Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting Started with SaltStack by Peter Baumgartner

PyCon 2014
April 11, 2014

Getting Started with SaltStack by Peter Baumgartner

PyCon 2014

April 11, 2014
Tweet

More Decks by PyCon 2014

Other Decks in Technology

Transcript

  1. Getting Started with Salt.

    View full-size slide

  2. Peter Baumgartner
    Founder of Lincoln Loop

    View full-size slide

  3. What is SaltStack?

    View full-size slide

  4. “SaltStack delivers a dynamic
    infrastructure communication bus
    used for orchestration, remote
    execution, configuration
    management and much more.”

    View full-size slide

  5. SaltStack is:
    Configuration Management

    View full-size slide

  6. Configuration Management

    View full-size slide

  7. Before Configuration Management
    root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf

    View full-size slide

  8. Before Configuration Management
    root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    /etc/nginx/nginx.conf.OLD

    View full-size slide

  9. Before Configuration Management
    root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    /etc/nginx/nginx.conf.OLD
    /etc/nginx/nginx.conf.BAK

    View full-size slide

  10. Before Configuration Management
    root@server:~# ls /etc/nginx/nginx*
    /etc/nginx/nginx.conf
    /etc/nginx/nginx.conf.OLD
    /etc/nginx/nginx.conf.BAK
    /etc/nginx/nginx.conf.20130617.bak

    View full-size slide

  11. After Configuration Management

    View full-size slide

  12. Getting Started with Salt.
    Version control your servers
    Self-documenting
    Repeatable
    Reusable
    Benefits

    View full-size slide

  13. SaltStack is:
    Remote Execution

    View full-size slide

  14. Remote Execution
    Run command(s)
    against remote server(s)
    !
    e.g. Fabric, Capistrano, Func

    View full-size slide

  15. Remote Execution Examples
    Deploy your code
    Run one-off scripts
    Critical package updates
    System monitoring

    View full-size slide

  16. Why Choose SaltStack?

    View full-size slide

  17. Familiar Tools
    Python
    YAML
    Jinja2

    View full-size slide

  18. Community
    Great Documentation
    (>800 pages)
    !
    Insanely responsive
    (IRC, GitHub)
    !
    Backed by for-profit org

    View full-size slide

  19. Why Choose SaltStack?

    View full-size slide

  20. Why Not Choose SaltStack?

    View full-size slide

  21. Caution
    Young Project
    Moves Fast
    Not SSH 

    (SSH support is “alpha”)

    View full-size slide

  22. Let’s Learn Salt!

    View full-size slide

  23. First...
    a vocabulary lesson

    View full-size slide

  24. Everything is Terrible
    Chef: knife, recipe, cookbook
    Puppet: terminus, metaparameters
    Ansible: playbook, inventory

    View full-size slide

  25. Everything is Terrible
    Chef: knife, recipe, cookbook
    Puppet: terminus, metaparameters
    Ansible: playbook, inventory
    !
    Salt might be the worst offender…

    View full-size slide

  26. Mas•ter
    ˈmastər (noun)
    Server that manages the whole stack
    (auth, states, pillars)

    View full-size slide

  27. Min•ion
    ˈminyən (noun)
    A server controlled by the master

    View full-size slide

  28. State
    stāt (noun)
    A declarative representation of
    system state

    (how you want the minion configured)

    View full-size slide

  29. Grain
    grān (noun)
    Static information about a minion
    (RAM, CPUs, OS, etc.)

    View full-size slide

  30. Pil•lar
    ˈpilər (noun)
    Variables for one or more minions 

    (ports, file paths, configuration parameters)

    View full-size slide

  31. Top File
    täp fīl (noun)
    Matches states or pillars to minions

    View full-size slide

  32. High•state
    hīstāt (noun)
    All the state data for a minion

    View full-size slide

  33. Let’s Really Get Started

    View full-size slide

  34. Installation Options
    Binaries for most distros
    Pip install (for bleeding edge)
    http://bootstrap.saltstack.org

    (it probably does what you want)

    View full-size slide

  35. Master Server
    root@master:~# apt-get install salt-master
    ...or run master-less

    View full-size slide

  36. Minion
    # apt-get install salt-minion
    # echo "salt 10.10.1.1" >> /etc/hosts
    # salt-key -a minion.lincolnloop.com
    Accept the minion key on the master
    Point minion to the master

    View full-size slide

  37. Write Your First
    State

    View full-size slide

  38. Install a Package
    nginx:
    pkg.installed
    /srv/salt/mystate.sls

    View full-size slide

  39. Create your
    Top File

    View full-size slide

  40. base:
    myserver:
    - mystate
    /srv/salt/top.sls 

    The Top File

    View full-size slide

  41. # salt 'myserver' state.highstate
    # salt-call state.highstate
    ...or pull from the minion
    Push from the master
    Highstate
    ...or master-less
    # salt-call state.highstate --local

    View full-size slide

  42. [INFO ] Loading fresh modules for state activity
    [INFO ] Running state [nginx] at time 13:12:03.314726
    [INFO ] Executing state pkg.installed for nginx
    [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $
    {Version} ${Architecture}\n' -W" in directory '/home/pete'
    [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+
    $"' in directory '/home/pete'
    [INFO ] Executing command 'apt-get -q update' in directory '/home/pete'
    [INFO ] Executing command ['apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force-
    confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nginx'] in directory
    '/home/pete'
    [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $
    {Version} ${Architecture}\n' -W" in directory '/home/pete'
    [INFO ] In stalled Packages:
    libgd3 changed from absent to 2.1.0-2
    libxpm4 changed from absent to 1:3.5.10-1
    ttf-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1
    nginx-common changed from absent to 1.4.1-3ubuntu1.3
    libvpx1 changed from absent to 1.2.0-2
    fonts-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1
    nginx-full changed from absent to 1.4.1-3ubuntu1.3
    fontconfig-config changed from absent to 2.10.93-0ubuntu1
    libxslt1.1 changed from absent to 1.1.28-2
    libtiff5 changed from absent to 4.0.2-4ubuntu3
    libjpeg-turbo8 changed from absent to 1.3.0-0ubuntu1.1
    libjbig0 changed from absent to 2.0-2ubuntu1
    nginx changed from absent to 1.4.1-3ubuntu1.3
    libjpeg8 changed from absent to 8c-2ubuntu8
    libfontconfig1 changed from absent to 2.10.93-0ubuntu1
    !
    [INFO ] Loading fresh modules for state activity
    [INFO ] Completed state [nginx] at time 13:13:32.491024

    View full-size slide

  43. local:
    ----------
    ID: nginx
    Function: pkg.installed
    Result: True
    Comment: The following packages were installed/updated: nginx.
    Changes:
    ----------
    fontconfig-config:
    ----------
    new:
    2.10.93-0ubuntu1
    old:
    fonts-dejavu-core:
    ----------
    new:
    2.33+svn2514-3ubuntu1
    old:
    libfontconfig1:
    ----------
    new:
    2.10.93-0ubuntu1
    old:
    libgd3:
    ----------
    new:
    2.1.0-2
    old:
    libjbig0:
    ----------
    new:
    2.0-2ubuntu1
    old:

    View full-size slide

  44. libjpeg-turbo8:
    ----------
    new:
    1.3.0-0ubuntu1.1
    old:
    libjpeg8:
    ----------
    new:
    8c-2ubuntu8
    old:
    libtiff5:
    ----------
    new:
    4.0.2-4ubuntu3
    old:
    libvpx1:
    ----------
    new:
    1.2.0-2
    old:
    libxpm4:
    ----------
    new:
    1:3.5.10-1
    old:
    libxslt1.1:
    ----------
    new:
    1.1.28-2
    old:

    View full-size slide

  45. nginx:
    ----------
    new:
    1.4.1-3ubuntu1.3
    old:
    nginx-common:
    ----------
    new:
    1.4.1-3ubuntu1.3
    old:
    nginx-full:
    ----------
    new:
    1.4.1-3ubuntu1.3
    old:
    ttf-dejavu-core:
    ----------
    new:
    2.33+svn2514-3ubuntu1
    old:
    !
    Summary
    ------------
    Succeeded: 1
    Failed: 0
    ------------
    Total: 1

    View full-size slide

  46. Leveling Up Your
    States

    View full-size slide

  47. Create a User
    pete:
    user.present:
    - shell: /bin/bash
    - home: /home/pete
    - groups:
    - sudo

    View full-size slide

  48. Add an SSH Key
    pete:
    user.present:
    - shell: /bin/bash
    - home: /home/pete
    - groups:
    - sudo
    ssh_auth.present:
    - user: pete
    - source: salt://pete.pub
    - require:
    - user: pete

    View full-size slide

  49. Checkout a Repo
    [email protected]/ipmb/mysite.git:
    git.latest:
    - rev: develop
    - target: /usr/local/src/mysite
    - require:
    - pkg: git-core

    View full-size slide

  50. Run Arbitrary Commands
    python manage.py syncdb --noinput:
    cmd.run:
    - cwd: /usr/local/src/mysite
    - require:
    - git: [email protected]/ipmb/mysite.git

    View full-size slide

  51. Built-in States
    Over 50 built-in
    pip, virtualenv
    mysql, postgres
    services, files, cron
    ...or build your own (in Python)

    View full-size slide

  52. Using
    Pillars

    View full-size slide

  53. Pil•lar
    ˈpilər (noun)
    Variables for one or more minions 

    (ports, file paths, configuration parameters)

    View full-size slide

  54. mysite:
    - branch: develop
    /srv/pillar/mysite.sls
    Example Pillar

    View full-size slide

  55. base:
    'myserver':
    - mysite
    /srv/pillar/top.sls
    Pillar Top File

    View full-size slide

  56. base:
    '*':
    - default
    '*.lincolnloop.com':
    - lincoln_loop
    'os:Ubuntu':
    - match: grain
    - pkgs.ubuntu
    /srv/pillar/top.sls
    Advanced Pillar Top File

    View full-size slide

  57. [email protected]/ipmb/mysite.git:
    git.latest:
    - rev: {{ pillar.mysite.branch }}
    - target: /usr/local/src/mysite
    - require:
    - pkg: git-core
    Adding Pillars to a State

    View full-size slide

  58. [email protected]/ipmb/mysite.git:
    git.latest:
    - rev: {{ pillar.mysite.get('branch', 'master') }}
    - target: /usr/local/src/mysite
    - require:
    - pkg: git-core
    Setting a Default

    View full-size slide

  59. redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb
    Using Grains in a Pillar

    View full-size slide

  60. /etc/redis.conf:
    file.managed:
    - template: jinja
    - source: salt://redis_server/redis.conf.jinja
    - defaults:
    maxmemory: {{ pillar.redis_maxmemory }}
    Using Pillars in Files

    View full-size slide

  61. daemonize yes
    pidfile /var/run/redis.pid
    port 6379
    bind 127.0.0.1
    maxmemory {{ maxmemory }}
    ...
    Using Pillars in Files
    /srv/salt/redis_server/redis.conf.jinja


    View full-size slide

  62. Advanced Topics
    Salt-cloud
    Custom Modules
    Scheduler
    Renderers
    Returners
    Reactor

    View full-size slide

  63. Tips & Tricks

    View full-size slide

  64. Tips & Tricks
    output_mode: mixed

    View full-size slide

  65. Tips & Tricks
    Jinja2 is powerful
    Don't go nuts

    View full-size slide

  66. Tips & Tricks
    Update often
    ...and review the change log

    View full-size slide

  67. Tips & Tricks
    Test before you deploy
    Make friends with Vagrant or Docker

    View full-size slide

  68. Thank you!
    Questions?
    !
    Peter Baumgartner
    http://lincolnloop.com
    @ipmb

    View full-size slide