SaltStack, profile picture
Uploaded bySaltStack
PDF, PPTX2,194 views

Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Management with SaltStack

The document discusses configuration management using SaltStack, outlining its flexibility and ease of use in managing both physical and virtual infrastructures. It covers fundamental concepts such as user and package management, as well as the architecture and terminology related to SaltStack operations. The conclusion emphasizes the importance of choosing the right configuration management system for specific projects and highlights the capabilities of SaltStack beyond just configuration management.

Embed presentation

Download as PDF, PPTX
Configuration Management with SaltStack Act II Arnold Bechtoldt Berlin, 14.05.14
2 1.  Configuration Management Systems 2.  SaltStack Fundamentals 3.  SaltStack Inside 4.  Conclusions 5.  Showcase/ Walkthrough Topics
3 ‣  Linux-Systems Engineer at inovex GmbH ‣  Develop lots of features for (Open Source) Datacenter Management ‣  Provisioning of physical & virtual infrastructure ‣  SaltStack user since December, 2012 (~ v0.10.x) About me arnold.bechtoldt@inovex.de
4 ‣  Provides a wide set of IT services: §  Application Development §  Mobile Development §  Business Intelligence §  IT Engineering & Operations §  Consulting §  Trainings ‣  Cool projects with great Open Source Software ‣  Teams of high-experienced engineers ‣  We have excellent job offers in Karlsruhe, Cologne, Munich and Pforzheim! About inovex inovex.de
5 Configuration Management Systems (a.k.a. CMS) Configuration Management with SaltStack Part 1
6 ‣  Support building a defined infrastructure ‣  Support managing a defined infrastructure ‣  Definition of infrastructure in code (“Infrastructure as code”) ‣  Configuration Management requires Software Development Configuration Management Systems Definition
7 1.  Create a user (if needed): postfix 2.  Install a package (or more): postfix, postfix-pcre 3.  Create or change a file (configure a service): /etc/postfix/main.cf 4.  Enable and start the service: chkconfig postfix on; service postfix start Configuration Management Systems Traditional
8 1.  User Management 2.  Package Management 3.  File Management 4.  Service Management What if we need m o r e ? Configuration Management Systems Limitations
9 SaltStack Fundamentals Configuration Management with SaltStack Part 2
10 Salt … 1.  … is extremely flexible. 2.  … is very easy to use. 3.  … has lots of exciting features. 4.  … is fast. 5.  … makes sysadmin’s life easier. SaltStack Fundamentals Why Salt?
11 ‣  It’s all about (simple) data ‣  Central place for configuration ‣  Asynchronous (send commands to 10,000 server at a time in seconds) ‣  Configuration management ‣  Remote execution ‣  Core functions are available as execution modules ‣  Hundreds of state + execution modules ‣  Easy to extend ‣  Separate data and code easily with pillars SaltStack Fundamentals Why Salt? (2)
12 SaltStack Inside Configuration Management with SaltStack Part 3
13 Different software, different names: ‣  Minion: The client itself ‣  Master: Manages minions ‣  Grains: Standard set of client system information ‣  Pillars: User-defined set of information ‣  State: User-defined description of a state of a file, package, … ‣  Formulas: Collection of user-defined states ‣  State Module: Set of state functions for files, packages, LVM, MySQL, … ‣  Execution Module: Predefined commands executed on the minions ‣  Jinja: Default template renderer SaltStack Inside Terminology
14 SaltStack Inside Default Architecture Master Minion ZeroMQ MinionMinion Minion Minion
15 You specify minion targeting to apply states, pillars or commands to a desired set of minions: ‣  Globbing: feweb*.domain.local, *.domain.local, feweb[1-3].domain.local ‣  PCRE: fe(web|mail)1.domain.local ‣  Grains: ‘os:CentOS’, ‘saltversion:2014.1.1’ ‣  Pillars: ‘role:mailserver’, ‘cluster_name:fehomepage’ ‣  Lists: feweb1.domain…, feweb2.domain…, feweb3.domain… ‣  Nodegroups: Predefined list of minions ‣  Compound (Mix): Mix of the above targeting types (operators: and, or, not) ‣  Batch Size: 4, 10% (execute on X minions at a time) SaltStack Inside Minion Targeting
16 Components using a top file: ‣  States ‣  Pillars What they do: ‣  Map minions with states ‣  Map minions with pillars ‣  Map minions with environments SaltStack Inside The Top Files
17 Top of States dev: 'mailserver*dev*': - postfix.satellite qa: 'mailserver*qa*': - postfix.satellite prod: 'mailserver*prod*': - postfix.satellite - monitoring SaltStack Inside The Top Files (2) Top of Pillars dev: 'mailserver*dev*': - postfix.dev qa: 'mailserver*qa*': - postfix.qa prod: 'mailserver*prod*': - postfix.prod - monitoring.prod
18 SaltStack Inside States postfix: pkg: - installed - names: - postfix - postfix-pcre service: - running - watch: - file: /etc/postfix/main.cf Dict/ Hash: State ID List/ Array: State Module Any: Parameters
19 SaltStack Inside States (2) /etc/postfix/main.cf: file: - managed - source: salt://postfix/files/satellite.main.cf - user: root - group: postfix - mode: 640 - template: jinja
postscreen_dnsbl_sites: - zen.spamhaus.org*2 - ix.dnsbl.manitu.net*2 - dnsbl.sorbs.net=127.0.0.[2;3;5;6;7;9;10] - list.dnswl.org=127.0.[0..255].0*-1 - list.dnswl.org=127.0.[0..255].[2..3]*-3 any: generic: list: - foo: oof bar: rab 20 type: satellite relayhost: smtp.domain.local inet_protocols: - ipv4 soft_bounce: True postscreen: - greylisting - pregreet - dnsbl mynetworks: 127.0.0.0/8 [::ffff:127... SaltStack Inside Pillars
21 Store top files, states (formulas), templates, custom modules, pillars, etc. on ‣  Local filesystems ‣  Git Repositories ‣  SVN Repositories ‣  Mercurial Repositories ‣  MinionFS (distributed over several hosts) ‣  Amazon S3 Separate them by ‣  Environments/ teams ‣  Projects ‣  Pillars ‣  … SaltStack Inside Fileserver Backends
22 Access data by: ‣  Pillars: {{ salt[‘pillar.get’](‘inet_protocols’, [‘ipv4’, ‘ipv6’]) }} ‣  Grains: {{ salt[‘grains.get’](‘os_family’) }} ‣  Peer Publish: {{ salt[‘publish.publish’](‘web*’, ‘grains.item’, ‘fqdn’) }} ‣  Mine: {{ salt[‘pillar.item’](‘mine_functions:network.interfaces’) }} ‣  Local env variables: {% set foo = ‘bar’ %} {{ foo }} ‣  Deserializing: load_json(‘file.json’) / load_yaml(‘file.yaml’) / … ‣  … These are available in: ‣  Top Files ‣  State Files ‣  Template Files ‣  Pillar Files ‣  … SaltStack Inside Data Access
23 One tool to rule them all: ‣  $ salt ‘*’ state.sls ferm saltenv=prod ‣  $ salt ‘*’ state.highstate test=False ‣  $ salt ‘*’ gem.install foreman_provision ‣  $ salt ‘*’ hadoop.dfs ls / ‣  $ salt ‘*’ lxc.unfreeze bigfoot ‣  $ salt ‘*’ network.traceroute inovex.de ‣  $ salt ‘*’ pkg.install openssl refresh=True $ salt ‘*’ service.restart nginx ‣  $ salt ‘*’ dockerio.pull index.docker.io:MyRepo/image foo ‣  $ salt ‘*’ tomcat.deploy_war salt://application.war /api yes http://localhost:8080/ ‣  $ salt –C ‘I@role:mailserver and (P@os:Debian or S@192.168.42.0/24)’ … SaltStack Inside Configuration Management + Remote Execution
24 feweb1.domain.local: ---------- ID: ferm Function: pkg.installed Result: True Comment: All specified packages are already installed. Changes: ---------- ID: ferm Function: file.managed Name: /etc/ferm/ferm.conf Result: True Comment: File /etc/ferm/ferm.conf updated Changes: ---------- diff: SaltStack Inside Configuration Management + Remote Execution (2) --- @@ -1,33 +1,31 @@ ... ---------- ID: ferm Function: service.running Result: True Comment: Service restarted Changes: ---------- ferm: True Summary ------------ Succeeded: 3 Failed: 0 ------------ Total: 3
25 Conclusions Configuration Management with SaltStack Part 4
26 1.  Choose the CMS which fits to your project, everyone is different 2.  If you spend more time creating automation instead of saving it, something is wrong 3.  Salt can help you managing large and complex infrastructures 4.  SaltStack can do even more than CM: Salt-Cloud, Salt-Virt, Salt SSH, Salt Proxy, … 5.  Salt can help you making your customers and yourself happy Conclusions IMHO
27 Basic configuration: ‣  /bechtoldt/network-formula ‣  /bechtoldt/time-formula DNS/ DHCP: ‣  /bechtoldt/binddns-formula ‣  /bechtoldt/iscdhcp-formula Lifecycle Management (physical + virtual servers): ‣  Foreman: /bechtoldt/foreman-formula Cloud management: ‣  OpenNebula: /bechtoldt/opennebula-formula ‣  OpenStack: /EntropyWorks/salt-openstack/tree/formula Showcase/ Walkthrough Code at Github.com
28 Github.com/bechtoldt – Github.com/saltstack-formulas – talks.arbe.io Thank You Questions? Contact Arnold Bechtoldt Linux-Systems Engineer inovex GmbH Office Karlsruhe Ludwig-Erhard-Allee 6 D-76131 Karlsruhe +49 (0)173 31 81 117 arnold.bechtoldt@inovex.de „Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst.“

More Related Content

PDF
A user's perspective on SaltStack and other configuration management tools
bySaltStack
 
PDF
Spot Trading - A case study in continuous delivery for mission critical finan...
bySaltStack
 
PDF
The SaltStack Pub Crawl - Fosscomm 2016
byeffie mouzeli
 
PPT
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
bySaltStack
 
PDF
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
bySaltStack
 
PPT
SaltConf14 - Oz Akan, Rackspace - Deploying OpenStack Marconi with SaltStack
bySaltStack
 
PDF
SaltConf14 - Forrest Alvarez, Choice Hotels - Salt Formulas and States
bySaltStack
 
PDF
Salt conf 2014-installing-openstack-using-saltstack-v02
byYazz Atlas
 
A user's perspective on SaltStack and other configuration management tools
bySaltStack
 
Spot Trading - A case study in continuous delivery for mission critical finan...
bySaltStack
 
The SaltStack Pub Crawl - Fosscomm 2016
byeffie mouzeli
 
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
bySaltStack
 
SaltConf14 - Ryan Lane, Wikimedia - Immediate consistency with Trebuchet Depl...
bySaltStack
 
SaltConf14 - Oz Akan, Rackspace - Deploying OpenStack Marconi with SaltStack
bySaltStack
 
SaltConf14 - Forrest Alvarez, Choice Hotels - Salt Formulas and States
bySaltStack
 
Salt conf 2014-installing-openstack-using-saltstack-v02
byYazz Atlas
 

What's hot

PPTX
Vagrant, Ansible, and OpenStack on your laptop
byLorin Hochstein
 
PPTX
SaltStack Configuration Management
byNathan Sickler
 
PPTX
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
byPuppet
 
PDF
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
byOpenStack Korea Community
 
PDF
Red Hat Satellite 6 - Automation with Puppet
byMichael Lessard
 
PDF
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
byOpen Source Consulting
 
PDF
Steve Singer - Managing PostgreSQL with Puppet @ Postgres Open
byPostgresOpen
 
PDF
StackiFest16: Building a Cart
byStackIQ
 
PDF
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
byStackIQ
 
PDF
docker build with Ansible
byBas Meijer
 
PPTX
Salty OPS – Saltstack Introduction
byWalter Liu
 
PDF
StackiFest 16: Stacki Overview- Anoop Rajendra
byStackIQ
 
PDF
Configuration management and orchestration with Salt
byAnirban Saha
 
PDF
Salt conf 2014 - Using SaltStack in high availability environments
byBenjamin Cane
 
PDF
Refactoring Katello Installer modules - Ewoud Kohl van Wijngaarden
byNETWAYS
 
PDF
Chef Provisioning a Chef Server Cluster - ChefConf 2015
byChef
 
PDF
OpenNebula and SaltStack - OpenNebulaConf 2013
bydatabus.pro
 
PDF
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
byOpenStack Korea Community
 
PDF
SaltConf14 - Anita Kuno, HP & OpenStack - Using SaltStack for event-driven or...
bySaltStack
 
PPTX
SaltConf 2014: Safety with powertools
byThomas Jackson
 
Vagrant, Ansible, and OpenStack on your laptop
byLorin Hochstein
 
SaltStack Configuration Management
byNathan Sickler
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
byPuppet
 
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
byOpenStack Korea Community
 
Red Hat Satellite 6 - Automation with Puppet
byMichael Lessard
 
[오픈소스컨설팅] EFK Stack 소개와 설치 방법
byOpen Source Consulting
 
Steve Singer - Managing PostgreSQL with Puppet @ Postgres Open
byPostgresOpen
 
StackiFest16: Building a Cart
byStackIQ
 
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
byStackIQ
 
docker build with Ansible
byBas Meijer
 
Salty OPS – Saltstack Introduction
byWalter Liu
 
StackiFest 16: Stacki Overview- Anoop Rajendra
byStackIQ
 
Configuration management and orchestration with Salt
byAnirban Saha
 
Salt conf 2014 - Using SaltStack in high availability environments
byBenjamin Cane
 
Refactoring Katello Installer modules - Ewoud Kohl van Wijngaarden
byNETWAYS
 
Chef Provisioning a Chef Server Cluster - ChefConf 2015
byChef
 
OpenNebula and SaltStack - OpenNebulaConf 2013
bydatabus.pro
 
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
byOpenStack Korea Community
 
SaltConf14 - Anita Kuno, HP & OpenStack - Using SaltStack for event-driven or...
bySaltStack
 
SaltConf 2014: Safety with powertools
byThomas Jackson
 

Viewers also liked

PDF
Automated Application Management with SaltStack
byinovex GmbH
 
PDF
Introduction to SaltStack
byAymen EL Amri
 
PDF
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
byAnimesh Singh
 
PDF
Erfolgsfaktoren von Datenprodukten
byinovex GmbH
 
PDF
Continuous Integration for Fun and Profit
byinovex GmbH
 
PDF
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
byinovex GmbH
 
PDF
Gitlab meets Kubernetes
byinovex GmbH
 
PDF
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
bySaltStack
 
PDF
Configuration Management - Finding the tool to fit your needs
bySaltStack
 
PDF
SysDig Metriken zentralisieren
byinovex GmbH
 
PDF
Configuration Management vs. Container Automation
byinovex GmbH
 
PDF
SaltConf14 - Yazz Atlas, HP Cloud - Installing OpenStack using SaltStack
bySaltStack
 
PDF
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
bySaltStack
 
PDF
Salt Air 19 - Intro to SaltStack RAET (reliable asyncronous event transport)
bySaltStack
 
PPTX
Integration testing for salt states using aws ec2 container service
bySaltStack
 
PDF
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
byinovex GmbH
 
Automated Application Management with SaltStack
byinovex GmbH
 
Introduction to SaltStack
byAymen EL Amri
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
byAnimesh Singh
 
Erfolgsfaktoren von Datenprodukten
byinovex GmbH
 
Continuous Integration for Fun and Profit
byinovex GmbH
 
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
byinovex GmbH
 
Gitlab meets Kubernetes
byinovex GmbH
 
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
bySaltStack
 
Configuration Management - Finding the tool to fit your needs
bySaltStack
 
SysDig Metriken zentralisieren
byinovex GmbH
 
Configuration Management vs. Container Automation
byinovex GmbH
 
SaltConf14 - Yazz Atlas, HP Cloud - Installing OpenStack using SaltStack
bySaltStack
 
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
bySaltStack
 
Salt Air 19 - Intro to SaltStack RAET (reliable asyncronous event transport)
bySaltStack
 
Integration testing for salt states using aws ec2 container service
bySaltStack
 
Sprachsteuerung mit dem Google Assistant – Add a new User Interface to your P...
byinovex GmbH
 

Similar to Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Management with SaltStack

PDF
SaltStack
byPatrick Pierson
 
PDF
SaltStack For DevOps, Free Sample
byAymen EL Amri
 
PDF
SaltStack – (Not) just another Automation & Remote Execution Tool
byinovex GmbH
 
PDF
A3Sec Advanced Deployment System
bya3sec
 
ODP
Configuration Management and Salt
by55020
 
PDF
Saltstack - Orchestration & Application Deployment
byinovex GmbH
 
PPTX
Salting new ground one man ops from scratch
byJay Harrison
 
PPTX
Configuration management
byLuca De Vitis
 
PDF
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
byDaniel Krook
 
PDF
OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions
bycroldham
 
PDF
Salt - A Scalable Systems Management Solution for Datacenters
byB1 Systems GmbH
 
PDF
OSDC 2016 - Scalable Systems Management with Salt Stack by Sebastian Meyer
byNETWAYS
 
PDF
OSDC 2016 | Scalable Systems Management with SaltStack by Sebastian Meyer
byNETWAYS
 
PDF
ODSC 2016 - Scalable Systems Management with Salt Stack by Sebastian Meyer
byNETWAYS
 
PDF
Why SaltStack ?
bySUSE
 
PPT
SaltConf14 - Saurabh Surana, HP Cloud - Automating operations and support wit...
bySaltStack
 
PDF
Orchestrate Event-Driven Infrastructure with SaltStack
byLove Nyberg
 
PDF
Getting started with salt stack
bySuresh Paulraj
 
PDF
Getting started with salt stack
bySuresh Paulraj
 
PDF
Introduction to Systems Management with SaltStack
byCraig Sebenik
 
SaltStack
byPatrick Pierson
 
SaltStack For DevOps, Free Sample
byAymen EL Amri
 
SaltStack – (Not) just another Automation & Remote Execution Tool
byinovex GmbH
 
A3Sec Advanced Deployment System
bya3sec
 
Configuration Management and Salt
by55020
 
Saltstack - Orchestration & Application Deployment
byinovex GmbH
 
Salting new ground one man ops from scratch
byJay Harrison
 
Configuration management
byLuca De Vitis
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
byDaniel Krook
 
OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions
bycroldham
 
Salt - A Scalable Systems Management Solution for Datacenters
byB1 Systems GmbH
 
OSDC 2016 - Scalable Systems Management with Salt Stack by Sebastian Meyer
byNETWAYS
 
OSDC 2016 | Scalable Systems Management with SaltStack by Sebastian Meyer
byNETWAYS
 
ODSC 2016 - Scalable Systems Management with Salt Stack by Sebastian Meyer
byNETWAYS
 
Why SaltStack ?
bySUSE
 
SaltConf14 - Saurabh Surana, HP Cloud - Automating operations and support wit...
bySaltStack
 
Orchestrate Event-Driven Infrastructure with SaltStack
byLove Nyberg
 
Getting started with salt stack
bySuresh Paulraj
 
Getting started with salt stack
bySuresh Paulraj
 
Introduction to Systems Management with SaltStack
byCraig Sebenik
 

More from SaltStack

PDF
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
bySaltStack
 
PDF
SaltStack - An open source software story
bySaltStack
 
PDF
Real-time Infrastructure Management with SaltStack - OpenWest 2013
bySaltStack
 
PDF
Real-time Cloud Management with SaltStack
bySaltStack
 
PPT
SaltConf14 - Brendan Burns, Google - Management at Google Scale
bySaltStack
 
PPTX
SaltConf14 - Thomas Jackson, LinkedIn - Safety with Power Tools
bySaltStack
 
PDF
Writing SaltStack Modules - OpenWest 2013
bySaltStack
 
PDF
SaltConf14 - Justin Carmony, Deseret Digital Media - Teaching Devs About DevOps
bySaltStack
 
PDF
Adding to your Python Armory - OpenWest 2013
bySaltStack
 
SaltConf14 - Eric johnson, Google - Orchestrating Google Compute Engine with ...
bySaltStack
 
SaltStack - An open source software story
bySaltStack
 
Real-time Infrastructure Management with SaltStack - OpenWest 2013
bySaltStack
 
Real-time Cloud Management with SaltStack
bySaltStack
 
SaltConf14 - Brendan Burns, Google - Management at Google Scale
bySaltStack
 
SaltConf14 - Thomas Jackson, LinkedIn - Safety with Power Tools
bySaltStack
 
Writing SaltStack Modules - OpenWest 2013
bySaltStack
 
SaltConf14 - Justin Carmony, Deseret Digital Media - Teaching Devs About DevOps
bySaltStack
 
Adding to your Python Armory - OpenWest 2013
bySaltStack
 

Recently uploaded

PDF
Projectlify: Everything You Need to Get Things Done
byRafal Ksiazek
 
PPTX
apidays Australia 2025 | Hey man, which one will deploy much faster, API or kid?
byapidays
 
PDF
Gojek Clone Business Strategy: From Launch to Scale
byV3CUBE TECHNOLABS
 
PDF
A Complete Guide to Progressive Web App and Their Development
byMaxtra Technologies
 
PDF
Introduction to Microsoft 365 Security and Compliance.pdf
byjohnsonsouza5
 
PDF
Edge AI vs Cloud AI: Why Frontend Developers Must Master On-Device Machine Le...
byWorkfall hire developers
 
PDF
apidays Australia 2025 | Designing with workflows: Using Arazzo and OpenAPI f...
byapidays
 
PDF
09920-2 JE40CP MB 48.4GY02.021 Schematic Acer Aspire 4741.pdf
bydakjuel1
 
PDF
IoT/OT Security: Penetration Testing for an Expanding Attack Surface.pdf
byCybernetic Global Intelligence
 
PDF
Salesforce Careers in 2026_ Trends, Certifications, and Must-Have Skills
byDele Amefo
 
PDF
What-Every-Tech-Leader-Needs-to-Know-About-AI-in-2025.pdf
byrishabhxbohra
 
PDF
apidays Australia 2025 | APIs in Government: A blueprint to automating Busine...
byapidays
 
PPTX
apidays Australia 2025 | Advanced GraphQL Security with AI Driven Threat Dete...
byapidays
 
PDF
Malware_Detection_A_Framework_for_Reverse_Engineered_Android_Applications_Thr...
byKiritiyadavGoskula
 
PDF
contusion pulmonar y antibiotico en el atls
byMARIAPETRONILAMONTAO
 
PDF
Postmates Clone App Delivery Service Business Solution.pdf
byV3CUBE TECHNOLABS
 
PPTX
wAIred_RabobankWRProducts__22012026.pptx
bySimonedeGijt
 
PPTX
Anomalies in Relational Database Management systems.pptx
byamutham12
 
Projectlify: Everything You Need to Get Things Done
byRafal Ksiazek
 
apidays Australia 2025 | Hey man, which one will deploy much faster, API or kid?
byapidays
 
Gojek Clone Business Strategy: From Launch to Scale
byV3CUBE TECHNOLABS
 
A Complete Guide to Progressive Web App and Their Development
byMaxtra Technologies
 
Introduction to Microsoft 365 Security and Compliance.pdf
byjohnsonsouza5
 
Edge AI vs Cloud AI: Why Frontend Developers Must Master On-Device Machine Le...
byWorkfall hire developers
 
apidays Australia 2025 | Designing with workflows: Using Arazzo and OpenAPI f...
byapidays
 
09920-2 JE40CP MB 48.4GY02.021 Schematic Acer Aspire 4741.pdf
bydakjuel1
 
IoT/OT Security: Penetration Testing for an Expanding Attack Surface.pdf
byCybernetic Global Intelligence
 
Salesforce Careers in 2026_ Trends, Certifications, and Must-Have Skills
byDele Amefo
 
What-Every-Tech-Leader-Needs-to-Know-About-AI-in-2025.pdf
byrishabhxbohra
 
apidays Australia 2025 | APIs in Government: A blueprint to automating Busine...
byapidays
 
apidays Australia 2025 | Advanced GraphQL Security with AI Driven Threat Dete...
byapidays
 
Malware_Detection_A_Framework_for_Reverse_Engineered_Android_Applications_Thr...
byKiritiyadavGoskula
 
contusion pulmonar y antibiotico en el atls
byMARIAPETRONILAMONTAO
 
Postmates Clone App Delivery Service Business Solution.pdf
byV3CUBE TECHNOLABS
 
wAIred_RabobankWRProducts__22012026.pptx
bySimonedeGijt
 
Anomalies in Relational Database Management systems.pptx
byamutham12
 

Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Management with SaltStack

  • 1.
    Configuration Management withSaltStack Act II Arnold Bechtoldt Berlin, 14.05.14
  • 2.
    2 1.  Configuration ManagementSystems 2.  SaltStack Fundamentals 3.  SaltStack Inside 4.  Conclusions 5.  Showcase/ Walkthrough Topics
  • 3.
    3 ‣  Linux-Systems Engineerat inovex GmbH ‣  Develop lots of features for (Open Source) Datacenter Management ‣  Provisioning of physical & virtual infrastructure ‣  SaltStack user since December, 2012 (~ v0.10.x) About me arnold.bechtoldt@inovex.de
  • 4.
    4 ‣  Provides awide set of IT services: §  Application Development §  Mobile Development §  Business Intelligence §  IT Engineering & Operations §  Consulting §  Trainings ‣  Cool projects with great Open Source Software ‣  Teams of high-experienced engineers ‣  We have excellent job offers in Karlsruhe, Cologne, Munich and Pforzheim! About inovex inovex.de
  • 5.
    5 Configuration Management Systems (a.k.a.CMS) Configuration Management with SaltStack Part 1
  • 6.
    6 ‣  Support buildinga defined infrastructure ‣  Support managing a defined infrastructure ‣  Definition of infrastructure in code (“Infrastructure as code”) ‣  Configuration Management requires Software Development Configuration Management Systems Definition
  • 7.
    7 1.  Create auser (if needed): postfix 2.  Install a package (or more): postfix, postfix-pcre 3.  Create or change a file (configure a service): /etc/postfix/main.cf 4.  Enable and start the service: chkconfig postfix on; service postfix start Configuration Management Systems Traditional
  • 8.
    8 1.  User Management 2. Package Management 3.  File Management 4.  Service Management What if we need m o r e ? Configuration Management Systems Limitations
  • 9.
  • 10.
    10 Salt … 1.  …is extremely flexible. 2.  … is very easy to use. 3.  … has lots of exciting features. 4.  … is fast. 5.  … makes sysadmin’s life easier. SaltStack Fundamentals Why Salt?
  • 11.
    11 ‣  It’s allabout (simple) data ‣  Central place for configuration ‣  Asynchronous (send commands to 10,000 server at a time in seconds) ‣  Configuration management ‣  Remote execution ‣  Core functions are available as execution modules ‣  Hundreds of state + execution modules ‣  Easy to extend ‣  Separate data and code easily with pillars SaltStack Fundamentals Why Salt? (2)
  • 12.
  • 13.
    13 Different software, differentnames: ‣  Minion: The client itself ‣  Master: Manages minions ‣  Grains: Standard set of client system information ‣  Pillars: User-defined set of information ‣  State: User-defined description of a state of a file, package, … ‣  Formulas: Collection of user-defined states ‣  State Module: Set of state functions for files, packages, LVM, MySQL, … ‣  Execution Module: Predefined commands executed on the minions ‣  Jinja: Default template renderer SaltStack Inside Terminology
  • 14.
  • 15.
    15 You specify miniontargeting to apply states, pillars or commands to a desired set of minions: ‣  Globbing: feweb*.domain.local, *.domain.local, feweb[1-3].domain.local ‣  PCRE: fe(web|mail)1.domain.local ‣  Grains: ‘os:CentOS’, ‘saltversion:2014.1.1’ ‣  Pillars: ‘role:mailserver’, ‘cluster_name:fehomepage’ ‣  Lists: feweb1.domain…, feweb2.domain…, feweb3.domain… ‣  Nodegroups: Predefined list of minions ‣  Compound (Mix): Mix of the above targeting types (operators: and, or, not) ‣  Batch Size: 4, 10% (execute on X minions at a time) SaltStack Inside Minion Targeting
  • 16.
    16 Components using atop file: ‣  States ‣  Pillars What they do: ‣  Map minions with states ‣  Map minions with pillars ‣  Map minions with environments SaltStack Inside The Top Files
  • 17.
    17 Top of States dev: 'mailserver*dev*': -postfix.satellite qa: 'mailserver*qa*': - postfix.satellite prod: 'mailserver*prod*': - postfix.satellite - monitoring SaltStack Inside The Top Files (2) Top of Pillars dev: 'mailserver*dev*': - postfix.dev qa: 'mailserver*qa*': - postfix.qa prod: 'mailserver*prod*': - postfix.prod - monitoring.prod
  • 18.
    18 SaltStack Inside States postfix: pkg: - installed -names: - postfix - postfix-pcre service: - running - watch: - file: /etc/postfix/main.cf Dict/ Hash: State ID List/ Array: State Module Any: Parameters
  • 19.
    19 SaltStack Inside States (2) /etc/postfix/main.cf: file: -managed - source: salt://postfix/files/satellite.main.cf - user: root - group: postfix - mode: 640 - template: jinja
  • 20.
    postscreen_dnsbl_sites: - zen.spamhaus.org*2 - ix.dnsbl.manitu.net*2 -dnsbl.sorbs.net=127.0.0.[2;3;5;6;7;9;10] - list.dnswl.org=127.0.[0..255].0*-1 - list.dnswl.org=127.0.[0..255].[2..3]*-3 any: generic: list: - foo: oof bar: rab 20 type: satellite relayhost: smtp.domain.local inet_protocols: - ipv4 soft_bounce: True postscreen: - greylisting - pregreet - dnsbl mynetworks: 127.0.0.0/8 [::ffff:127... SaltStack Inside Pillars
  • 21.
    21 Store top files,states (formulas), templates, custom modules, pillars, etc. on ‣  Local filesystems ‣  Git Repositories ‣  SVN Repositories ‣  Mercurial Repositories ‣  MinionFS (distributed over several hosts) ‣  Amazon S3 Separate them by ‣  Environments/ teams ‣  Projects ‣  Pillars ‣  … SaltStack Inside Fileserver Backends
  • 22.
    22 Access data by: ‣ Pillars: {{ salt[‘pillar.get’](‘inet_protocols’, [‘ipv4’, ‘ipv6’]) }} ‣  Grains: {{ salt[‘grains.get’](‘os_family’) }} ‣  Peer Publish: {{ salt[‘publish.publish’](‘web*’, ‘grains.item’, ‘fqdn’) }} ‣  Mine: {{ salt[‘pillar.item’](‘mine_functions:network.interfaces’) }} ‣  Local env variables: {% set foo = ‘bar’ %} {{ foo }} ‣  Deserializing: load_json(‘file.json’) / load_yaml(‘file.yaml’) / … ‣  … These are available in: ‣  Top Files ‣  State Files ‣  Template Files ‣  Pillar Files ‣  … SaltStack Inside Data Access
  • 23.
    23 One tool torule them all: ‣  $ salt ‘*’ state.sls ferm saltenv=prod ‣  $ salt ‘*’ state.highstate test=False ‣  $ salt ‘*’ gem.install foreman_provision ‣  $ salt ‘*’ hadoop.dfs ls / ‣  $ salt ‘*’ lxc.unfreeze bigfoot ‣  $ salt ‘*’ network.traceroute inovex.de ‣  $ salt ‘*’ pkg.install openssl refresh=True $ salt ‘*’ service.restart nginx ‣  $ salt ‘*’ dockerio.pull index.docker.io:MyRepo/image foo ‣  $ salt ‘*’ tomcat.deploy_war salt://application.war /api yes http://localhost:8080/ ‣  $ salt –C ‘I@role:mailserver and (P@os:Debian or S@192.168.42.0/24)’ … SaltStack Inside Configuration Management + Remote Execution
  • 24.
    24 feweb1.domain.local: ---------- ID: ferm Function: pkg.installed Result:True Comment: All specified packages are already installed. Changes: ---------- ID: ferm Function: file.managed Name: /etc/ferm/ferm.conf Result: True Comment: File /etc/ferm/ferm.conf updated Changes: ---------- diff: SaltStack Inside Configuration Management + Remote Execution (2) --- @@ -1,33 +1,31 @@ ... ---------- ID: ferm Function: service.running Result: True Comment: Service restarted Changes: ---------- ferm: True Summary ------------ Succeeded: 3 Failed: 0 ------------ Total: 3
  • 25.
  • 26.
    26 1.  Choose theCMS which fits to your project, everyone is different 2.  If you spend more time creating automation instead of saving it, something is wrong 3.  Salt can help you managing large and complex infrastructures 4.  SaltStack can do even more than CM: Salt-Cloud, Salt-Virt, Salt SSH, Salt Proxy, … 5.  Salt can help you making your customers and yourself happy Conclusions IMHO
  • 27.
    27 Basic configuration: ‣  /bechtoldt/network-formula ‣ /bechtoldt/time-formula DNS/ DHCP: ‣  /bechtoldt/binddns-formula ‣  /bechtoldt/iscdhcp-formula Lifecycle Management (physical + virtual servers): ‣  Foreman: /bechtoldt/foreman-formula Cloud management: ‣  OpenNebula: /bechtoldt/opennebula-formula ‣  OpenStack: /EntropyWorks/salt-openstack/tree/formula Showcase/ Walkthrough Code at Github.com
  • 28.
    28 Github.com/bechtoldt – Github.com/saltstack-formulas– talks.arbe.io Thank You Questions? Contact Arnold Bechtoldt Linux-Systems Engineer inovex GmbH Office Karlsruhe Ludwig-Erhard-Allee 6 D-76131 Karlsruhe +49 (0)173 31 81 117 arnold.bechtoldt@inovex.de „Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst.“