1.
Sweetening Systems Management
with Salt
#lspe
SF Bay Area Large Scale Production Engineering Meetup
"Command and Control"
July 19, 2012
Mike Chesnut
Principal Systems Administrator, Talksum

2.
What is Salt?
http://saltstack.org
● Relatively new project (<2 years old)
● Started by Thomas Hatch,
now ~150 contributors
● Written in Python
● ZeroMQ as core communication
mechanism
● Extremely flexible and extensible
● Very active community

3.
Key Features Overview
Remote Execution Framework
● Master(s), Minions
● All communications over ZeroMQ
○ PUB-SUB for master->minion
○ REQ-REP for minion->master
● All communication encrypted
○ 256-bit AES
● Authentication required

4.
Key Features Overview
Remote Execution Framework
Configuration Management System
Highly Modular and Extensible
Readily Available, Easy to Install
API
Cloud Provisioning Tool

5.
Salt in Puppet Terms
puppet salt
Language Ruby Python
YAML, Python,
Configuration Syntax Quasi-Ruby subset Jinja, Mako
Extensible/Customizable
ActiveMQ (by default),
Transport RabbitMQ
ZeroMQ
Configuration
Manifests States
Management
Remote Execution MCollective Inherent!
Variables Facter Grains, Pillar
Additional tools to learn, set up, maintain, etc

6.
Salt in Operation
Topologies
master and minion
on same host

7.
Salt in Operation
Topologies
1 master, N minions

8.
Salt in Operation
Topologies
N masters, N minions

9.
Salt in Operation
Topologies
● peer-to-peer
○ minions can publish
commands/states to each other
(via master)
● minionswarm for testing
○ spawn 100s or 1000s of minions
● multi-master
○ in-product support still lacking
○ users have worked out their own
redundancy/failover solutions

10.
Salt in Operation
Key Management
Minion public keys must be
accepted by the master before
communication can occur

11.
Salt in Operation

12.
Salt in Operation

13.
Salt in Operation
Remote Execution
salt <target> <command> <options>
● target - literal ID name, wildcards, PCRE, list, grains
● command:
○ >80 modules in standard distribution
○ easy to write your own, of course
○ any command can be run with cmd.run
○ any code can be executed with cmd.exec_code
● options are module-specific arguments

14.
Show which grains are defined on a host

15.
Show the values of all grains on a host

16.
See disk space utilization on all database servers

17.
Check status of a particular package on all hosts

18.
See details of all network interfaces on a particular host

19.
Collect MAC addresses from primary interfaces on all web servers

20.
Run an arbitrary shell command on all hosts

21.
Run arbitrary python code on all hosts, specifying which interpreter to use

22.
Salt in Operation
State Management
● simple syntax, lots of examples available
● templatable
● several (~25) state classes included in standard
distribution
● built-in file server also included
● states can be invoked individually
● recommendation: use source control (e.g. git) for
state definition configuration/files!

23.
Applying a single state from the command line

24.
Salt in Operation
State Management
A simple ntpd state:
ntp:
pkg:
- installed
service:
- name: ntpd
- running
- watch:
- file: /etc/ntp.conf

25.
Salt in Operation
State Management
Add a templated config file:
/etc/ntp.conf:
file:
- managed
- require:
- pkg: ntp
{% if grains['host'] == 'admin1' %}
- source: salt://basics/ntp/ntp-server.conf
{% else %}
- source: salt://basics/ntp/ntp-client.conf
{% endif %}

26.
Applying a single state from an SLS definition

27.
Applying full highstate to all hosts, dry-run (test=true)

28.
Applying full highstate to all hosts, review changes in teal

29.
All states have been fully applied to all systems!

30.
http://saltstack.org
http://talksum.com