On SaltStack Configuration management and remote execution. Stas Sușcov ([email protected]) GeekMeet #15, Cluj-Napoca, Transylvania February 23th, 2013 GeekMeet #15, Cluj-Napoca, Transylvania 1 / 14 February 23th, 2013 

About Stas a nerd picky developer interests: web/operations (Œ(food wine cycling)) GeekMeet #15, Cluj-Napoca, Transylvania 2 / 14 February 23th, 2013 

In August, 2012, I was hired to help migrate one’s company monolithic infrastructure into the cloud (Linode). Lots of experience I am sharing today comes from solving their issues. GeekMeet #15, Cluj-Napoca, Transylvania 3 / 14 February 23th, 2013 

The common story you start with a shared hosting business grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013 

The common story you start with a shared hosting business grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013 

The common story you start with a shared hosting business grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013 

The common story you start with a shared hosting business grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013 

The common story you start with a shared hosting business grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013 

The common story you start with a shared hosting business grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

Identifying the issue one server for everything is never OK lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013 

We work in an environment where tools reached a level of quality where not trusting those, raises lots of questions! GeekMeet #15, Cluj-Napoca, Transylvania 6 / 14 February 23th, 2013 

Picking new tools Picking new tools is always tricky, you might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013 

Picking new tools Picking new tools is always tricky, you might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013 

Picking new tools Picking new tools is always tricky, you might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013 

Picking new tools Picking new tools is always tricky, you might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

What is SaltStack? SaltStack was designed as a centralized remote execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

Remote execution being centralized, service is split between master and minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013 

root@master:~# salt ’slave*’ test.ping ^ ^ ______| |__________________ target function to execute GeekMeet #15, Cluj-Napoca, Transylvania 10 / 14 February 23th, 2013 

Modules modules represent functions that salt tool can run on minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013 

Modules modules represent functions that salt tool can run on minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013 

Modules modules represent functions that salt tool can run on minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013 

Modules modules represent functions that salt tool can run on minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013 

Configuration management, or state files SaltStack uses YAML syntax like files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013 

Configuration management, or state files SaltStack uses YAML syntax like files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013 

Configuration management, or state files SaltStack uses YAML syntax like files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013 

Configuration management, or state files SaltStack uses YAML syntax like files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013 

Questions please. . . Thank you for your time. GeekMeet #15, Cluj-Napoca, Transylvania 13 / 14 February 23th, 2013 

Online resources worth checking SaltStack Documentation – salt.readthedocs.org/en/latest/ SaltStack Website – saltstack.org SaltStack Ops School Chapter – ops- school.readthedocs.org/en/latest/config management.html#saltstack AppThemes SaltStack – github.com/AppThemes/salt-config-example These slides – github.com/stas/saltstack-slides-geekmeet GeekMeet #15, Cluj-Napoca, Transylvania 14 / 14 February 23th, 2013