Debconf14 : Putting some salt in your Debian systems -- Julien Cristau
Click here to load reader
description
Transcript of Debconf14 : Putting some salt in your Debian systems -- Julien Cristau
![Page 2: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/2.jpg)
What is salt?
● Remote execution framework● Set of tools built around that framework, including config management
![Page 3: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/3.jpg)
Why salt?
● Written in python● Using yaml for state description● Great documentation● Big and growing community● Fast-moving
![Page 4: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/4.jpg)
Why not salt?
● Young and fast-moving● Written in python● Rolls its own crypto
![Page 5: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/5.jpg)
Terminology
● Master, minions● Grain● Pillar● State● Top file● Highstate
![Page 6: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/6.jpg)
Adding a minion
● Install salt-minion
http://debian.saltstack.com/● Tell it where the master is
echo master: salt.logilab.fr > /etc/salt/minion.d/master.conf
● Check and accept the key on the master
salt-key -a mynewminion
![Page 7: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/7.jpg)
Remote execution
$ salt '*' test.ping
$ salt 'db*' cmd.run pg_lsclusters
$ salt -G 'oscodename:jessie' grains.item \ kernelrelease
![Page 8: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/8.jpg)
Config management
● Using yaml (by default) to describe desired system state
● Templating with jinja● Grains/pillars/... available for targetting and in
template context
![Page 9: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/9.jpg)
Top file (2)
/srv/salt/top.sls
base:
'*':
- common
'role:webserver':
- match: grain
- apache
![Page 10: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/10.jpg)
SLS files
/srv/salt/common.sls
basepkgs:
pkg.install:
- pkgs:
- vim
- less
- debsums
![Page 11: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/11.jpg)
SLS files (continued)
/srv/salt/apache/init.sls
apache2:
- pkg.installed
- service.running:
- require:
- pkg: apache2
- watch:
{% for vhost in pillar['vhosts'] %}
- file: /etc/apache2/sites-available/{{ vhost }}
{% endfor %}
![Page 12: Debconf14 : Putting some salt in your Debian systems -- Julien Cristau](https://reader038.fdocuments.in/reader038/viewer/2022100518/559c7daf1a28ab97288b4737/html5/thumbnails/12.jpg)
Other nice things
● Integration with cloud and virtualization APIs with salt-cloud and salt-virt
● Provisioning, pre-approval of minion keys● Automatic highstate on boot or on a schedule