SlideShare une entreprise Scribd logo
1  sur  39
Télécharger pour lire hors ligne
Salt at school 
by Flavio Castelli & Silvio Moioli
Agenda 
• Motivation 
• Requirements & current status 
• Deployment process 
• Salt primer 
• Benefits 
• Salt’s Good, Bad and Ugly
Motivation 
• Windows XP EOL ⇒ machine EOL 
• Lots of machines need replacement 
• Public school has budget problems! 
• Linux is the (only) way out
Requirements 
• Edubuntu 
• Additional educational open source software 
• Must run on available hardware
Requirements 
• Two schools’ labs: 
• Torre Boldone, Flavio’s hometown, 30+ PCs 
• Mozzo, Silvio’s hometown, 15+ PCs 
• Scarce manpower: Flavio, Silvio and two others 
(unexperienced and in Torre Boldone only)
Current status 
• Mozzo: 13 clients and 1 server migrated, in use 
• Torre Boldone: 15 clients migrated, 15 to come
Deployment process 
• Server: copy of a VM on a host 
• Clients: 
• Stage 1: PXE boot and base installation 
• Stage 2: proper configuration with Salt
Stage 1 (installer) 
• Setup storage: disk wiping and partitioning 
• Creation of unique and persistent hostname 
• Minimal package installation: text only, sshd, 
salt-minion
Stage 2 (Salt) 
• Turn Ubuntu into Edubuntu 
• Install additional software 
• Apply ad hoc configurations: 
• reconfigure repo mirror (to local server) 
• use lightdm/GNOME 2 as default WM 
• user account creation, automatic login 
• ntp client
DHCP TFTP HTTP ØMQ BIOS 
DISCOVER 
DHCP server 
dnsmasq 
BIOS 
OFFER (IP, DNS, TFTP server 
name) 
DHCP server 
dnsmasq 
BIOS 
RRQ 
TFTP server 
dnsmasq 
BIOS 
DATA (image ⊃ kernel options ⊃ 
kickstart and preseed URL) 
TFTP server 
dnsmasq 
salt-minion daemon 
hostname, salt key 
salt-master deamon 
salt-minion daemon 
salt commands 
salt-master deamon 
salt-minion daemon 
salt grains 
salt-master deamon 
Installer 
kickstart, preseed, package 
requests/responses 
HTTP server 
Apache httpd 
kickstart post-install 
script 
HTTP request (I am be:ef:ba:be: 
00:01) 
mac2address 
Go app 
kickstart post-install 
script 
HTTP response (I baptize you 
lab12) 
mac2address 
Go app
DHCP TFTP BIOS 
DISCOVER 
DHCP server 
dnsmasq 
BIOS 
OFFER (IP, DNS, TFTP server 
name) 
DHCP server 
dnsmasq 
BIOS 
RRQ 
TFTP server 
dnsmasq 
BIOS 
DATA (image ⊃ kernel options ⊃ 
kickstart and preseed URL) 
TFTP server 
dnsmasq
TFTP HTTP BIOS 
DATA (image ⊃ kernel options ⊃ 
kickstart and preseed URL) 
TFTP server 
dnsmasq 
salt-minion daemon 
hostname, salt key 
salt-master deamon 
Installer 
kickstart, preseed, package 
requests/responses 
HTTP server 
Apache httpd 
kickstart post-install 
script 
HTTP request (I am be:ef:ba:be: 
00:01) 
mac2address 
Go app 
kickstart post-install 
script 
HTTP response (I baptize you 
lab12) 
mac2address 
Go app
HTTP ØMQ 
salt-minion daemon 
hostname, salt key 
salt-master deamon 
salt-minion daemon 
salt commands 
salt-master deamon 
salt-minion daemon 
salt grains 
salt-master deamon 
HTTP request (I am be:ef:ba:be: 
00:01) 
Go app 
kickstart post-install 
script 
HTTP response (I baptize you 
lab12) 
mac2address 
Go app
Server: nontrivial! 
• dnsmasq, tftpd, ntpd, sshd, httpd, 
mac2hostname! 
• APT package mirror 
• Salt master 
• …also self-managed with Salt!
Salt primer 
RAET 
(master) (message bus) (minions)
Salt primer 
• salt-master and salt-minon are daemons 
written in Python 
• ØMQ is written in C++ with bindings 
• Salt implements strong crypto and 
authentication on top of ØMQ
Salt State (SLS) Modules 
• Represent a state in which a system should be in 
• Composed by State Declarations 
• Text files ending with sls extension 
• YAML files 
• Templates (default Jinja2, others available) 
• Pure Python code
State Declarations 
• Define of “how an aspect of a minion should be” 
• Implemented as calls to State Functions 
• Every Declaration has an ID
State Functions 
• Code that can bring a minion to a specific state 
• Examples: pkg.installed, 
service.running, file.managed… 
• Grouped into modules 
• A library of modules is available
File example 
lightdm_custom_conf_file: # ID! 
file: # State Module name! 
- managed # State Function name! 
- source: salt://lightdm/lightdm.conf! 
- name: /etc/lightdm/lightdm.conf.d/ic_torre_boldone.conf! 
- user: root! 
- group: root! 
- mode: 644! 
- require:! 
- file: lightdm_custom_conf_dir!
Service example 
lightdm:! 
pkg:! 
- installed! 
service:! 
- running! 
- enable: True! 
- watch:! 
- file: lightdm_custom_conf_file! 
- require:! 
- pkg: lightdm!
top.sls 
• special State Module that assigns other State Modules 
to minions 
• can be used to define environments 
• Minions can be matched using: 
• Regular expressions 
• Compound matches: grains, subnet/IP, range cluster 
• Boolean operators available
top.sls 
base:! 
'lab*':! 
- lightdm! 
- software! 
- ntpdate! 
- users! 
'school-server*':! 
- apache! 
- apt-mirror! 
- dnsmasq! 
…
High State 
• special State compiled by Salt by applying all 
relevant State Modules 
• Force minions to high state: 
sudo salt state.highstate lab*
Data in Salt 
• Salt Grains: information from minions 
• Salt Pillars: user-defined data 
• can be YAML or templates 
• has ACLs, eg. for credentials 
• Plain file serving
Templated definition with 
Pillar Example 
{% for symlink_id in pillar.get('symlinks', {}).keys() %}! 
{{symlink_id}}_apache_link:! 
file.symlink:! 
- name: {{pillar.get('symlinks')[symlink_id]['name']}}! 
- target: {{pillar.get('symlinks')[symlink_id]['target']}}! 
- force: True! 
- require:! 
- pkg: apache! 
{% endfor %}
Templated definition with 
Pillar Example 
extra_apache_link:! 
file.symlink:! 
- name: /var/www/html/extras! 
- target: /var/spool/…/ubuntu/! 
- force: True! 
- require:! 
- pkg: apache
Accessing ØMQ directly 
• We want to power off machines at the end of 
Stage 2 
• Not easy to express declaratively 
• More of a “one time command”
Accessing ØMQ directly 
• Solution: 
• Subscribe to ØMQ 
• Look for "highstate successfully completed" 
announcements 
• Send a "shutdown yourself" message to the 
publisher
Accessing ØMQ directly 
• Easy to implement: 
• Official Salt Python module has full access to 
ØMQ 
• Salt messages are easy to understand 
• 76 LOC Python tool (with comments and 
formatting)
Benefits (schools) 
• No more licensing issues 
• Free updates for the next 4 years 
• No need for hardware changes
Benefits (admins) 
• Easy to replicate changes across PCs 
• Easy to enforce a desired state 
• Easy to reinstall a PC from scratch 
• GitHub-based configuration!
Future work 
• Automatically accept all minion keys 
• Automatically force the High State on new 
minions 
• Look into testing frameworks 
• …solve “production” issues!
The Good 
• Simple architecture: Python almost everywhere 
• Easy to setup both on the master and on the 
minion 
• Can trigger execution of system commands on 
the minion 
• ØMQ can be used to extend it 
• Good docs and source code
The Bad 
• Still in its early days 
• Limited amount of existing modules 
• Limited feedback while executing states
The Ugly 
• No Ugly so far!
Resources 
• SaltStack project: http://www.saltstack.com/ 
• Official documentation: http://docs.saltstack.com/ 
• Our Salt files:https://github.com/ic-torre-boldone/salt
Questions?
Thanks for your attention!

Contenu connexe

Tendances

The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016effie mouzeli
 
PXEless Discovery with Foreman
PXEless Discovery with ForemanPXEless Discovery with Foreman
PXEless Discovery with ForemanStephen Benjamin
 
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...OpenStack Korea Community
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
Linux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabLinux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabBen Tullis
 
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...SaltStack
 
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltStack
 
London devops logging
London devops loggingLondon devops logging
London devops loggingTomas Doran
 
Configuration and lifecycle in Mixed environments
Configuration and lifecycle in Mixed environmentsConfiguration and lifecycle in Mixed environments
Configuration and lifecycle in Mixed environmentsDmitry Kireev
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
 
Fluentd at HKOScon
Fluentd at HKOSconFluentd at HKOScon
Fluentd at HKOSconN Masahiro
 
Rex - Lightning Talk yapc.eu 2013
Rex - Lightning Talk yapc.eu 2013Rex - Lightning Talk yapc.eu 2013
Rex - Lightning Talk yapc.eu 2013Jan Gehring
 
Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014lpgauth
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
Configuration management and orchestration with Salt
Configuration management and orchestration with SaltConfiguration management and orchestration with Salt
Configuration management and orchestration with SaltAnirban Saha
 
SaltStack Integration with Foreman (2016)
SaltStack Integration with Foreman (2016)SaltStack Integration with Foreman (2016)
SaltStack Integration with Foreman (2016)Stephen Benjamin
 
FBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp serversFBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp serversAngelo Failla
 
Continuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltContinuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltAnirban Saha
 

Tendances (20)

The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016
 
PXEless Discovery with Foreman
PXEless Discovery with ForemanPXEless Discovery with Foreman
PXEless Discovery with Foreman
 
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea ...
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015
 
Getting modern with my sql
Getting modern with my sqlGetting modern with my sql
Getting modern with my sql
 
Linux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabLinux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and Gitlab
 
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...
 
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
 
London devops logging
London devops loggingLondon devops logging
London devops logging
 
Configuration and lifecycle in Mixed environments
Configuration and lifecycle in Mixed environmentsConfiguration and lifecycle in Mixed environments
Configuration and lifecycle in Mixed environments
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnel
 
Fluentd at HKOScon
Fluentd at HKOSconFluentd at HKOScon
Fluentd at HKOScon
 
Rex - Lightning Talk yapc.eu 2013
Rex - Lightning Talk yapc.eu 2013Rex - Lightning Talk yapc.eu 2013
Rex - Lightning Talk yapc.eu 2013
 
Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
 
Configuration management and orchestration with Salt
Configuration management and orchestration with SaltConfiguration management and orchestration with Salt
Configuration management and orchestration with Salt
 
SaltStack Integration with Foreman (2016)
SaltStack Integration with Foreman (2016)SaltStack Integration with Foreman (2016)
SaltStack Integration with Foreman (2016)
 
FBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp serversFBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp servers
 
Zero mq logs
Zero mq logsZero mq logs
Zero mq logs
 
Continuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and SaltContinuous Deployment with Jenkins and Salt
Continuous Deployment with Jenkins and Salt
 

En vedette

Seminario crittografia-linux-day-2004
Seminario crittografia-linux-day-2004Seminario crittografia-linux-day-2004
Seminario crittografia-linux-day-2004Flavio Castelli
 
Real programmers use programming languages (Not shell scripts)
Real programmers use programming languages (Not shell scripts)Real programmers use programming languages (Not shell scripts)
Real programmers use programming languages (Not shell scripts)thedandan
 
Why zsh is Cooler than Your Shell
Why zsh is Cooler than Your ShellWhy zsh is Cooler than Your Shell
Why zsh is Cooler than Your Shellbrendon_jag
 
Why Zsh is Cooler than Your Shell
Why Zsh is Cooler than Your ShellWhy Zsh is Cooler than Your Shell
Why Zsh is Cooler than Your Shelljaguardesignstudio
 

En vedette (8)

KDE4 ld2007
KDE4 ld2007KDE4 ld2007
KDE4 ld2007
 
Memcached
MemcachedMemcached
Memcached
 
Seminario crittografia-linux-day-2004
Seminario crittografia-linux-day-2004Seminario crittografia-linux-day-2004
Seminario crittografia-linux-day-2004
 
Linux console
Linux consoleLinux console
Linux console
 
The hacker choice
The hacker choiceThe hacker choice
The hacker choice
 
Real programmers use programming languages (Not shell scripts)
Real programmers use programming languages (Not shell scripts)Real programmers use programming languages (Not shell scripts)
Real programmers use programming languages (Not shell scripts)
 
Why zsh is Cooler than Your Shell
Why zsh is Cooler than Your ShellWhy zsh is Cooler than Your Shell
Why zsh is Cooler than Your Shell
 
Why Zsh is Cooler than Your Shell
Why Zsh is Cooler than Your ShellWhy Zsh is Cooler than Your Shell
Why Zsh is Cooler than Your Shell
 

Similaire à Salt at school

Understanding salt modular sub-systems and customization
Understanding salt   modular sub-systems and customizationUnderstanding salt   modular sub-systems and customization
Understanding salt modular sub-systems and customizationjasondenning
 
Tuenti Release Workflow
Tuenti Release WorkflowTuenti Release Workflow
Tuenti Release WorkflowTuenti
 
SCALE12X: Chef for OpenStack
SCALE12X: Chef for OpenStackSCALE12X: Chef for OpenStack
SCALE12X: Chef for OpenStackMatt Ray
 
Tuenti Release Workflow v1.1
Tuenti Release Workflow v1.1Tuenti Release Workflow v1.1
Tuenti Release Workflow v1.1Tuenti
 
Salt conf15 presentation-william-cannon
Salt conf15 presentation-william-cannonSalt conf15 presentation-william-cannon
Salt conf15 presentation-william-cannonWilliam Cannon
 
Infrastructure modeling with chef
Infrastructure modeling with chefInfrastructure modeling with chef
Infrastructure modeling with chefCharles Johnson
 
John adams talk cloudy
John adams   talk cloudyJohn adams   talk cloudy
John adams talk cloudyJohn Adams
 
Using MAMP for Web Development
Using MAMP for Web DevelopmentUsing MAMP for Web Development
Using MAMP for Web DevelopmentEric Greene
 
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014Miguel Zuniga
 
Crash reports pycodeconf
Crash reports pycodeconfCrash reports pycodeconf
Crash reports pycodeconflauraxthomson
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)p3castro
 
Running CentOS on the Facebook fleet
Running CentOS on the Facebook fleetRunning CentOS on the Facebook fleet
Running CentOS on the Facebook fleetDavide Cavalca
 
Apache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpApache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpSander Temme
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDocker, Inc.
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
CNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceCNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceSam Bowne
 
IBM Connections administration – keep your systems running the right way
IBM Connections administration – keep your systems running the right wayIBM Connections administration – keep your systems running the right way
IBM Connections administration – keep your systems running the right wayLetsConnect
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeWO Community
 
Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackAymen EL Amri
 

Similaire à Salt at school (20)

Understanding salt modular sub-systems and customization
Understanding salt   modular sub-systems and customizationUnderstanding salt   modular sub-systems and customization
Understanding salt modular sub-systems and customization
 
Tuenti Release Workflow
Tuenti Release WorkflowTuenti Release Workflow
Tuenti Release Workflow
 
SCALE12X: Chef for OpenStack
SCALE12X: Chef for OpenStackSCALE12X: Chef for OpenStack
SCALE12X: Chef for OpenStack
 
Tuenti Release Workflow v1.1
Tuenti Release Workflow v1.1Tuenti Release Workflow v1.1
Tuenti Release Workflow v1.1
 
Salt conf15 presentation-william-cannon
Salt conf15 presentation-william-cannonSalt conf15 presentation-william-cannon
Salt conf15 presentation-william-cannon
 
Infrastructure modeling with chef
Infrastructure modeling with chefInfrastructure modeling with chef
Infrastructure modeling with chef
 
John adams talk cloudy
John adams   talk cloudyJohn adams   talk cloudy
John adams talk cloudy
 
Using MAMP for Web Development
Using MAMP for Web DevelopmentUsing MAMP for Web Development
Using MAMP for Web Development
 
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
Configuration Management in the Cloud - Cloud Phoenix Meetup Feb 2014
 
Crash reports pycodeconf
Crash reports pycodeconfCrash reports pycodeconf
Crash reports pycodeconf
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)
 
Running CentOS on the Facebook fleet
Running CentOS on the Facebook fleetRunning CentOS on the Facebook fleet
Running CentOS on the Facebook fleet
 
Apache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpApache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling Up
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
 
CNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceCNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise Service
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
 
IBM Connections administration – keep your systems running the right way
IBM Connections administration – keep your systems running the right wayIBM Connections administration – keep your systems running the right way
IBM Connections administration – keep your systems running the right way
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStack
 

Dernier

Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App DevelopmentMobulous Technologies
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Jonathan Katz
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentBOSC Tech Labs
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024ThousandEyes
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 

Dernier (20)

Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App Development
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web Development
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 

Salt at school

  • 1. Salt at school by Flavio Castelli & Silvio Moioli
  • 2. Agenda • Motivation • Requirements & current status • Deployment process • Salt primer • Benefits • Salt’s Good, Bad and Ugly
  • 3. Motivation • Windows XP EOL ⇒ machine EOL • Lots of machines need replacement • Public school has budget problems! • Linux is the (only) way out
  • 4. Requirements • Edubuntu • Additional educational open source software • Must run on available hardware
  • 5. Requirements • Two schools’ labs: • Torre Boldone, Flavio’s hometown, 30+ PCs • Mozzo, Silvio’s hometown, 15+ PCs • Scarce manpower: Flavio, Silvio and two others (unexperienced and in Torre Boldone only)
  • 6. Current status • Mozzo: 13 clients and 1 server migrated, in use • Torre Boldone: 15 clients migrated, 15 to come
  • 7. Deployment process • Server: copy of a VM on a host • Clients: • Stage 1: PXE boot and base installation • Stage 2: proper configuration with Salt
  • 8. Stage 1 (installer) • Setup storage: disk wiping and partitioning • Creation of unique and persistent hostname • Minimal package installation: text only, sshd, salt-minion
  • 9. Stage 2 (Salt) • Turn Ubuntu into Edubuntu • Install additional software • Apply ad hoc configurations: • reconfigure repo mirror (to local server) • use lightdm/GNOME 2 as default WM • user account creation, automatic login • ntp client
  • 10. DHCP TFTP HTTP ØMQ BIOS DISCOVER DHCP server dnsmasq BIOS OFFER (IP, DNS, TFTP server name) DHCP server dnsmasq BIOS RRQ TFTP server dnsmasq BIOS DATA (image ⊃ kernel options ⊃ kickstart and preseed URL) TFTP server dnsmasq salt-minion daemon hostname, salt key salt-master deamon salt-minion daemon salt commands salt-master deamon salt-minion daemon salt grains salt-master deamon Installer kickstart, preseed, package requests/responses HTTP server Apache httpd kickstart post-install script HTTP request (I am be:ef:ba:be: 00:01) mac2address Go app kickstart post-install script HTTP response (I baptize you lab12) mac2address Go app
  • 11. DHCP TFTP BIOS DISCOVER DHCP server dnsmasq BIOS OFFER (IP, DNS, TFTP server name) DHCP server dnsmasq BIOS RRQ TFTP server dnsmasq BIOS DATA (image ⊃ kernel options ⊃ kickstart and preseed URL) TFTP server dnsmasq
  • 12. TFTP HTTP BIOS DATA (image ⊃ kernel options ⊃ kickstart and preseed URL) TFTP server dnsmasq salt-minion daemon hostname, salt key salt-master deamon Installer kickstart, preseed, package requests/responses HTTP server Apache httpd kickstart post-install script HTTP request (I am be:ef:ba:be: 00:01) mac2address Go app kickstart post-install script HTTP response (I baptize you lab12) mac2address Go app
  • 13. HTTP ØMQ salt-minion daemon hostname, salt key salt-master deamon salt-minion daemon salt commands salt-master deamon salt-minion daemon salt grains salt-master deamon HTTP request (I am be:ef:ba:be: 00:01) Go app kickstart post-install script HTTP response (I baptize you lab12) mac2address Go app
  • 14. Server: nontrivial! • dnsmasq, tftpd, ntpd, sshd, httpd, mac2hostname! • APT package mirror • Salt master • …also self-managed with Salt!
  • 15. Salt primer RAET (master) (message bus) (minions)
  • 16. Salt primer • salt-master and salt-minon are daemons written in Python • ØMQ is written in C++ with bindings • Salt implements strong crypto and authentication on top of ØMQ
  • 17. Salt State (SLS) Modules • Represent a state in which a system should be in • Composed by State Declarations • Text files ending with sls extension • YAML files • Templates (default Jinja2, others available) • Pure Python code
  • 18. State Declarations • Define of “how an aspect of a minion should be” • Implemented as calls to State Functions • Every Declaration has an ID
  • 19. State Functions • Code that can bring a minion to a specific state • Examples: pkg.installed, service.running, file.managed… • Grouped into modules • A library of modules is available
  • 20. File example lightdm_custom_conf_file: # ID! file: # State Module name! - managed # State Function name! - source: salt://lightdm/lightdm.conf! - name: /etc/lightdm/lightdm.conf.d/ic_torre_boldone.conf! - user: root! - group: root! - mode: 644! - require:! - file: lightdm_custom_conf_dir!
  • 21. Service example lightdm:! pkg:! - installed! service:! - running! - enable: True! - watch:! - file: lightdm_custom_conf_file! - require:! - pkg: lightdm!
  • 22. top.sls • special State Module that assigns other State Modules to minions • can be used to define environments • Minions can be matched using: • Regular expressions • Compound matches: grains, subnet/IP, range cluster • Boolean operators available
  • 23. top.sls base:! 'lab*':! - lightdm! - software! - ntpdate! - users! 'school-server*':! - apache! - apt-mirror! - dnsmasq! …
  • 24. High State • special State compiled by Salt by applying all relevant State Modules • Force minions to high state: sudo salt state.highstate lab*
  • 25. Data in Salt • Salt Grains: information from minions • Salt Pillars: user-defined data • can be YAML or templates • has ACLs, eg. for credentials • Plain file serving
  • 26. Templated definition with Pillar Example {% for symlink_id in pillar.get('symlinks', {}).keys() %}! {{symlink_id}}_apache_link:! file.symlink:! - name: {{pillar.get('symlinks')[symlink_id]['name']}}! - target: {{pillar.get('symlinks')[symlink_id]['target']}}! - force: True! - require:! - pkg: apache! {% endfor %}
  • 27. Templated definition with Pillar Example extra_apache_link:! file.symlink:! - name: /var/www/html/extras! - target: /var/spool/…/ubuntu/! - force: True! - require:! - pkg: apache
  • 28. Accessing ØMQ directly • We want to power off machines at the end of Stage 2 • Not easy to express declaratively • More of a “one time command”
  • 29. Accessing ØMQ directly • Solution: • Subscribe to ØMQ • Look for "highstate successfully completed" announcements • Send a "shutdown yourself" message to the publisher
  • 30. Accessing ØMQ directly • Easy to implement: • Official Salt Python module has full access to ØMQ • Salt messages are easy to understand • 76 LOC Python tool (with comments and formatting)
  • 31. Benefits (schools) • No more licensing issues • Free updates for the next 4 years • No need for hardware changes
  • 32. Benefits (admins) • Easy to replicate changes across PCs • Easy to enforce a desired state • Easy to reinstall a PC from scratch • GitHub-based configuration!
  • 33. Future work • Automatically accept all minion keys • Automatically force the High State on new minions • Look into testing frameworks • …solve “production” issues!
  • 34. The Good • Simple architecture: Python almost everywhere • Easy to setup both on the master and on the minion • Can trigger execution of system commands on the minion • ØMQ can be used to extend it • Good docs and source code
  • 35. The Bad • Still in its early days • Limited amount of existing modules • Limited feedback while executing states
  • 36. The Ugly • No Ugly so far!
  • 37. Resources • SaltStack project: http://www.saltstack.com/ • Official documentation: http://docs.saltstack.com/ • Our Salt files:https://github.com/ic-torre-boldone/salt
  • 39. Thanks for your attention!