Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Introduction to Systems Management with SaltStack

583 Aufrufe

Veröffentlicht am

A very high level introduction to "salt" (SaltStack) given a Code Camp (3 Oct 2015).

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Introduction to Systems Management with SaltStack

  1. 1. Introduction to Systems Management with SaltStack Craig Sebenik Infrastructure Engineer@Matterport 3 Oct 2015
  2. 2. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  3. 3. What Is SaltStack? • System and Configuration Management • Encrypted communication channel • Remote execution framework • 100% open: one of the most active on github • Scales to tens of thousands of nodes • Built (and extended) with python
  4. 4. What Am I Covering? • Simple/quick overview of salt • Very simple examples • Only a basic single master topology • Only the core functionality • Glossing over details: ask questions!
  5. 5. Who Am I? • Degrees in Chemistry, Mathematics, Food • Computational Chemist (lifetime ago) • Abbott Labs, Eastman Kodak, Parke-Davis • Sysadmin/SRE • NetApp, LinkedIn, Matterport
  6. 6. One More Thing About Me…
  7. 7. Quick History Of Salt • Initial release in March 2011 • States added a few months later • Pillars added March 2012 • Salt SSH added Sept 2013 • Salt Cloud merged in Jan 2014 • Custom transport (RAET) added in Jul 2014
  8. 8. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  9. 9. Minions and Master • Master: central command and control • Minion: paired with master • Encrypted communication • Communication over ZeroMQ using MessagePack • Target minions based on their attributes
  10. 10. Quick Example
  11. 11. What Does This Mean? • Central management of many nodes • Ensuring hosts match a “recipe” • Easy to add more hosts that match a template
  12. 12. PUB-SUB master minion1 minion2 4505
  13. 13. Returning Data master minion1 minion2 4506
  14. 14. Targeting Minions • List: “minion1,minion2 • Globs: “minion*” • Regular expression: “minion([2|3])” • Grains: “OS: Ubuntu” • Combinations of the above
  15. 15. Set up Trust With salt-key • Salt uses standard public key encryption • Key exchange • Master needs to verify identity of minions • User needs to “accept” the minion’s key • Minion’s public key stored on master • Master’s public key stored on minion
  16. 16. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  17. 17. Execution Modules • Salt comes with over 100 modules • Over 1000 functions • Examples: • pkg.install, pkg.remove • file.copy, file.find, file.chown • user.add, user.info
  18. 18. Minor Vocabulary Clarification • Modules contains functions • Modules correspond to python files • Functions correspond to methods • There are some exceptions, but beyond today’s scope
  19. 19. Add User To All Hosts
  20. 20. What’s Happening • Master looks at target (‘*’) and determines hosts • Puts message out on event bus • Over ZeroMQ using messagepack • Minion sees message and executes • All execution is on minion, not master • Minion returns data back to master
  21. 21. Master Maintains Job Data • Job cache on master • Contains history of jobs run and data returned • Tools to query the job cache • Default is to cache 24 hours of history • Performance penalties when storing longer
  22. 22. Commands Sent In Parallel • Command sent via event bus • Minions see and execute • Jobs are done asynchronously
  23. 23. Can Run Locally • Command to run locally: salt-call • No central coordination • Data *IS* still returned to master • Can bypass with “—local” flag
  24. 24. Documentation • Function called “sys.doc” • Uses python docstrings • Important when writing your own custom modules/functions
  25. 25. salt-call Example
  26. 26. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  27. 27. States • Recipe for how a host should be configured • Default file format is YAML (with jinja) • Write state files on the master • Master will sync to minion automatically • States use the remote execution framework • But, they are not the same
  28. 28. State Example
  29. 29. Running State Example
  30. 30. Running highstate • Running individual states can be tedious • Collect all states for a host (or “template”) in a single file: top.ls • Called: top file • Target just like running the “salt” command
  31. 31. Example Top File
  32. 32. Running highstate
  33. 33. Targeting Example
  34. 34. Running Targeting Example
  35. 35. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  36. 36. Data: Minion and Master • Grains: minion side data • Example: host operating system • Pillars: master side data • Example: database passwords
  37. 37. Grains: Minion-Side Data • Data gathered on the minion • Master has a cache of minion grains • Salt comes with a number of grains built in • OS name (eg CentOS) • number of CPUs • kernel version
  38. 38. Viewing Grains
  39. 39. Targeting With Grains
  40. 40. Adding Grains • Minion config • /etc/salt/grains • Via command • sudo salt minion grains.setval foo bar • Via python (will discuss later)
  41. 41. Pillars: Master-Side Data • Data sent to a specific minion (from master) • Typically used for sensitive data • E.g. passwords • Uses a “top file” (just like “states”)
  42. 42. Pillar Example
  43. 43. Running Pillar Example
  44. 44. Targeted Pillar Data
  45. 45. Running Targeted Pillars
  46. 46. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  47. 47. Extending Salt • Jinja • Custom modules/functions (python) • salt python API (LocalClient) • Customizations are synced via salt command • Easy to automate
  48. 48. Templates Using jinja • Jinja is a widely used python templating language • Inspired by Django’s templates • Default template for flask applications • Gives basic control commands to flat files
  49. 49. Jinja Example
  50. 50. Running The ‘vim state’
  51. 51. Python Module/Function
  52. 52. Custom Modules are NOT Automatically Synced
  53. 53. Running hello.world
  54. 54. Docstrings Are Important
  55. 55. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  56. 56. Demo Minions • minion1: development database server • minion2: development application server • minion3: production database server • minion4: production application server
  57. 57. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  58. 58. Summary • Master and minions encrypted communications • Grains: minion-side data, Pillars: master-side data • Execution functions run on the minions • States are formulas/recipes to define a host • Collect multiple states with highstate • Lots of ways to extend salt functionality
  59. 59. Other Features • Runners: master side orchestration • Orchestrate Runner: master coordination of states • Salt cloud: manage cloud virtual machines • Salt ssh: like normal salt without minion process • More advanced topologies • multi-master • master-less minions (with salt-call) • GitFS
  60. 60. References • https://docs.saltstack.com/en/latest/ • https://docs.saltstack.com/en/getstarted/ • https://github.com/saltstack/salt
  61. 61. Questions? @craigs55 irc:chitown https://www.linkedin.com/in/craigsebenik Yes, we’re hiring! http://matterport.com/positions/

×