Downloaded 16 times
![States
# cat /etc/salt/states/top.sls
base:
'*':
- defaults
- users
# cat /etc/salt/states/defaults/
init.sls
basic_pkgs:
pkg.installed:
- install_recommends: False
- pkgs:
- screen:
- lsof:
- ngrep:
openssh-server:
pkg:
- installed
service:
- name: ssh
- running
- enable: True
- watch:
- file: /etc/ssh/sshd_config
file.managed:
- name: /etc/ssh/sshd_config
- source: salt://defaults/sshd_config
- require:
- pkg: openssh-server
{% if grains['os_family'] == "RedHat" %}
disable_selinux:
file.managed:
- name: /etc/selinux/config
- contents: "SELINUX=disabled"
{% endif %}
Saltmaster](https://image.slidesharecdn.com/m9fdcmrrsga0munegxaq-signature-8f2facabb9b231444a9f2c0a20f74cb189698411ac7bbc4085bbc8d81a95f690-poli-160417205508/75/The-SaltStack-Pub-Crawl-Fosscomm-2016-19-2048.jpg)
![Salt Messages
Publish job:
salt/job/20160414115046162293/new {
"_stamp":
"2016-04-14T08:50:46.166360",
"arg": [
"defaults"
],
"fun": "state.sls",
"jid": "20160414115046162293",
"minions": [
"minion8"
],
"tgt": "minion8",
"tgt_type": "glob",
"user": "root"
}
Return Result:
salt/job/20160414115046162293/ret/minion8 {
"_stamp": "2016-04-14T08:50:48.239998",
"cmd": "_return",
"fun": "state.sls",
"fun_args": [
"defaults"
],
"id": "minion8",
"jid": "20160414115046162293",
"out": "highstate",
"retcode": 0,
"return": {
"pkg_|-basic_pkgs_|-basic_pkgs_|-
installed": {
"__run_num__": 5,
"changes": {},
"comment": "All specified packages
are already installed",
"duration": 6.319,
"name": "lsof",
"result": true,
"start_time": "11:50:47.161264"
},
<snip>
"success": true
}](https://image.slidesharecdn.com/m9fdcmrrsga0munegxaq-signature-8f2facabb9b231444a9f2c0a20f74cb189698411ac7bbc4085bbc8d81a95f690-poli-160417205508/75/The-SaltStack-Pub-Crawl-Fosscomm-2016-22-2048.jpg)
Uploaded byeffie mouzeli
The SaltStack Pub Crawl - Fosscomm 2016
SaltStack is an open source configuration management and orchestration tool. It allows users to provision, deploy, and manage infrastructure and applications across multiple cloud and virtual systems. SaltStack uses a master-minion architecture with a master server to control and manage minions (agent servers). Key features include remote execution, configuration management, orchestration abilities, and a communication bus to manage infrastructure at scale.
More Related Content
![[오픈소스컨설팅] EFK Stack 소개와 설치 방법](https://cdn.slidesharecdn.com/ss_thumbnails/elasticstack-210712042246-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...](https://cdn.slidesharecdn.com/ss_thumbnails/tunnelwithouttunnel-181022130534-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016
- 1.
- 2. about me ☃ systems engineer@Logicea LLC ☃ I have broken development a few times ☃ I have broken production a few more ☃ I hate databases
- 3.
- 4. The Good Companions Configurationmanagement (CM) is a field of management that focuses on establishing and maintaining consistency of a system. (Wikipedia) Design your infrastructure Systems integrity and consistency Provision and automate Create proper processes Cloud Management Version Control Automations and Remote Execution Monitoring, Alerting, Logging
- 5.
- 6.
- 7.
- 8.
- 9.
- 10. So, SaltStack? Saltstack deliversa dynamic infrastructure communication bus used for orchestration, remote execution, configuration management. + Python, YAML, Jinja2, ZeroMQ + Event driven + Master-agent, Masterless (ssh) + Multimaster for HA + Cloud/VM/Containers support + Orchestration + Reactors + Runners + Guaranteed execution order
- 11. So, SaltStack? Saltstack deliversa dynamic infrastructure communication bus used for orchestration, remote execution, configuration management. - Relatively young project - Changes rapidly - Its documentation is… challenging - Needs some Python background - Needs design background - If your saltmaster is compromised, LOL
- 12. Terminology Master and Minion TheMaster controls its Minions :p State Modules Code needed to enforce, set up or change the configuration of a target system Pillars Custom data essential for state execution (e.g. user accounts, lists of virtual hosts etc.) Grains Static minion information SLS Files (.sls) Text files containing list of states to execute or, simply pillar data
- 13. Terminology Renderers Render SLS filesand pass information to the state system Templates SaltMine Top Files Highstate
- 14. Architecture • Master-Minion PersistentTCP connection • Two listening ports on Master (4505,4506) • No listening ports on Minions (yey) • ZeroMQ to send/recv messages • Encrypted transport (+custom protocol) • Minions wait for jobs from a remote Master • Minions return job results back to Master
- 15.
- 16. Installation # cat /etc/apt/sources.list.d/saltstack.conf: debhttp://debian.saltstack.com/debian jessie-saltstack main # wget -q -O- "http://debian.saltstack.com/debian-salt-team- joehealy.gpg.key" | apt-key add – # apt-get update Saltmaster master# apt-get install salt-master . . . . . master# salt-key –L Unaccepted Keys: minion8 master# salt-key –A Minion minion8# apt-get install salt-minion minion8# cat /etc/salt/minion master: saltmaster minion8# systemctl restart > salt-minion
- 17. Saltmaster saltmaster:/etc/salt# tree . ├── master ├──pillars │ ├── defaults │ │ └── init.sls │ ├── top.sls │ └── users │ ├── init.sls │ └── gary.sls │ └── oliver.sls └── states ├── defaults │ ├── init.sls │ ├── linux-debian.sls │ ├── linux-centos.sls │ └── sshd_config ├── top.sls └── users └── init.sls
- 18. Saltmaster Config # cat /etc/salt/master file_roots: base: -/etc/salt/states pillar_roots: base: - /etc/salt/pillars Pillars # cat /etc/salt/pillars/top.sls base: '*': - defaults - users # cat /etc/salt/pillars/defaults/init.sls disabled_services: - rpcbind - nfs-common
- 19. States # cat /etc/salt/states/top.sls base: '*': -defaults - users # cat /etc/salt/states/defaults/ init.sls basic_pkgs: pkg.installed: - install_recommends: False - pkgs: - screen: - lsof: - ngrep: openssh-server: pkg: - installed service: - name: ssh - running - enable: True - watch: - file: /etc/ssh/sshd_config file.managed: - name: /etc/ssh/sshd_config - source: salt://defaults/sshd_config - require: - pkg: openssh-server {% if grains['os_family'] == "RedHat" %} disable_selinux: file.managed: - name: /etc/selinux/config - contents: "SELINUX=disabled" {% endif %} Saltmaster
- 20. Pillars and Grains master:~#salt ‘minion8’ grains.items minion8: ---------- admins: - manji - mehiel biosversion: Bochs <snip> id: minion8 init: systemd ip4_interfaces: ---------- eth0: - 10.10.1.115 lo: - 127.0.0.1 os: Debian os_family: Debian <snip> master:~# salt ‘minion8’ pillar.data minion8: ---------- disabled_services: - rpcbind - nfs-common users: ---------- manji: ---------- email: e.mouzeli@logicea.com enabled: True fullname: effie mouzeli home: /home/manji pub_keys: - ssh-rsa AAAAB3NzaC1y <snip>
- 21. master:~# salt ‘minion8’state.highstate minion8: ------- ID: basic_pkgs Function: pkg.installed Result: True Comment: 12 targeted packages were installed/updated. The following packages were already installed: less, bzip2, wget, ngrep Started: 18:25:18.805716 Duration: 61584.232 ms Changes: ---------- curl: ---------- new: 7.38.0-4+deb8u3 old: <snip> Summary for minion8 ------------- Succeeded: 21 (changed=1) Failed: 0 ------------- Total states run: 21 Salt Minion
- 22. Salt Messages Publish job: salt/job/20160414115046162293/new{ "_stamp": "2016-04-14T08:50:46.166360", "arg": [ "defaults" ], "fun": "state.sls", "jid": "20160414115046162293", "minions": [ "minion8" ], "tgt": "minion8", "tgt_type": "glob", "user": "root" } Return Result: salt/job/20160414115046162293/ret/minion8 { "_stamp": "2016-04-14T08:50:48.239998", "cmd": "_return", "fun": "state.sls", "fun_args": [ "defaults" ], "id": "minion8", "jid": "20160414115046162293", "out": "highstate", "retcode": 0, "return": { "pkg_|-basic_pkgs_|-basic_pkgs_|- installed": { "__run_num__": 5, "changes": {}, "comment": "All specified packages are already installed", "duration": 6.319, "name": "lsof", "result": true, "start_time": "11:50:47.161264" }, <snip> "success": true }
- 23.
- 24. Advanced Topics Reactors Runners Orchestration BeerCommunication Custom salt modules
- 25. Do not Forget • You need some python and some coding skills • Use a quick solution when requirements are unknown/not clear • Refactor when possible • Try to make reusable states, don’t repeat yourself (DRY) • Try to not over engineer (resist the temptation) • Always write documentation • Be patient, this is NOT easy • Keep your #YOLO moments to a minimum
- 26. Sources - UsefulLinks • Images from The World’s End (2013) and edgarwright @ flickr.com • https://docs.saltstack.com/ • https://github.com/saltstack-formulas • https://github.com/ministryofjustice/salt-shaker • https://github.com/harkx/saltstack-cheatsheet • https://www.digitalocean.com/community/tutorials/an-introduction-to-saltstack- terminology-and-concepts • http://bencane.com/2013/09/03/getting-started-with-saltstack-by-example-automatically- installing-nginx/ • http://leonardinius.galeoconsulting.com/2014/08/devops-101-on-saltstack-example/ • https://puppet.com/blog/how-to-choose-right-tools-processes-for-devops • How sysadmins devalue themselves - https://queue.acm.org/detail.cfm?id=2891413 • and of course, https://en.wikipedia.org Thanks to: kargig, kyriakos and andrew for their comments and feedback
- 27.
- 28.