Getting Started with Salt 

Peter Baumgartner Founder, Lincoln Loop 

What is SaltStack? 

“SaltStack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management and much more.” 

No content

SaltStack is Configuration Management 

Configuration Management 

root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf Before Configuration Management 

root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD Before Configuration Management 

root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK Before Configuration Management 

root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK /etc/nginx/nginx.conf.20130617.bak Before Configuration Management 

No content

After Configuration Management 

Version control your servers Self-documenting Repeatable Reusable Benefits 

SaltStack is Remote Execution 

Run command(s) against remote server(s) e.g. Fabric, Capistrano, Func Remote Execution 

Deploy your code Run one-off scripts Critical package updates System monitoring/alerting https://github.com/lincolnloop/salmon Remote Execution Examples 

Why Choose SaltStack? 

Python YAML Jinja2 Familiar Tools 

Great Documentation (>800 pages) Insanely responsive (IRC, GitHub) Backed by for-profit org Community 

Why Choose SaltStack? 

Why Not Choose SaltStack? 

Young Project Moves Fast Not SSH (SSH support soon) https://github.com/saltstack/salt/issues/5913 https://github.com/saltstack/salt/issues/5914 Caution 

Let’s Learn Salt! 

First... a vocabulary lesson 

Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory Everything is Terrible 

Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory Salt might be the worst offender... Everything is Terrible 

Mas•ter ˈmastər (noun) Server that manages the whole stack (auth, states, pillars) 

Min•ion ˈminyən (noun) A server controlled by the master 

State stāt (noun) A declarative representation of system state. (how you want the minion configured) 

Grain grān (noun) Static information about a minion (RAM, CPUs, OS, etc.) 

Pil•lar ˈpilər (noun) Variables for one or more minions (ports, file paths, configuration parameters) 

No content

Top File täp fīl (noun) Matches states or pillars to minions 

High•state hīstāt (noun) All the state data for a minion 

No content

Let’s Really Get Started 

Binaries for most distros Pip install (for bleeding edge) http://bootstrap.saltstack.org (it probably does what you want) Installation Options 

root@master:~# apt-get install salt-master Master Server ...or run master-less 

# apt-get install salt-minion # echo "salt 10.10.1.1" >> /etc/hosts # salt-key -a minion.lincolnloop.com Accept the minion key on the master Point minion to the master Minion 

Write Your First State 

nginx: pkg.installed /srv/salt/mystate.sls (or /srv/salt/mystate/init.sls) Install a Package 

Create your Top File 

base: myserver.lincolnloop.com: - mystate /srv/salt/top.sls The Top File 

Highstate! 

# salt 'myserver.lincolnloop.com' state.highstate # salt-call state.highstate ...or pull from the minion Push from the master Highstate ...or master-less # salt-call state.highstate --local 

[INFO ] Executing state pkg.installed for nginx [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version}\n' -W" in directory '/' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/' [INFO ] Executing command 'apt-get -q update' in directory '/' [INFO ] Executing command 'apt-get -q -y -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-confdef install nginx' in directory '/' [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version}\n' -W" in directory '/' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/' [INFO ] Installed Packages: libgeoip1 changed from absent to 1.4.8+dfsg-2 nginx changed from absent to 1.1.19-1 libxml2 changed from absent to 2.7.8.dfsg-5.1ubuntu4 nginx-common changed from absent to 1.1.19-1 libfreetype6 changed from absent to 2.4.8-1ubuntu2 nginx-full changed from absent to 1.1.19-1 xml-core changed from absent to 0.13 geoip-database changed from absent to 20111220-1 libxslt1.1 changed from absent to 1.1.26-8ubuntu1 libjpeg-turbo8 changed from absent to 1.1.90+svn733-0ubuntu4 libgd2-noxpm changed from absent to 2.0.36~rc1~dfsg-6ubuntu2 sgml-base changed from absent to 1.26+nmu1ubuntu1 libjpeg8 changed from absent to 8c-2ubuntu7 ,,, 

[INFO ] Loading fresh modules for state activity local: ---------- State: - pkg Name: nginx Function: installed Result: True Comment: The following packages were installed/updated: nginx. Changes: libgeoip1: { new : 1.4.8+dfsg-2 old : } nginx: { new : 1.1.19-1 old : } libxml2: { new : 2.7.8.dfsg-5.1ubuntu4 old : } nginx-common: { new : 1.1.19-1 old : } libfreetype6: { new : 2.4.8-1ubuntu2 old : } nginx-full: { new : 1.1.19-1 old : } ... 

No content

No content

Leveling Up Your States 

pete: user.present: - shell: /bin/bash - home: /home/pete - groups: - sudo Create a User 

pete: user.present: - shell: /bin/bash - home: /home/pete - groups: - sudo ssh_auth.present: - user: pete - source: salt://pete.pub - require: - user: pete Add an SSH Key 

[email protected]/ipmb/mysite.git: git.latest: - rev: develop - target: /usr/local/src/mysite - require: - pkg: git-core Checkout a Repo 

python manage.py syncdb --noinput: cmd.run: - cwd: /usr/local/src/mysite - require: - git: [email protected]/me/mysite.git Run Arbitrary Commands 

Over 50 built-in pip, virtualenv mysql, postgres services, files, cron ...or build your own (in Python) Built-in States 

Using Pillars 

Pil•lar ˈpilər (noun) Variables for one or more minions (ports, file paths, configuration parameters) 

mysite: - branch: develop /srv/pillar/mysite.sls Example Pillar 

base: 'myserver.lincolnloop.com': - mysite /srv/pillar/top.sls Pillar Top File 

base: '*': - default '*.lincolnloop.com': - lincoln_loop 'os:Ubuntu': - match: grain - pkgs.ubuntu /srv/pillar/top.sls Advanced Pillar Top File 

[email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.branch }} - target: /usr/local/src/mysite - require: - pkg: git-core Adding Pillars to a State 

[email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.get('branch', 'master') }} - target: /usr/local/src/mysite - require: - pkg: git-core Setting a Default 

redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb Using Grains in a Pillar 

/etc/redis.conf: file.managed: - template: jinja - source: salt://packages/redis_server/redis.conf.jinja - defaults: maxmemory: {{ pillar.get('redis_maxmemory', '64mb') }} Using Pillars in Files 

daemonize yes pidfile /var/run/redis.pid port 6379 bind 127.0.0.1 maxmemory {{ maxmemory }} ... /srv/salt/redis_server/redis.conf.jinja Using Pillars in Files 

Salt-cloud Custom Modules Scheduler Renderers Returners Advanced Topics 

Tips & Tricks 

output_mode: mixed Tips & Tricks 

Jinja2 is powerful Don't go nuts Tips & Tricks 

Update often ...and review the change log Tips & Tricks 

Tips & Tricks Test before you deploy Make friends with Vagrant or Docker 

Thank you! Questions? Peter Baumgartner http://lincolnloop.com @ipmb