3. The project - all the firsts
Theirs
➔ First development focused Operations Engineer in the company
➔ First real development effort on a top tier social game - originally for
Zynga.com and Facebook
➔ First foray into DevOps methodology
➔ First use of AWS services - EC2, ELB, RDS, Elasticache, S3, Cloudfront,
Route53
➔ First use of configuration management
Mine
➔ First time without a team
➔ First time building a complete application stack from scratch
➔ First time being the big dog
4. One man crusade
➔ DevOps methodology
◆ Culture - People and process first. Get the mindset right.
◆ Automate - As much as possible. CI/Infrastructure as code.
◆ Lean - Fast and stable
◆ Metrics - Measure everything. Show the improvements.
◆ Sharing - Open information distribution. Collaborate.
➔ Taking the Ops out of Dev - but in a good way
➔ Evangelising all over the company, not just within the project team.
➔ Fingers in many pies - web development, mobile game support, internal IT
operations
➔ Push the agenda - but in a good way
➔ Try and sooth the hesitancy to rely on one guy - build accessible tools and
automation
5. Building a stack from scratch (nearly)
➔ Starting from 2 hand-configured web servers
➔ No infrastructure security
➔ No monitoring
➔ No config management
➔ No DR process
➔ No docs
➔ No application logging
➔ No log collection
➔ No scaling strategy
➔ No out of hours support
➔ No database standardisation
➔ No metrics
6. And now for the science
Building a stack from scratch - Config Management System Requirements
Quick to get started +
Straightforward setup and maintenance +
Easy to modify and manage +
Modular and expandable
=
github.com/saltstack
www.saltstack.org
7. SaltStack - Salt
➔ Written in Python
➔ First and foremost - a remote execution system
➔ Master/Minions arrangement - can be multi-master or standalone
➔ Secure, encrypted protocol running over ZeroMQ
◆ public keys for authentication with the master, then faster AES encryption for payload
communication
➔ Fast & scalable - 10’s to 1000’s of endpoints
➔ Targeted execution via minion name, glob, regex, grains (tags) , IPs,
nodegroups etc
salt '*' cmd.run "uptime" or
salt -G 'os:Ubuntu' cmd.run "ps -ef | grep java" or
salt 'live-product-app0[0-9]' grains.items
9. SaltStack config management
➔ Using Salt States (c.f. recipes,
manifests, playbooks etc)
➔ YAML formatted
➔ Human readable
➔ Jinja templating for logic and
conditionals
➔ Simple hierarchical layout >>
◆ top.sls as master tree
➔ One line command runs every
state specified in top.sls on
every targeted box:
salt '*'
state.highstate
# nginx/init.sls
nginx:
pkg:
- installed
service:
- running
- watch:
- pkg: nginx
- file: /etc/nginx/nginx.conf
/etc/nginx/nginx.conf:
file.managed:
- source: salt://nginx/nginx.conf
- require:
- pkg: nginx
# top.sls
base:
'*':
- core
- python
- snmp
'os:Ubuntu':
- match: grain
- nginx
- php
'id:*log*':
- match: grain
- logstash
- elasticsearch
etc
10. SaltCloud instance provisioning
➔ Supporting multiple providers (at least partially): AWS EC2, Digital Ocean,
GoGrid, IBM SCE, JoyEnt, Linode, Rackspace, Softlayer
➔ And platforms: CloudStack, OpenStack, Parallels, Saltify, Salty-Vagrant
➔ Templating for providers:
ec2-live:
securitygroup:
- default
- live
provider: ec2
location: eu-west-1
minion:
master: live-product-master00.product.com
And instances:
ec2-live-app:
provider: ec2-live
image: ami-ce7b6fba
size: m1.large
ssh_username: ubuntu
➔ One line command to provision a box:
salt-cloud -p ec2-live-app live-product-app00
11. Additional components
➔ Pillar - Global value store for all minions
➔ Events - Listens for, publishes and sends events internally, to the master
or to a 3rd Party
➔ Reactor - Logic engine to allow Events to trigger actions
➔ Syndic - Allows multi-master and other complicated setups hierarchies
➔ Scheduler - execution of any salt command on master or minions
➔ Halite - Experimental Web-UI
➔ Mine - used to collect arbitrary data from minions and store it on the
master
➔ Virt - Virtual machine management - networking, images, disks etc
➔ SSH - Experimental - uses SSH rather than ZeroMQ and agent (hence
slower)
➔ Kitchen-Salt - Experimental provisioner for Test-Kitchen
12. Moderately clever other stuff
➔ Automated
◆ Route53 configuration using EC2 tags and boto
◆ Monitoring discovery
◆ Deployment configuration using estate intelligence
◆ Assignment of Product/Service/Environment grains based on AWS
name tag
➔ RDS/ELB graphing from Cloudwatch metrics using CWGraph
➔ Beaver/Logstash/Elasticsearch/Kibana log aggregation service all Salty
13. Salty goodness
➔ Vibrant & responsive community
◆ Google groups, IRC, Github issues,
SaltConf, meetups
➔ Easy to get started
➔ Under active development -
good response to issues
➔ Docs are sometimes
patchy/dated/disorganised
➔ Can be complex to configure -
lots of loosely coupled modules
➔ Under active development - can
be buggy
& badness
14. Places to start
Docs
salt.readthedocs.org
github.com/saltstack
Discussion
groups.google.com/group/salt-users
IRC: freenode #salt
This Presentation
http://goo.gl/FxS6pp
Tutorials
http://goo.gl/2U5l37 - getting started
http://goo.gl/Ontu2j - step by step with nginx
http://goo.gl/TvD29f - good examples of remote execution
tools and multi distro setup
Sample States
http://saltstarters.org/ - states github search
jay@percussiverepair.net
github.com/PercussiveRepair
@PercussiveFix
15. Other links
Good overview slides:
http://www.slideshare.net/SaltStack/an-
overvisaltstack-presentation-clean
http://www.slideshare.net/SaltStack/realtime-
infrastructure-management-with-saltstack-seth-
house
Notes de l'éditeur
First development focused Operations Engineer in the company
First real development effort on a top tier social game (originally for Zynga.com and Facebook)
First foray into DevOps methodology
First use of AWS services (in anger)
First use of configuration management (not what I had believed - Chef in interview)
First time without a team
First time building a complete application stack from scratch (previously maintaining or improving existing infra)
First time being the big dog (deciding operational approach, methodology, architecture, security, you name it)
DevOps methodology
-Build the Culture
-Automate (Infrastructure as a Service, Infrastructure as code)
-Measure
-Sharing
Separating Dev from Ops (Not “this is now Ops territory, back off” but “let me help you by taking that concern off your shoulders and automating the crap out of it”)
Evangelising (What config management can do for everyone. Bringing non-functional requirements to the table. Making sure scalability, resilience and monitoring are all considered)
Fingers in many pies (Help as many people as possible see the benefits)
Push the agenda
Salt is a distributed remote execution system used to execute commands and query data.
simple to set up and maintain, regardless of the size of the project.
architecture is designed to work with any number of servers, from a handful of local network systems to international deployments across disparate datacenters.
topology is a simple server/client model with the needed functionality built into a single set of daemons. While the default configuration will work with little to no modification, salt can be fine tuned to meet specific needs.
remote commands to be called in parallel rather than in serial,
use a secure and encrypted protocol,
smallest and fastest network payloads possible
simple programmer interface.
targeting
networking layer is built with zeromq networking library,
so salt itself contains a viable, and transparent, active message queue (AMQ) broker inside the daemon.
public keys for authentication with the master daemon, then uses faster AES encryption for payload communication, this means that authentication and encryption are also built into Salt. Salt takes advantage of communication via Python pickles (serialised strings), enabling fast and light network traffic.
simple expansion, Salt execution routines can be written as plain Python modules, and the data collected from salt executions can be sent back to the master server, or to any arbitrary program (returners).
can be called via API, or from the command line, or webUI (halite - in development) so that salt can be used to execute one-off commands as well as operate as an integral part of a larger application.
Salt is developed under the Apache 2.0 licence
Node group
A predefined group of minions declared in the master configuration file nodegroups setting as a compound target. Nodegroups are declared using a compound target specification.
The nodegroups master config file parameter is used to define nodegroups. Here's an example nodegroup configuration within /etc/salt/master:
nodegroups:
group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'