Salt – A Scalable SystemsManagement Solution for DatacentersFrOSCon 2016, St. Augustin August 21, 2016
Sebastian MeyerLinux Consultant & Trainer
B1 Systems [email protected]
B1 Systems GmbH - Linux/Open Source Consulting, Training, Support & Development
Introducing B1 Systems
founded in 2004operating both nationally and internationallynearly 100 employeesprovider for IBM, SUSE, Oracle & HPvendor-independent (hardware and software)focus:
consultingsupportdevelopmenttrainingoperationssolutions
B1 Systems GmbH Salt – Scalable Systems Management 2/47
Salt – Introduction
B1 Systems GmbH Salt – Scalable Systems Management 4/47
Yet Another Systems Management Solution?
takes inspiration from Puppet, Chef or Ansiblefocuses on the entire system life cycleeasily scalable to a few thousand systemsconvenient and easy to learnconfiguration management and remote execution
B1 Systems GmbH Salt – Scalable Systems Management 5/47
Scalability: Masters, Syndics & Minions
B1 Systems GmbH Salt – Scalable Systems Management 8/47
High Availability: Multiple Masters& Minions
B1 Systems GmbH Salt – Scalable Systems Management 9/47
Salt Modes
minions pull from mastermaster pushes to Minionsminions apply states locallymaster applies states on minions via SSH
B1 Systems GmbH Salt – Scalable Systems Management 10/47
Remote Execution System
B1 Systems GmbH Salt – Scalable Systems Management 11/47
Configuration Management
B1 Systems GmbH Salt – Scalable Systems Management 14/47
States
ID:module.function:
- name: name- argument1: value- argument2:
- value1- value2
B1 Systems GmbH Salt – Scalable Systems Management 15/47
Top File
base:’*’:
- monitoring- ssh- syslog
’*lan*’:- ntp.lan
’*dmz*’:- ntp.dmz- firewall
all servers:monitoringssh configsyslog
servers in LAN:ntp config
servers in DMZ:ntp configfirewall
B1 Systems GmbH Salt – Scalable Systems Management 16/47
Pillar Data
Pillar Examplentp:
{% if grains[’id’].startswith(’myntpserver’) %}ntpservers: ["0.us.pool.ntp.org","1.us.pool.ntp.org"]comment: ’’{% else %}ntpservers: ["10.1.1.20","10.1.1.21"]comment: ’myinternalservers’{% endif %}
Source: https://github.com/saltstack-formulas/ntp-formula/blob/master/pillar.example
B1 Systems GmbH Salt – Scalable Systems Management 18/47
Pillars and States
States top.slsbase:
’*’:- monitoring- ssh- syslog- ntp
’*dmz*’:- firewall
Pillar top.slsbase:
’*’:- monitoring- ssh- syslog
’*lan*’:- ntp.lan
’*dmz*’:- ntp.dmz- firewall
B1 Systems GmbH Salt – Scalable Systems Management 19/47
Deploying the State
Master pushes to minionssalt ’*’ state.highstatesalt ’*’ state.sls mystate
Minions pull from mastersalt-call state.highstatesalt-call state.sls mystate
B1 Systems GmbH Salt – Scalable Systems Management 20/47
Reusing States: Formulas
reusing existing coderoughly the same as Puppet modules/Ansible rolescollection of States and filesgithub.com/saltstack-formulas/ for "official" formulas
B1 Systems GmbH Salt – Scalable Systems Management 21/47
Using Formulas
directly from VCS or localextendable via includeconfigurable via Pillar datavariables mapped via Jinja maprequirements across Formulas possible
B1 Systems GmbH Salt – Scalable Systems Management 22/47
Returners
salt ’*’ disk.usage --return redis_return
B1 Systems GmbH Salt – Scalable Systems Management 24/47
Salts Event Driven Infrastructure
B1 Systems GmbH Salt – Scalable Systems Management 25/47
Overview
actions trigger eventsevents are communicated via the event busreactors execute trigger actions responding to events
B1 Systems GmbH Salt – Scalable Systems Management 26/47
Actions & Events
master# salt ’salt-minion-01’ disk.percent /srvsalt-minion-01:
11%
B1 Systems GmbH Salt – Scalable Systems Management 28/47
Actions & Events20160422163250339970 {
[...]}salt/job/20160422163250339970/new {
"_stamp": "2016-04-22T14:32:50.340357","arg": [ "/srv" ],"fun": "disk.percent","jid": "20160422163250339970","minions": [ "salt-minion-01" ],"tgt": "salt-minion-01","tgt_type": "glob","user": "root"
}
B1 Systems GmbH Salt – Scalable Systems Management 29/47
Actions & Events
salt/job/20160422163250339970/ret/salt-minion-01 {"_stamp": "2016-04-22T14:32:50.536877","cmd": "_return","fun": "disk.percent","fun_args": [ "/srv" ],"id": "salt-minion-01","jid": "20160422163250339970","retcode": 0,"return": "11%","success": true
}
B1 Systems GmbH Salt – Scalable Systems Management 30/47
Events in a State
b1/mystate/status/update:event.send:
- data:status: "Installation done!"
B1 Systems GmbH Salt – Scalable Systems Management 31/47
Beacons
hook into system on minioncreate eventsinotify, diskusage, load, journald ...
B1 Systems GmbH Salt – Scalable Systems Management 32/47
Beacons - Example
inotify Beaconbeacons:
inotify:/etc/motd:
mask:- modify
B1 Systems GmbH Salt – Scalable Systems Management 33/47
Calling Reactors on Events
Reactor Examplereactor:
- ’salt/minion/*/start’:- /srv/reactor/start.sls
- ’b1/mystate/status/*’:- salt://reactor/status.sls
B1 Systems GmbH Salt – Scalable Systems Management 35/47
Use Cases?
load-balancingjob automationalerting
B1 Systems GmbH Salt – Scalable Systems Management 37/47
Providers
Amazon EC2 Provider Examplemy-ec2:
driver: ec2id: ’MYEC2ID’key: ’adsfrf453fMYKEYasdsadg43’private_key: /etc/salt/my_key.pemkeyname: my_keysecuritygroup: defaultminion:
master: saltmaster.example.com
B1 Systems GmbH Salt – Scalable Systems Management 40/47
Profiles
profile nameproviderimage or templateoptions for the instanceminion options
B1 Systems GmbH Salt – Scalable Systems Management 41/47
Profiles
LXC Profile Examplemyfancyprofile:
provider: lxc-host01lxc_profile:
template: ubuntuoptions:
release: trustypassword: test123
B1 Systems GmbH Salt – Scalable Systems Management 42/47
Maps
Mapfileprofile1:
- instance_name_1- instance_name_2
profile2:- instance_name_3:
grains:mykey: myvalue
- instance_name_4
Execute Mapfilesalt-cloud -m /path/to/mapfile
B1 Systems GmbH Salt – Scalable Systems Management 43/47
Bootstrapping a New Salt Environment
Mapfileprofile1:
- instance_name_1:make_master: Trueminion:
master: myoldmasterlocal_master: True
- instance_name_2- instance_name_3- instance_name_4
...
B1 Systems GmbH Salt – Scalable Systems Management 44/47
Saltify Existing Machines 1/2
Saltify Providersaltify-all-machines:
driver: saltifyminion:
master: mysaltmaster
Saltify Profilesalt-machine:
provider: saltify-all-machinesssh_username: rootkey_filename: ’/etc/salt/pki/master/ssh/salt-ssh.rsa’
B1 Systems GmbH Salt – Scalable Systems Management 45/47
Saltify Existing Machines 2/2
Mapfilesalt-machine:
- first-machine:ssh_host: 1.2.3.4
- second-machine:ssh_host: 1.2.3.5
- third-machine:ssh_host: 1.2.3.6
B1 Systems GmbH Salt – Scalable Systems Management 46/47
Thank You!For more information, refer to [email protected]
or +49 (0)8457 - 931096
B1 Systems GmbH - Linux/Open Source Consulting, Training, Support & Development