Pro Yearly is on sale from $80 to $50! »

Getting Started with SaltStack by Peter Baumgartner

D21717ea76044d31115c573d368e6ff4?s=47 PyCon 2014
April 11, 2014

Getting Started with SaltStack by Peter Baumgartner

D21717ea76044d31115c573d368e6ff4?s=128

PyCon 2014

April 11, 2014
Tweet

Transcript

  1. Getting Started with Salt.

  2. Peter Baumgartner Founder of Lincoln Loop

  3. What is SaltStack?

  4. “SaltStack delivers a dynamic infrastructure communication bus used for orchestration,

    remote execution, configuration management and much more.”
  5. SaltStack is: Configuration Management

  6. Configuration Management

  7. Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf

  8. Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD

  9. Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK

  10. Before Configuration Management root@server:~# ls /etc/nginx/nginx* /etc/nginx/nginx.conf /etc/nginx/nginx.conf.OLD /etc/nginx/nginx.conf.BAK /etc/nginx/nginx.conf.20130617.bak

  11. None
  12. After Configuration Management

  13. Getting Started with Salt. Version control your servers Self-documenting Repeatable

    Reusable Benefits
  14. SaltStack is: Remote Execution

  15. Remote Execution Run command(s) against remote server(s) ! e.g. Fabric,

    Capistrano, Func
  16. Remote Execution Examples Deploy your code Run one-off scripts Critical

    package updates System monitoring
  17. Why Choose SaltStack?

  18. Familiar Tools Python YAML Jinja2

  19. Community Great Documentation (>800 pages) ! Insanely responsive (IRC, GitHub)

    ! Backed by for-profit org
  20. Why Choose SaltStack?

  21. Why Not Choose SaltStack?

  22. Caution Young Project Moves Fast Not SSH 
 (SSH support

    is “alpha”)
  23. Let’s Learn Salt!

  24. First... a vocabulary lesson

  25. Everything is Terrible Chef: knife, recipe, cookbook Puppet: terminus, metaparameters

    Ansible: playbook, inventory
  26. Everything is Terrible Chef: knife, recipe, cookbook Puppet: terminus, metaparameters

    Ansible: playbook, inventory ! Salt might be the worst offender…
  27. Mas•ter ˈmastər (noun) Server that manages the whole stack (auth,

    states, pillars)
  28. Min•ion ˈminyən (noun) A server controlled by the master

  29. State stāt (noun) A declarative representation of system state
 (how

    you want the minion configured)
  30. Grain grān (noun) Static information about a minion (RAM, CPUs,

    OS, etc.)
  31. Pil•lar ˈpilər (noun) Variables for one or more minions 


    (ports, file paths, configuration parameters)
  32. None
  33. Top File täp fīl (noun) Matches states or pillars to

    minions
  34. High•state hīstāt (noun) All the state data for a minion

  35. None
  36. Let’s Really Get Started

  37. Installation Options Binaries for most distros Pip install (for bleeding

    edge) http://bootstrap.saltstack.org
 (it probably does what you want)
  38. Master Server root@master:~# apt-get install salt-master ...or run master-less

  39. Minion # apt-get install salt-minion # echo "salt 10.10.1.1" >>

    /etc/hosts # salt-key -a minion.lincolnloop.com Accept the minion key on the master Point minion to the master
  40. Write Your First State

  41. Install a Package nginx: pkg.installed /srv/salt/mystate.sls

  42. Create your Top File

  43. base: myserver: - mystate /srv/salt/top.sls 
 The Top File

  44. Highstate!

  45. # salt 'myserver' state.highstate # salt-call state.highstate ...or pull from

    the minion Push from the master Highstate ...or master-less # salt-call state.highstate --local
  46. [INFO ] Loading fresh modules for state activity [INFO ]

    Running state [nginx] at time 13:12:03.314726 [INFO ] Executing state pkg.installed for nginx [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version} ${Architecture}\n' -W" in directory '/home/pete' [INFO ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+ $"' in directory '/home/pete' [INFO ] Executing command 'apt-get -q update' in directory '/home/pete' [INFO ] Executing command ['apt-get', '-q', '-y', '-o', 'DPkg::Options::=--force- confold', '-o', 'DPkg::Options::=--force-confdef', 'install', 'nginx'] in directory '/home/pete' [INFO ] Executing command "dpkg-query --showformat='${Status} ${Package} $ {Version} ${Architecture}\n' -W" in directory '/home/pete' [INFO ] In stalled Packages: libgd3 changed from absent to 2.1.0-2 libxpm4 changed from absent to 1:3.5.10-1 ttf-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1 nginx-common changed from absent to 1.4.1-3ubuntu1.3 libvpx1 changed from absent to 1.2.0-2 fonts-dejavu-core changed from absent to 2.33+svn2514-3ubuntu1 nginx-full changed from absent to 1.4.1-3ubuntu1.3 fontconfig-config changed from absent to 2.10.93-0ubuntu1 libxslt1.1 changed from absent to 1.1.28-2 libtiff5 changed from absent to 4.0.2-4ubuntu3 libjpeg-turbo8 changed from absent to 1.3.0-0ubuntu1.1 libjbig0 changed from absent to 2.0-2ubuntu1 nginx changed from absent to 1.4.1-3ubuntu1.3 libjpeg8 changed from absent to 8c-2ubuntu8 libfontconfig1 changed from absent to 2.10.93-0ubuntu1 ! [INFO ] Loading fresh modules for state activity [INFO ] Completed state [nginx] at time 13:13:32.491024
  47. local: ---------- ID: nginx Function: pkg.installed Result: True Comment: The

    following packages were installed/updated: nginx. Changes: ---------- fontconfig-config: ---------- new: 2.10.93-0ubuntu1 old: fonts-dejavu-core: ---------- new: 2.33+svn2514-3ubuntu1 old: libfontconfig1: ---------- new: 2.10.93-0ubuntu1 old: libgd3: ---------- new: 2.1.0-2 old: libjbig0: ---------- new: 2.0-2ubuntu1 old:
  48. libjpeg-turbo8: ---------- new: 1.3.0-0ubuntu1.1 old: libjpeg8: ---------- new: 8c-2ubuntu8 old:

    libtiff5: ---------- new: 4.0.2-4ubuntu3 old: libvpx1: ---------- new: 1.2.0-2 old: libxpm4: ---------- new: 1:3.5.10-1 old: libxslt1.1: ---------- new: 1.1.28-2 old:
  49. nginx: ---------- new: 1.4.1-3ubuntu1.3 old: nginx-common: ---------- new: 1.4.1-3ubuntu1.3 old:

    nginx-full: ---------- new: 1.4.1-3ubuntu1.3 old: ttf-dejavu-core: ---------- new: 2.33+svn2514-3ubuntu1 old: ! Summary ------------ Succeeded: 1 Failed: 0 ------------ Total: 1
  50. None
  51. None
  52. Leveling Up Your States

  53. Create a User pete: user.present: - shell: /bin/bash - home:

    /home/pete - groups: - sudo
  54. Add an SSH Key pete: user.present: - shell: /bin/bash -

    home: /home/pete - groups: - sudo ssh_auth.present: - user: pete - source: salt://pete.pub - require: - user: pete
  55. Checkout a Repo git@github.com/ipmb/mysite.git: git.latest: - rev: develop - target:

    /usr/local/src/mysite - require: - pkg: git-core
  56. Run Arbitrary Commands python manage.py syncdb --noinput: cmd.run: - cwd:

    /usr/local/src/mysite - require: - git: git@github.com/ipmb/mysite.git
  57. Built-in States Over 50 built-in pip, virtualenv mysql, postgres services,

    files, cron ...or build your own (in Python)
  58. Using Pillars

  59. Pil•lar ˈpilər (noun) Variables for one or more minions 


    (ports, file paths, configuration parameters)
  60. mysite: - branch: develop /srv/pillar/mysite.sls Example Pillar

  61. base: 'myserver': - mysite /srv/pillar/top.sls Pillar Top File

  62. base: '*': - default '*.lincolnloop.com': - lincoln_loop 'os:Ubuntu': - match:

    grain - pkgs.ubuntu /srv/pillar/top.sls Advanced Pillar Top File
  63. git@github.com/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.branch }} - target: /usr/local/src/mysite

    - require: - pkg: git-core Adding Pillars to a State
  64. git@github.com/ipmb/mysite.git: git.latest: - rev: {{ pillar.mysite.get('branch', 'master') }} - target:

    /usr/local/src/mysite - require: - pkg: git-core Setting a Default
  65. redis_maxmemory: {{ (grains.mem_total * 0.5)|int }}mb Using Grains in a

    Pillar
  66. /etc/redis.conf: file.managed: - template: jinja - source: salt://redis_server/redis.conf.jinja - defaults:

    maxmemory: {{ pillar.redis_maxmemory }} Using Pillars in Files
  67. daemonize yes pidfile /var/run/redis.pid port 6379 bind 127.0.0.1 maxmemory {{

    maxmemory }} ... Using Pillars in Files /srv/salt/redis_server/redis.conf.jinja

  68. Advanced Topics Salt-cloud Custom Modules Scheduler Renderers Returners Reactor

  69. Tips & Tricks

  70. Tips & Tricks output_mode: mixed

  71. Tips & Tricks Jinja2 is powerful Don't go nuts

  72. Tips & Tricks Update often ...and review the change log

  73. Tips & Tricks Test before you deploy Make friends with

    Vagrant or Docker
  74. Thank you! Questions? ! Peter Baumgartner http://lincolnloop.com @ipmb