Introduction to Systems Management with SaltStack
-
Upload
craig-sebenik -
Category
Technology
-
view
368 -
download
4
Transcript of Introduction to Systems Management with SaltStack
![Page 1: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/1.jpg)
Introduction to Systems Management
with SaltStack
Craig Sebenik Infrastructure Engineer@Matterport
3 Oct 2015
![Page 2: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/2.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 3: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/3.jpg)
What Is SaltStack?• System and Configuration Management
• Encrypted communication channel
• Remote execution framework
• 100% open: one of the most active on github
• Scales to tens of thousands of nodes
• Built (and extended) with python
![Page 4: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/4.jpg)
What Am I Covering?• Simple/quick overview of salt
• Very simple examples
• Only a basic single master topology
• Only the core functionality
• Glossing over details: ask questions!
![Page 5: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/5.jpg)
Who Am I?• Degrees in Chemistry, Mathematics, Food
• Computational Chemist (lifetime ago)
• Abbott Labs, Eastman Kodak, Parke-Davis
• Sysadmin/SRE
• NetApp, LinkedIn, Matterport
![Page 6: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/6.jpg)
One More Thing About Me…
![Page 7: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/7.jpg)
Quick History Of Salt• Initial release in March 2011
• States added a few months later
• Pillars added March 2012
• Salt SSH added Sept 2013
• Salt Cloud merged in Jan 2014
• Custom transport (RAET) added in Jul 2014
![Page 8: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/8.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 9: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/9.jpg)
Minions and Master• Master: central command and control
• Minion: paired with master
• Encrypted communication
• Communication over ZeroMQ using MessagePack
• Target minions based on their attributes
![Page 10: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/10.jpg)
Quick Example
![Page 11: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/11.jpg)
What Does This Mean?
• Central management of many nodes
• Ensuring hosts match a “recipe”
• Easy to add more hosts that match a template
![Page 12: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/12.jpg)
PUB-SUB
master minion1
minion2
4505
![Page 13: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/13.jpg)
Returning Data
master minion1
minion2
4506
![Page 14: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/14.jpg)
Targeting Minions• List: “minion1,minion2
• Globs: “minion*”
• Regular expression: “minion([2|3])”
• Grains: “OS: Ubuntu”
• Combinations of the above
![Page 15: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/15.jpg)
Set up Trust With salt-key• Salt uses standard public key encryption
• Key exchange
• Master needs to verify identity of minions
• User needs to “accept” the minion’s key
• Minion’s public key stored on master
• Master’s public key stored on minion
![Page 16: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/16.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 17: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/17.jpg)
Execution Modules• Salt comes with over 100 modules
• Over 1000 functions
• Examples:
• pkg.install, pkg.remove
• file.copy, file.find, file.chown
• user.add, user.info
![Page 18: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/18.jpg)
Minor Vocabulary Clarification
• Modules contains functions
• Modules correspond to python files
• Functions correspond to methods
• There are some exceptions, but beyond today’s scope
![Page 19: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/19.jpg)
Add User To All Hosts
![Page 20: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/20.jpg)
What’s Happening• Master looks at target (‘\*’) and determines hosts
• Puts message out on event bus
• Over ZeroMQ using messagepack
• Minion sees message and executes
• All execution is on minion, not master
• Minion returns data back to master
![Page 21: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/21.jpg)
Master Maintains Job Data
• Job cache on master
• Contains history of jobs run and data returned
• Tools to query the job cache
• Default is to cache 24 hours of history
• Performance penalties when storing longer
![Page 22: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/22.jpg)
Commands Sent In Parallel
• Command sent via event bus
• Minions see and execute
• Jobs are done asynchronously
![Page 23: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/23.jpg)
Can Run Locally
• Command to run locally: salt-call
• No central coordination
• Data *IS* still returned to master
• Can bypass with “—local” flag
![Page 24: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/24.jpg)
Documentation
• Function called “sys.doc”
• Uses python docstrings
• Important when writing your own custom modules/functions
![Page 25: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/25.jpg)
salt-call Example
![Page 26: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/26.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 27: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/27.jpg)
States• Recipe for how a host should be configured
• Default file format is YAML (with jinja)
• Write state files on the master
• Master will sync to minion automatically
• States use the remote execution framework
• But, they are not the same
![Page 28: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/28.jpg)
State Example
![Page 29: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/29.jpg)
Running State Example
![Page 30: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/30.jpg)
Running highstate
• Running individual states can be tedious
• Collect all states for a host (or “template”) in a single file: top.ls
• Called: top file
• Target just like running the “salt” command
![Page 31: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/31.jpg)
Example Top File
![Page 32: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/32.jpg)
Running highstate
![Page 33: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/33.jpg)
Targeting Example
![Page 34: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/34.jpg)
Running Targeting Example
![Page 35: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/35.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 36: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/36.jpg)
Data: Minion and Master
• Grains: minion side data
• Example: host operating system
• Pillars: master side data
• Example: database passwords
![Page 37: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/37.jpg)
Grains: Minion-Side Data• Data gathered on the minion
• Master has a cache of minion grains
• Salt comes with a number of grains built in
• OS name (eg CentOS)
• number of CPUs
• kernel version
![Page 38: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/38.jpg)
Viewing Grains
![Page 39: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/39.jpg)
Targeting With Grains
![Page 40: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/40.jpg)
Adding Grains• Minion config
• /etc/salt/grains
• Via command
• sudo salt minion grains.setval foo bar
• Via python (will discuss later)
![Page 41: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/41.jpg)
Pillars: Master-Side Data
• Data sent to a specific minion (from master)
• Typically used for sensitive data
• E.g. passwords
• Uses a “top file” (just like “states”)
![Page 42: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/42.jpg)
Pillar Example
![Page 43: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/43.jpg)
Running Pillar Example
![Page 44: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/44.jpg)
Targeted Pillar Data
![Page 45: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/45.jpg)
Running Targeted Pillars
![Page 46: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/46.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 47: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/47.jpg)
Extending Salt• Jinja
• Custom modules/functions (python)
• salt python API (LocalClient)
• Customizations are synced via salt command
• Easy to automate
![Page 48: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/48.jpg)
Templates Using jinja
• Jinja is a widely used python templating language
• Inspired by Django’s templates
• Default template for flask applications
• Gives basic control commands to flat files
![Page 49: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/49.jpg)
Jinja Example
![Page 50: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/50.jpg)
Running The ‘vim state’
![Page 51: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/51.jpg)
Python Module/Function
![Page 52: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/52.jpg)
Custom Modules are NOT Automatically Synced
![Page 53: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/53.jpg)
Running hello.world
![Page 54: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/54.jpg)
Docstrings Are Important
![Page 55: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/55.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 56: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/56.jpg)
Demo Minions
• minion1: development database server
• minion2: development application server
• minion3: production database server
• minion4: production application server
![Page 57: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/57.jpg)
• Introduction
• Architecture Overview
• Execution Modules
• States
• Data - Minion and Master
• Extending Salt
• Demo
• Summary
![Page 58: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/58.jpg)
Summary• Master and minions encrypted communications
• Grains: minion-side data, Pillars: master-side data
• Execution functions run on the minions
• States are formulas/recipes to define a host
• Collect multiple states with highstate
• Lots of ways to extend salt functionality
![Page 59: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/59.jpg)
Other Features• Runners: master side orchestration
• Orchestrate Runner: master coordination of states
• Salt cloud: manage cloud virtual machines
• Salt ssh: like normal salt without minion process
• More advanced topologies
• multi-master
• master-less minions (with salt-call)
• GitFS
![Page 60: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/60.jpg)
References
• https://docs.saltstack.com/en/latest/
• https://docs.saltstack.com/en/getstarted/
• https://github.com/saltstack/salt
![Page 61: Introduction to Systems Management with SaltStack](https://reader031.fdocuments.us/reader031/viewer/2022013123/587cf7201a28ab564b8b73c5/html5/thumbnails/61.jpg)
Questions?
@craigs55 irc:chitown
https://www.linkedin.com/in/craigsebenik
Yes, we’re hiring! http://matterport.com/positions/