Getting Started with Salt. 

Peter Baumgartner Founder of Lincoln Loop 

What is SaltStack? 

“SaltStack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management and much more.” 

SaltStack is: Configuration Management 

Configuration Management 

Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf 

Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD 

Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK 

Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK /etc/nginx/nginx.conf.20130617.bak 

No content

After Configuration Management 

Getting Started with Salt. Version control your servers Self-documenting Repeatable Reusable Benefits 

SaltStack is: Remote Execution 

Remote Execution Run command(s) against remote server(s) ! e.g. Fabric, Capistrano, Func 

Remote Execution Examples Deploy your code Run one-off scripts Critical package updates System monitoring 

Why Choose SaltStack? 

Familiar Tools Python YAML Jinja2 

Community Great Documentation (>800 pages) ! Insanely responsive (IRC, GitHub) ! Backed by for-profit org 

Why Choose SaltStack? 

Why Not Choose SaltStack? 

Caution Young Project Moves Fast Not SSH 
 (SSH support is “alpha”) 

Let’s Learn Salt! 

First... a vocabulary lesson 

Everything is Terrible Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory 

Everything is Terrible Chef: knife, recipe, cookbook Puppet: terminus, metaparameters Ansible: playbook, inventory ! Salt might be the worst offender… 

Mas•ter ˈmastər (noun) Server that manages the whole stack (auth, states, pillars) 

Min•ion ˈminyən (noun) A server controlled by the master 

State stāt (noun) A declarative representation of system state
 (how you want the minion configured) 

Grain grān (noun) Static information about a minion (RAM, CPUs, OS, etc.) 

Pil•lar ˈpilər (noun) Variables for one or more minions 
 (ports, file paths, configuration parameters) 

No content

Top File täp fīl (noun) Matches states or pillars to minions 

High•state hīstāt (noun) All the state data for a minion 

No content

Let’s Really Get Started 

Installation Options Binaries for most distros Pip install (for bleeding edge) http://bootstrap.saltstack.org
 (it probably does what you want) 

Master Server root@master:~# apt-get install salt-master ...or run master-less 

Minion # apt-get install salt-minion # echo "salt 10.10.1.1" >> /etc/hosts # salt-key -a minion.lincolnloop.com Accept the minion key on the master Point minion to the master 

Write Your First State 

Install a Package nginx: pkg.installed /srv/salt/mystate.sls 

Create your Top File 

base: myserver: - mystate /srv/salt/top.sls 
 The Top File 

Highstate! 

# salt 'myserver' state.highstate # salt-call state.highstate ...or pull from the minion Push from the master Highstate ...or master-less # salt-call state.highstate --local 

[INFO ] Loading fresh modules for state activity [INFO ] Running state [nginx] at time 13:12:03.314726 [INFO ] Executing state pkg.installed for nginx [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version} ${Architecture}\n' -W" in directory '/home/pete' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+ $"' in directory '/home/pete' [INFO ] Executing command 'apt-get -q update' in directory '/home/pete' [INFO ] Executing command ['apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force- confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nginx'] in directory '/home/pete' [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version} ${Architecture}\n' -W" in directory '/home/pete' [INFO ] In stalled Packages: libgd3 changed from absent to 2.1.0-2 libxpm4 changed from absent to 1:3.5.10-1 ttf-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1 nginx-common changed from absent to 1.4.1-3ubuntu1.3 libvpx1 changed from absent to 1.2.0-2 fonts-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1 nginx-full changed from absent to 1.4.1-3ubuntu1.3 fontconfig-config changed from absent to 2.10.93-0ubuntu1 libxslt1.1 changed from absent to 1.1.28-2 libtiff5 changed from absent to 4.0.2-4ubuntu3 libjpeg-turbo8 changed from absent to 1.3.0-0ubuntu1.1 libjbig0 changed from absent to 2.0-2ubuntu1 nginx changed from absent to 1.4.1-3ubuntu1.3 libjpeg8 changed from absent to 8c-2ubuntu8 libfontconfig1 changed from absent to 2.10.93-0ubuntu1 ! [INFO ] Loading fresh modules for state activity [INFO ] Completed state [nginx] at time 13:13:32.491024 

local: ---------- ID: nginx Function: pkg.installed Result: True Comment: The following packages were installed/updated: nginx. Changes: ---------- fontconfig-config: ---------- new: 2.10.93-0ubuntu1 old: fonts-dejavu-core: ---------- new: 2.33+svn2514-3ubuntu1 old: libfontconfig1: ---------- new: 2.10.93-0ubuntu1 old: libgd3: ---------- new: 2.1.0-2 old: libjbig0: ---------- new: 2.0-2ubuntu1 old: 

libjpeg-turbo8: ---------- new: 1.3.0-0ubuntu1.1 old: libjpeg8: ---------- new: 8c-2ubuntu8 old: libtiff5: ---------- new: 4.0.2-4ubuntu3 old: libvpx1: ---------- new: 1.2.0-2 old: libxpm4: ---------- new: 1:3.5.10-1 old: libxslt1.1: ---------- new: 1.1.28-2 old: 

nginx: ---------- new: 1.4.1-3ubuntu1.3 old: nginx-common: ---------- new: 1.4.1-3ubuntu1.3 old: nginx-full: ---------- new: 1.4.1-3ubuntu1.3 old: ttf-dejavu-core: ---------- new: 2.33+svn2514-3ubuntu1 old: ! Summary ------------ Succeeded: 1 Failed: 0 ------------ Total: 1 

No content

No content

Leveling Up Your States 

Create a User pete: user.present: - shell: /bin/bash - home: /home/pete - groups: - sudo 

Add an SSH Key pete: user.present: - shell: /bin/bash - home: /home/pete - groups: - sudo ssh_auth.present: - user: pete - source: salt://pete.pub - require: - user: pete 

Checkout a Repo [email protected]/ipmb/mysite.git: git.latest: - rev: develop - target: /usr/local/src/mysite - require: - pkg: git-core 

Run Arbitrary Commands python manage.py syncdb --noinput: cmd.run: - cwd: /usr/local/src/mysite - require: - git: [email protected]/ipmb/mysite.git 

Built-in States Over 50 built-in pip, virtualenv mysql, postgres services, files, cron ...or build your own (in Python) 

Using Pillars 

Pil•lar ˈpilər (noun) Variables for one or more minions 
 (ports, file paths, configuration parameters) 

mysite: - branch: develop /srv/pillar/mysite.sls Example Pillar 

base: 'myserver': - mysite /srv/pillar/top.sls Pillar Top File 

base: '*': - default '*.lincolnloop.com': - lincoln_loop 'os:Ubuntu': - match: grain - pkgs.ubuntu /srv/pillar/top.sls Advanced Pillar Top File 

[email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.branch }} - target: /usr/local/src/mysite - require: - pkg: git-core Adding Pillars to a State 

[email protected]/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.get('branch', 'master') }} - target: /usr/local/src/mysite - require: - pkg: git-core Setting a Default 

redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb Using Grains in a Pillar 

/etc/redis.conf: file.managed: - template: jinja - source: salt://redis_server/redis.conf.jinja - defaults: maxmemory: {{ pillar.redis_maxmemory }} Using Pillars in Files 

daemonize yes pidfile /var/run/redis.pid port 6379 bind 127.0.0.1 maxmemory {{ maxmemory }} ... Using Pillars in Files /srv/salt/redis_server/redis.conf.jinja
 

Advanced Topics Salt-cloud Custom Modules Scheduler Renderers Returners Reactor 

Tips & Tricks 

Tips & Tricks output_mode: mixed 

Tips & Tricks Jinja2 is powerful Don't go nuts 

Tips & Tricks Update often ...and review the change log 

Tips & Tricks Test before you deploy Make friends with Vagrant or Docker 

Thank you! Questions? ! Peter Baumgartner http://lincolnloop.com @ipmb