Upgrade to Pro — share decks privately, control downloads, hide ads and more …

On SaltStack: Configuration Management and Remo...

Stas Sușcov
February 23, 2013

On SaltStack: Configuration Management and Remote Execution

My slides from GeekMeet #15 meetup in Cluj-Napoca.
http://geekmeet.ro

Get the code on github:
https://github.com/stas/saltstack-slides-geekmeet

Stas Sușcov

February 23, 2013
Tweet

More Decks by Stas Sușcov

Other Decks in Technology

Transcript

  1. On SaltStack Configuration management and remote execution. Stas Sușcov ([email protected])

    GeekMeet #15, Cluj-Napoca, Transylvania February 23th, 2013 GeekMeet #15, Cluj-Napoca, Transylvania 1 / 14 February 23th, 2013
  2. About Stas a nerd picky developer interests: web/operations (Œ(food wine

    cycling)) GeekMeet #15, Cluj-Napoca, Transylvania 2 / 14 February 23th, 2013
  3. In August, 2012, I was hired to help migrate one’s

    company monolithic infrastructure into the cloud (Linode). Lots of experience I am sharing today comes from solving their issues. GeekMeet #15, Cluj-Napoca, Transylvania 3 / 14 February 23th, 2013
  4. The common story you start with a shared hosting business

    grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013
  5. The common story you start with a shared hosting business

    grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013
  6. The common story you start with a shared hosting business

    grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013
  7. The common story you start with a shared hosting business

    grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013
  8. The common story you start with a shared hosting business

    grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013
  9. The common story you start with a shared hosting business

    grows, you buy more bandwidth and space business grows, you are thinking to move to dedicated, but you don’t, the works for me attitude is on you have a gig with a dozen of employees, you are living a nightmare development gets slow, knowledge is spread over a couple of people (if you are lucky) end of story: you are afraid to restart Apache because it might not start back! GeekMeet #15, Cluj-Napoca, Transylvania 4 / 14 February 23th, 2013
  10. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  11. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  12. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  13. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  14. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  15. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  16. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  17. Identifying the issue one server for everything is never OK

    lack of documentation, writing docs for servers is harder compared to software lack of a changelog, why service X runs and service Y is stopped tell me something about this firewall rule (no trolling intended) lack of deployment tools lack of provisioning solutions monitoring should be proactive, graphs are good but still . . . lack of an operations-friendly culture (postmortems are for everyone not just your boss) GeekMeet #15, Cluj-Napoca, Transylvania 5 / 14 February 23th, 2013
  18. We work in an environment where tools reached a level

    of quality where not trusting those, raises lots of questions! GeekMeet #15, Cluj-Napoca, Transylvania 6 / 14 February 23th, 2013
  19. Picking new tools Picking new tools is always tricky, you

    might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013
  20. Picking new tools Picking new tools is always tricky, you

    might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013
  21. Picking new tools Picking new tools is always tricky, you

    might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013
  22. Picking new tools Picking new tools is always tricky, you

    might lose more than win, here are some tips: ask your colleagues developers, you will be impressed to see how many are more than just programmers start picking tools based on current software stack (if you are doing Python, look for tools written in that language) do not judge tools by age, consider facts like documentation, extensibility, development cycle first last but not least, installation and upgrade actions should be as easy as possible GeekMeet #15, Cluj-Napoca, Transylvania 7 / 14 February 23th, 2013
  23. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  24. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  25. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  26. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  27. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  28. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  29. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  30. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  31. What is SaltStack? SaltStack was designed as a centralized remote

    execution tool runs tasks in parallel uses ØMQ for communication (authenticates using SSH keys) stand-alone, does not require any other dependencies SaltStack has an easy to pick configuration management system configuration management files use an YAML syntax configuration is split into modules and states, which represent pure Python modules extensible API, overwrite a module by placing the new Python file into local directory (Salt will update machines on its own) flexible API, ready to use solutions for use-cases like peering, auto-discovery, syndication, white-list execution, returners GeekMeet #15, Cluj-Napoca, Transylvania 8 / 14 February 23th, 2013
  32. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  33. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  34. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  35. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  36. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  37. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  38. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  39. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  40. Remote execution being centralized, service is split between master and

    minions (slaves) every salt installation generates an SSH key, that will be used to authenticate the machine master manages minions/authentication using salt-key tool master can target minions based on: globbing and regular expressions static information such as OS, software versions, virtualization, CPU, memory . . . statically defined groups compound matchers batching execution GeekMeet #15, Cluj-Napoca, Transylvania 9 / 14 February 23th, 2013
  41. root@master:~# salt ’slave*’ test.ping ^ ^ ______| |__________________ target function

    to execute GeekMeet #15, Cluj-Napoca, Transylvania 10 / 14 February 23th, 2013
  42. Modules modules represent functions that salt tool can run on

    minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013
  43. Modules modules represent functions that salt tool can run on

    minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013
  44. Modules modules represent functions that salt tool can run on

    minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013
  45. Modules modules represent functions that salt tool can run on

    minions every module is either Python or Cython code modules can be extended or overwritten by dropping new ones into master file roots directory called modules configuration management states, underneath, use modules too, in fact the module name itself is called state GeekMeet #15, Cluj-Napoca, Transylvania 11 / 14 February 23th, 2013
  46. Configuration management, or state files SaltStack uses YAML syntax like

    files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013
  47. Configuration management, or state files SaltStack uses YAML syntax like

    files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013
  48. Configuration management, or state files SaltStack uses YAML syntax like

    files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013
  49. Configuration management, or state files SaltStack uses YAML syntax like

    files called SLS files to describe minion configuration state files attributes are mapped directly to modules states can be extended or overwritten by dropping new ones into master file roots directory called states states can be grouped using targeting in the top file top.sls, and executed using state.highstate call GeekMeet #15, Cluj-Napoca, Transylvania 12 / 14 February 23th, 2013
  50. Questions please. . . Thank you for your time. GeekMeet

    #15, Cluj-Napoca, Transylvania 13 / 14 February 23th, 2013
  51. Online resources worth checking SaltStack Documentation – salt.readthedocs.org/en/latest/ SaltStack Website

    – saltstack.org SaltStack Ops School Chapter – ops- school.readthedocs.org/en/latest/config management.html#saltstack AppThemes SaltStack – github.com/AppThemes/salt-config-example These slides – github.com/stas/saltstack-slides-geekmeet GeekMeet #15, Cluj-Napoca, Transylvania 14 / 14 February 23th, 2013