The SaltStack Pub Crawl
-
Upload
effie-mouzeli -
Category
Software
-
view
703 -
download
0
Transcript of The SaltStack Pub Crawl
![Page 1: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/1.jpg)
R Q
![Page 2: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/2.jpg)
about me ☃ systems engineer @Logicea LLC
☃ I have broken development a few times
☃ I have broken production a few more
☃ I hate databases
![Page 3: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/3.jpg)
about this
![Page 4: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/4.jpg)
The Good Companions Configuration management (CM) is a field of management that focuses on establishing and maintaining consistency of a system. (Wikipedia) Design your infrastructure Systems integrity and consistency Provision and automate Create proper processes Cloud Management Version Control Automations and Remote Execution Monitoring, Alerting, Logging
![Page 5: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/5.jpg)
Configuration Management
![Page 6: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/6.jpg)
Configuration Management
![Page 7: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/7.jpg)
Configuration Management
![Page 8: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/8.jpg)
Configuration Management
![Page 9: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/9.jpg)
kk
YAML
![Page 10: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/10.jpg)
So, SaltStack? Saltstack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management.
+ Python, YAML, Jinja2, ZeroMQ
+ Event driven
+ Master-agent, Masterless (ssh)
+ Multimaster for HA
+ Cloud/VM/Containers support
+ Orchestration
+ Reactors
+ Runners
+ Guaranteed execution order
![Page 11: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/11.jpg)
So, SaltStack? Saltstack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management.
- Relatively young project
- Changes rapidly
- Its documentation is… challenging
- Needs some Python background
- Needs design background
- If your saltmaster is compromised, LOL
![Page 12: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/12.jpg)
Terminology Master and Minion The Master controls its Minions :p State Modules Code needed to enforce, set up or change the configuration of a target system Pillars Custom data essential for state execution (e.g. user accounts, lists of virtual hosts etc.) Grains Static minion information SLS Files (.sls) Text files containing list of states to execute or, simply pillar data
![Page 13: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/13.jpg)
Terminology Renderers Render SLS files and pass information to the state system Templates SaltMine Top Files Highstate
![Page 14: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/14.jpg)
Architecture • Master-Minion Persistent TCP
connection
• Two listening ports on Master (4505,4506)
• No listening ports on Minions (yey)
• ZeroMQ to send/recv messages
• Encrypted transport (+custom protocol)
• Minions wait for jobs from a remote Master
• Minions return job results back to Master
![Page 15: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/15.jpg)
Architecture
![Page 16: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/16.jpg)
Installation # cat /etc/apt/sources.list.d/saltstack.conf:
deb http://debian.saltstack.com/debian jessie-saltstack main
# wget -q -O- "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" | apt-key add –
# apt-get update
Saltmaster
master# apt-get install salt-master
.
.
.
.
.
master# salt-key –L
Unaccepted Keys:
minion8
master# salt-key –A
Minion
minion8# apt-get install salt-minion
minion8# cat /etc/salt/minion
master: saltmaster
minion8# systemctl restart \
> salt-minion
![Page 17: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/17.jpg)
Saltmaster saltmaster:/etc/salt# tree
.
├── master
├── pillars
│ ├── defaults
│ │ └── init.sls
│ ├── top.sls
│ └── users
│ ├── init.sls
│ └── gary.sls
│ └── oliver.sls
└── states
├── defaults
│ ├── init.sls
│ ├── linux-debian.sls
│ ├── linux-centos.sls
│ └── sshd_config
├── top.sls
└── users
└── init.sls
![Page 18: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/18.jpg)
Saltmaster Config
# cat /etc/salt/master
file_roots:
base:
- /etc/salt/states
pillar_roots:
base:
- /etc/salt/pillars
Pillars
# cat /etc/salt/pillars/top.sls
base:
'*':
- defaults
- users
# cat /etc/salt/pillars/defaults/init.sls
disabled_services:
- rpcbind
- nfs-common
![Page 19: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/19.jpg)
States
# cat /etc/salt/states/top.sls
base:
'*':
- defaults
- users
# cat /etc/salt/states/defaults/init.sls
basic_pkgs:
pkg.installed:
- install_recommends: False
- pkgs:
- screen:
- lsof:
- ngrep:
openssh-server:
pkg:
- installed
service:
- name: ssh
- running
- enable: True
- watch:
- file: /etc/ssh/sshd_config
file.managed:
- name: /etc/ssh/sshd_config
- source: salt://defaults/sshd_config
- require:
- pkg: openssh-server
{% if grains['os_family'] == "RedHat" %}
disable_selinux:
file.managed:
- name: /etc/selinux/config
- contents: "SELINUX=disabled"
{% endif %}
Saltmaster
![Page 20: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/20.jpg)
Pillars and Grains master:~# salt ‘minion8’ grains.items
minion8: ---------- admins: - manji - mehiel biosversion: Bochs <snip>
id: minion8 init: systemd ip4_interfaces: ---------- eth0: - 10.10.1.115 lo: - 127.0.0.1 os: Debian os_family: Debian <snip>
master:~# salt ‘minion8’ pillar.data
minion8:
----------
disabled_services:
- rpcbind
- nfs-common
users:
----------
manji:
----------
email:
enabled:
True
fullname:
effie mouzeli
home:
/home/manji
pub_keys:
- ssh-rsa AAAAB3NzaC1y
<snip>
![Page 21: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/21.jpg)
master:~# salt ‘minion8’ state.highstate minion8: ------- ID: basic_pkgs Function: pkg.installed Result: True Comment: 12 targeted packages were installed/updated. The following packages were already installed: less, bzip2, wget, ngrep Started: 18:25:18.805716 Duration: 61584.232 ms Changes: ---------- curl: ---------- new: 7.38.0-4+deb8u3 old: <snip> Summary for minion8 ------------- Succeeded: 21 (changed=1) Failed: 0 -------------
Total states run: 21
Salt Minion
![Page 22: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/22.jpg)
Salt Messages Publish job:
salt/job/20160414115046162293/new {
"_stamp": "2016-04-14T08:50:46.166360",
"arg": [
"defaults"
],
"fun": "state.sls",
"jid": "20160414115046162293",
"minions": [
"minion8"
],
"tgt": "minion8",
"tgt_type": "glob",
"user": "root"
}
Return Result:
salt/job/20160414115046162293/ret/minion8 { "_stamp": "2016-04-14T08:50:48.239998",
"cmd": "_return", "fun": "state.sls", "fun_args": [ "defaults" ], "id": "minion8", "jid": "20160414115046162293", "out": "highstate",
"retcode": 0,
"return": {
"pkg_|-basic_pkgs_|-basic_pkgs_|-installed": {
"__run_num__": 5, "changes": {},
"comment": "All specified packages are already installed", "duration": 6.319, "name": "lsof",
"result": true, "start_time": "11:50:47.161264" }, <snip>
"success": true }
![Page 23: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/23.jpg)
Highstate Flow
![Page 24: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/24.jpg)
Advanced Topics Reactors
Runners
Orchestration
Beer Communication
Custom salt modules
![Page 25: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/25.jpg)
Do not Forget • You need some python and some coding
skills
• Use a quick solution when requirements are unknown/not clear
• Refactor when possible
• Try to make reusable states, don’t repeat yourself (DRY)
• Try to not over engineer (resist the temptation)
• Always write documentation
• Be patient, this is NOT easy
• Keep your #YOLO moments to a minimum
![Page 26: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/26.jpg)
Sources - Useful Links • Images from The World’s End (2013) and edgarwright @ flickr.com • https://docs.saltstack.com/ • https://github.com/saltstack-formulas • https://github.com/ministryofjustice/salt-shaker • https://github.com/harkx/saltstack-cheatsheet • https://www.digitalocean.com/community/tutorials/an-introduction-to-saltstack-
terminology-and-concepts • http://bencane.com/2013/09/03/getting-started-with-saltstack-by-example-automatically-
installing-nginx/ • http://leonardinius.galeoconsulting.com/2014/08/devops-101-on-saltstack-example/ • https://puppet.com/blog/how-to-choose-right-tools-processes-for-devops • How sysadmins devalue themselves - https://queue.acm.org/detail.cfm?id=2891413 • and of course, https://en.wikipedia.org
Thanks to: kargig, kyriakos and andrew for their comments and feedback
![Page 27: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/27.jpg)
Questions?
![Page 28: The SaltStack Pub Crawl](https://reader031.fdocuments.in/reader031/viewer/2022021422/5a668e837f8b9a0c768b48c1/html5/thumbnails/28.jpg)
Thank You !