Intro to Config Management Using Salt Open Source Salt - it makes everything better! http://bit.ly/TechTalk2018Salt

Config Management Tools: Chef, Puppet, Salt, Ansible Purpose: Ensure the design and build state of a system is known, good, & trusted Benefits: Self-documenting Improves consistency, efficiency, and reliability once established Faster problem resolution History of changes (if stored in git) Ability to enforce controls (pull requests, approvals, etc.)

Why Not Ansible? vs. Agentless? Speed Functionality Not exactly Salt-SSH Speed SSH vs. ZeroMQ Functionality Grains, encrypted pillars, events & orchestration, salt mine, etc. Clean and clear code vs.

I could be totally wrong... Why Not Ansible? I could be totally wrong...

Any CM is better than no CM. Why Not Ansible? but that’s OK! Any CM is better than no CM.

Salt Overview Salt Master Salt Minions Execution Modules States (Formulas) Grains Pillar Top File Runners Returners Reactor Salt Cloud / Salt Virt Salt SSH

Central management system Central management system. This system is used to send commands and configurations to the Salt minion that is running on managed systems.

Managed system. This system runs the Salt minion which receives commands and configuration from the Salt master.

Salt Flexibility Agent & Server Agent-Only (Masterless) Server-Only (Agentless, i.e. Salt-SSH)

Execution Modules Ad hoc commands executed from the command line against one or more managed systems. Useful for: Real-time monitoring, status, and inventory One-off commands and scripts Deploying critical updates

States (Formulas) /srv/salt A declarative or imperative representation of a system configuration.

Grains Grains are static information about the underlying managed system and include operating system, memory, and many other system properties. You can also define custom grains for any system.

Pillar User-defined variables. These secure variables are defined and stored on the Salt Master and then ‘assigned’ to one or more minions using targets. Salt pillar data stores values such as ports, file paths, configuration parameters, and passwords. You can use GPG to encrypt values/file contents as well.

Top File Matches formulas and Salt pillar data to Salt minions. /srv/salt/vim.sls /srv/salt/top.sls Matches formulas and Salt pillar data to Salt minions. /srv/salt/apache.sls

Runners Modules that execute on the Salt master to perform supporting tasks. Salt runners report job status, connection status, read data from external APIs, query connected Salt minions, and more. For example, the Orchestrate runner coordinates configuration deployments across many systems.

Returners Send data returned by Salt minions to another system, such as a database. Salt returners can run on the Salt minion or on the Salt master.

Reactor Trigger reactions when events occur in your SaltStack environment.

Salt Cloud / Salt Virt Provision systems on cloud providers / hypervisors and immediately bring them under management.

Salt SSH Run Salt commands over SSH on systems that do not have a Salt minion. This is Ansible’s approach for everything.

Salt Overview Salt Master Salt Minions Execution Modules States (Formulas) Grains Pillar Top File Runners Returners Reactor Salt Cloud / Salt Virt Salt SSH

Getting Started Salt Bootstrap or see https://repo.saltstack.com Salt Master (Server) curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P -M Open ports 4505 & 4506 to servers Salt Minions curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P -A saltmaster.domain.com Accept keys on Salt Master salt-key -A (and verify the list before saying yes…)

The Cool Stuff Remote Execution Targeting Globbing ‘web*’ Regex -E ‘web1-(prod|dev)’ Lists -L ‘web1,db1,proxy1’ Grains or Pillars -G ‘os_family:RedHat’ Compound -C ‘* and not G@os_family:RedHat’ Node Groups -N critical (defined in master config, i.e. /etc/salt/master.d/nodes.conf) IPs/subnets -S 10.1.1.5 or -S 10.1.1.0/24

The Cool Stuff - LIVE DEMO!!! Remote Execution test.ping test.version status.version cmd.run disk.percent cron.ls root grains.items firewalld.list_all pkg.upgrade

The Cool Stuff - LIVE DEMO!!! Runners (survey.diff) salt-run survey.diff '*' cmd.run 'cat /etc/resolv.conf'

The Cool Stuff - LIVE DEMO!!! Config Management States, Formulas, Pillar state.show_top state.show_highstate pillar.items state.apply

The Cool Stuff Config Management GPG/PGP

The Cool Stuff Config Management Jinja, Files

The Cool Stuff - (SORT OF) LIVE DEMO!!! Salt Cloud salt-cloud -m /etc/salt/cloud.maps.d/demo.map salt-cloud -m /etc/salt/cloud.maps.d/demo.map -d games.paulw.io

Getting Started - Tips Start Slow & Simple Users Cron jobs Manage a file served from the Salt master Manage a file or directory from a git repo Manage firewall rules Learn to use formulas (https://github.com/saltstack-formulas) Test! - salt ‘minion_id’ state.apply test=true Take snapshots before applying states (if using VMs) Ask for help - Salt Community Level up your Salt GPG encrypted pillars for secrets (see here) GitFS backend or Git repo with automated pulls on commits

Getting Started - Tutorials & Documentation https://docs.saltstack.com/en/getstarted/ https://github.com/ssplatt/salt101 https://github.com/ssplatt/salt201 https://muchbits.com/saltstack-by-example1.html https://docs.saltstack.com/en/latest/topics/installation/index.html

Questions? pdw@udel.edu github.com/pauldalewilliams Salt - it makes everything better! http://bit.ly/TechTalk2018Salt