - /srv/pillar
Going Masterless 2/2 $ sudo service salt-minion restart Or $
sudo salt-call --local ...
Thank you Marconi Moreto @marconimjr http://marconijr.com https://github.com/marconi