Iman Kurniawan gave an introduction to SaltStack, an open source configuration management tool. Some key points: - SaltStack uses a client-server architecture with Salt minions and a Salt master, and supports key-based authentication. - It can manage configurations, apply patches, prevent drift, and set up complex clusters through states, grains, modules and orchestration. - Events can be observed and reacted to through the event reactor. Results can be sent to external datastores using returners. - Iman works for DKatalis, a tech company focusing on digital solutions and growing in multiple locations.

1. PAGE
1
DEVOPS INDONESIA
Iman Kurniawan
SRE at DKatalis
Jakarta, 14 April 2021
DevOps Indonesia (ONLINE) Meetup #43 :
Introduction to SaltStack

2. Introduction to SaltStack
(An Event-Based
Configuration Management)

3. Speaker
Iman Kurniawan
SRE at DKatalis
Previous Experiences:
1. Schlumberger Oilfield Services (Jakarta, Dubai, India)
2. DKatalis (Jakarta)
Can be reached at:
1.https://github.com/footprns
2.https://www.linkedin.com/in/iman-kurniawan-4b738225/
3.https://www.facebook.com/groups/385005352371154/?ref=share

4. Who’s DKatalis?
● A team of tech and digital product enthusiasts,
focusing on building relevant digital solutions.
● The proud engineering arms that create Jago
digital bank app, Amaan digital platform based on
sharia values, and many more solutions to come.
● Growing rapidly in Jakarta, Singapore & Pune
(India).
● Stimulating growth through technology & enabled
by collaborative environment that fosters
creativity and innovation.
www.dkatalis.co

5. “Opinions expressed are
solely my own and do not
express the views or
opinions of my employer.”

6. What is SaltStack
6
● Configuration Management tool that can do orchestration very well
● Written in Python
● Use Client (salt minion) - Server (salt master) architecture
● Using event-driven architecture
● Key based authentication (RSA/AES)
● Oct 2020, acquired by VMWare
● The opensource is in https://docs.saltproject.io/en/latest/

7. Use Case for SaltStack
7
● SecOps - Apply patch according to CVE
● Prevent configuration drift
● Self-remediation / self-healing
● Setup complex cluster (with orchestration)
● Network Automation (using salt-proxy)

8. SaltStack Architecture
8

9. Event System Architecture
● Asynchronous execution
● Events can be observed on Salt Master and Minion

10. Key Based Authentication

11. Salt Command and Grains
● salt <target minion> <module>.<function> <arguments>
● Ex. salt salt-minion-001 pkg.install vim
● Grains is an information about underlying system
● There is custom grains
imankurniawan@salt-master-001:~$ sudo salt salt-minion-001 grains.items
salt-minion-001:
----------
biosreleasedate:
01/01/2011
biosversion:
Google
domain:
asia-southeast2-a.c.jago-sre-gcp-poc.internal
fqdn:
salt-minion-001.asia-southeast2-a.c.jago-sre-gcp-poc.internal
fqdn_ip6:
fqdns:
- salt-minion-001.asia-southeast2-a.c.jago-sre-gcp-poc.internal
salt-minion-001
init:
systemd
ip4_gw:
10.106.64.1
kernel:
Linux
lvm:
----------
machine_id:
bbfd6efc4772103b73e837d5fec91028
os:
Ubuntu
os_family:
Debian
saltpath:
/usr/lib/python3/dist-packages/salt
saltversion:
3002.6
shell:
/bin/sh

12. Salt State
● The state of the host using salt state file (configuration file in yaml format)
● Best practice in salt-formula (https://github.com/saltstack-formulas)
● Example: Last line in text file
add string at the end of file:
file.append:
- name: /tmp/appendfile.txt
- text: last line

13. Salt Returner
● Result data redirected to external data-stores
● Returner list
○ Cassandra
○ Couchdb
○ Elasticsearch
○ MySQL
○ PostgreSQL
○ MongoDB
○ Slack
○ Splunk
○ Sqlite3
○ Nagios
○ Kafka
○ https://docs.saltproject.io/en/latest/ref/returners/all/index.html

14. Salt Reactor
● React (run command) if there is a specific
event
salt/job/20210326152042932642/ret/salt-minion-001 {
"_stamp": "2021-03-26T15:20:51.888045",
"cmd": "_return",
"fun": "state.single",
"fun_args": [
{
"fun": "pkg.installed",
"name": "zsh"
}
],
"id": "salt-minion-001",
"jid": "20210326152042932642",
"out": "highstate",
"retcode": 0,
"return": {
"pkg_|-zsh_|-zsh_|-installed": {
"__id__": "zsh",
"__run_num__": 0,
"__sls__": null,
"changes": {
"zsh": {
"new": "5.4.2-3ubuntu3.1",
"old": ""
},
"zsh-common": {
"new": "5.4.2-3ubuntu3.1",
"old": ""
}
},
"comment": "The following packages were installed/updated:
zsh",
"duration": 7516.035,
"name": "zsh",
"result": true,
"start_time": "15:20:44.357773"
}
},
"success": true
}

15. Salt Beacon
● A process in minion that can translate external events into salt event bus
salt/beacon/salt-minion-001/inotify//etc/important_file {
"_stamp": "2021-03-27T14:25:31.156136",
"change": "IN_IGNORED",
"id": "salt-minion-001",
"path": "/etc/important_file"
}

16. Salt Orchestration
● Orchestrate order of task and
target
----------
ID: apply on minion1
Function: salt.state
Result: True
Comment: States ran successfully. Updating salt-minion-001.
Started: 03:32:04.587496
Duration: 558.065 ms
Changes:
salt-minion-001:
----------
ID: time stamp for orchestration
Function: file.managed
Name: /tmp/timestamp.txt
Result: True
Comment: File /tmp/timestamp.txt updated
Started: 03:32:05.018703
Duration: 12.949 ms
Changes:
----------
diff:
New file
Summary for salt-minion-001
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 12.949 ms
----------
ID: apply on minion2
Function: salt.state
Result: True
Comment: States ran successfully. Updating salt-minion-002.
Started: 03:32:05.145740
Duration: 457.751 ms
Changes:
salt-minion-002:
----------
ID: time stamp for orchestration
Function: file.managed
Name: /tmp/timestamp.txt
Result: True
Comment: File /tmp/timestamp.txt updated
Started: 03:32:05.477723
Duration: 11.74 ms
Changes:
----------
diff:
New file
Summary for salt-minion-002
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 11.740 ms
Summary for salt-master-001.asia-southeast2-a.c.jago-sre-gcp-
poc.internal_master
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 1.016 s

17. Salt API
● Execute salt state from API call
curl -sSk https://localhost:8000/login
-H 'Accept: application/x-yaml'
-d username=saltdev
-d password=saltdev
-d eauth=pam
curl -sSk https://localhost:8000
-H 'Accept: application/x-yaml'
-H 'X-Auth-Token: 2cceff677b76d4b668653bae4055ee471547c2d7'
-d client=local
-d tgt='*'
-d fun=test.ping

18. 1
8
Tips and Tricks
● Don’t execute raw shell script. Execute raw shell as last option
● Use jinja for as template engine
● Separate code logic and configuration value
● Use best practices from salt-formula
● Use virtual environments for salt-minion to avoid python version/update conflict (OS
or application)
● Use salt environment approach
● Use vault to store secret
● Put salt state in git repo and release as salt using CI/CD or use gitfs
● Advance topic, salt proxy, salt syndic (master of master), salt cloud (IaC)

19. More Information About DKatalis
Website : https://dkatalis.co/
Job Opportunity : https://dkatalis.com/opportunity
LinkedIn : DKatalis (Digital Katalis)
https://www.linkedin.com/company/dkatalis/jobs/
Instagram : @dkatalis
https://www.instagram.com/dkatalis/

20. 2
0
Reference
● https://www.digitalocean.com/community/tutorials/an-introduction-to-saltstack-
terminology-and-concepts#tutorial_series_53
● SaltStack-Admin
● https://docs.saltproject.io/

22. PAGE
22
DEVOPS INDONESIA
Stay Connected
@devopsindonesia
http://www.devopsindonesia.com
@IDDevOps
@DevOpsIndonesia
@IDDevOps DevOps Indonesia

23. Alone We are smart, together We are brilliant
THANK YOU !
Quote by Steve Anderson