The SaltStack Pub Crawl - Fosscomm 2016
•
0 likes•1,024 views
SaltStack is an open source configuration management and orchestration tool. It allows users to provision, deploy, and manage infrastructure and applications across multiple cloud and virtual systems. SaltStack uses a master-minion architecture with a master server to control and manage minions (agent servers). Key features include remote execution, configuration management, orchestration abilities, and a communication bus to manage infrastructure at scale.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to The SaltStack Pub Crawl - Fosscomm 2016
Similar to The SaltStack Pub Crawl - Fosscomm 2016 (20)
Recently uploaded
Recently uploaded (20)
The SaltStack Pub Crawl - Fosscomm 2016
- 1. RQ
- 2. about me ☃ systems engineer @Logicea LLC ☃ I have broken development a few times ☃ I have broken production a few more ☃ I hate databases
- 3. about this
- 4. The Good Companions Configuration management (CM) is a field of management that focuses on establishing and maintaining consistency of a system. (Wikipedia) Design your infrastructure Systems integrity and consistency Provision and automate Create proper processes Cloud Management Version Control Automations and Remote Execution Monitoring, Alerting, Logging
- 9. kk YAML
- 10. So, SaltStack? Saltstack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management. + Python, YAML, Jinja2, ZeroMQ + Event driven + Master-agent, Masterless (ssh) + Multimaster for HA + Cloud/VM/Containers support + Orchestration + Reactors + Runners + Guaranteed execution order
- 11. So, SaltStack? Saltstack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management. - Relatively young project - Changes rapidly - Its documentation is… challenging - Needs some Python background - Needs design background - If your saltmaster is compromised, LOL
- 12. Terminology Master and Minion The Master controls its Minions :p State Modules Code needed to enforce, set up or change the configuration of a target system Pillars Custom data essential for state execution (e.g. user accounts, lists of virtual hosts etc.) Grains Static minion information SLS Files (.sls) Text files containing list of states to execute or, simply pillar data
- 13. Terminology Renderers Render SLS files and pass information to the state system Templates SaltMine Top Files Highstate
- 14. Architecture • Master-Minion Persistent TCP connection • Two listening ports on Master (4505,4506) • No listening ports on Minions (yey) • ZeroMQ to send/recv messages • Encrypted transport (+custom protocol) • Minions wait for jobs from a remote Master • Minions return job results back to Master
- 15. Architecture
- 16. Installation # cat /etc/apt/sources.list.d/saltstack.conf: deb http://debian.saltstack.com/debian jessie-saltstack main # wget -q -O- "http://debian.saltstack.com/debian-salt-team- joehealy.gpg.key" | apt-key add – # apt-get update Saltmaster master# apt-get install salt-master . . . . . master# salt-key –L Unaccepted Keys: minion8 master# salt-key –A Minion minion8# apt-get install salt-minion minion8# cat /etc/salt/minion master: saltmaster minion8# systemctl restart > salt-minion
- 17. Saltmaster saltmaster:/etc/salt# tree . ├── master ├── pillars │ ├── defaults │ │ └── init.sls │ ├── top.sls │ └── users │ ├── init.sls │ └── gary.sls │ └── oliver.sls └── states ├── defaults │ ├── init.sls │ ├── linux-debian.sls │ ├── linux-centos.sls │ └── sshd_config ├── top.sls └── users └── init.sls
- 18. Saltmaster Config # cat /etc/salt/master file_roots: base: - /etc/salt/states pillar_roots: base: - /etc/salt/pillars Pillars # cat /etc/salt/pillars/top.sls base: '*': - defaults - users # cat /etc/salt/pillars/defaults/init.sls disabled_services: - rpcbind - nfs-common
- 19. States # cat /etc/salt/states/top.sls base: '*': - defaults - users # cat /etc/salt/states/defaults/ init.sls basic_pkgs: pkg.installed: - install_recommends: False - pkgs: - screen: - lsof: - ngrep: openssh-server: pkg: - installed service: - name: ssh - running - enable: True - watch: - file: /etc/ssh/sshd_config file.managed: - name: /etc/ssh/sshd_config - source: salt://defaults/sshd_config - require: - pkg: openssh-server {% if grains['os_family'] == "RedHat" %} disable_selinux: file.managed: - name: /etc/selinux/config - contents: "SELINUX=disabled" {% endif %} Saltmaster
- 20. Pillars and Grains master:~# salt ‘minion8’ grains.items minion8: ---------- admins: - manji - mehiel biosversion: Bochs <snip> id: minion8 init: systemd ip4_interfaces: ---------- eth0: - 10.10.1.115 lo: - 127.0.0.1 os: Debian os_family: Debian <snip> master:~# salt ‘minion8’ pillar.data minion8: ---------- disabled_services: - rpcbind - nfs-common users: ---------- manji: ---------- email: e.mouzeli@logicea.com enabled: True fullname: effie mouzeli home: /home/manji pub_keys: - ssh-rsa AAAAB3NzaC1y <snip>
- 21. master:~# salt ‘minion8’ state.highstate minion8: ------- ID: basic_pkgs Function: pkg.installed Result: True Comment: 12 targeted packages were installed/updated. The following packages were already installed: less, bzip2, wget, ngrep Started: 18:25:18.805716 Duration: 61584.232 ms Changes: ---------- curl: ---------- new: 7.38.0-4+deb8u3 old: <snip> Summary for minion8 ------------- Succeeded: 21 (changed=1) Failed: 0 ------------- Total states run: 21 Salt Minion
- 22. Salt Messages Publish job: salt/job/20160414115046162293/new { "_stamp": "2016-04-14T08:50:46.166360", "arg": [ "defaults" ], "fun": "state.sls", "jid": "20160414115046162293", "minions": [ "minion8" ], "tgt": "minion8", "tgt_type": "glob", "user": "root" } Return Result: salt/job/20160414115046162293/ret/minion8 { "_stamp": "2016-04-14T08:50:48.239998", "cmd": "_return", "fun": "state.sls", "fun_args": [ "defaults" ], "id": "minion8", "jid": "20160414115046162293", "out": "highstate", "retcode": 0, "return": { "pkg_|-basic_pkgs_|-basic_pkgs_|- installed": { "__run_num__": 5, "changes": {}, "comment": "All specified packages are already installed", "duration": 6.319, "name": "lsof", "result": true, "start_time": "11:50:47.161264" }, <snip> "success": true }
- 23. Highstate Flow
- 24. Advanced Topics Reactors Runners Orchestration Beer Communication Custom salt modules
- 25. Do not Forget • You need some python and some coding skills • Use a quick solution when requirements are unknown/not clear • Refactor when possible • Try to make reusable states, don’t repeat yourself (DRY) • Try to not over engineer (resist the temptation) • Always write documentation • Be patient, this is NOT easy • Keep your #YOLO moments to a minimum
- 26. Sources - Useful Links • Images from The World’s End (2013) and edgarwright @ flickr.com • https://docs.saltstack.com/ • https://github.com/saltstack-formulas • https://github.com/ministryofjustice/salt-shaker • https://github.com/harkx/saltstack-cheatsheet • https://www.digitalocean.com/community/tutorials/an-introduction-to-saltstack- terminology-and-concepts • http://bencane.com/2013/09/03/getting-started-with-saltstack-by-example-automatically- installing-nginx/ • http://leonardinius.galeoconsulting.com/2014/08/devops-101-on-saltstack-example/ • https://puppet.com/blog/how-to-choose-right-tools-processes-for-devops • How sysadmins devalue themselves - https://queue.acm.org/detail.cfm?id=2891413 • and of course, https://en.wikipedia.org Thanks to: kargig, kyriakos and andrew for their comments and feedback
- 27. Questions?
- 28. Thank You !