Presentation is loading. Please wait.

Presentation is loading. Please wait.

Salt Configuration Management and David Spencer

Published byAugusta Jefferson Modified over 6 years ago

Similar presentations

Presentation on theme: "Salt Configuration Management and David Spencer"— Presentation transcript:

1 Salt Configuration Management and David Spencer
Bradford Linux Users Group 14 November 2016

2 So you’ve got a new lappie
you know the routine wipe Windows, install Linux add your favourite applications customise the user environment Remembered everything? Bookmarks? passwords? documents? Consistent with your desktop box?

3 So you’ve got a new job lots of systems, big mess and heaven knows you’re miserable now
What’s installed where? Are they all set up right? Are they all secure? Are they all up to date?

4 lappie problem job problem these have the same solution (maybe a tiny bit overengineered for just one lappie)

5 Configuration Management
control single source of truth captured and version managed the power to make it happen repeatably scale manage thousands as if they were one

6 Comparison

7 Ansible Provisioning Configuration Management Application Deployment
Continuous Delivery Security and Compliance Orchestration The name "Ansible" references a fictional instantaneous hyperspace communication system (as featured in Orson Scott Card's Ender's Game (1985), and originally invented by Ursula K. Le Guin for her novel Rocannon's World (1966)).

8 Puppet

9 bash awk grep perl sed df du vi troff su fsck rm * halt awk awk awk
Chef bash awk grep perl sed df du vi troff su fsck rm * halt awk awk awk

10 which brings us on to ...

11 Salt daft name daft non-metaphors (pillars, grains, mines)
“When looking for a name for the project, I was watching the Lord of the Rings and the topic of “salted pork” came up. Then it hit me: salt makes everything better. Thus the name Salt— because it makes system management better.” Unrelated to libsodium, nacl, ... daft non-metaphors (pillars, grains, mines) “This is called the grains interface, because it presents salt with grains of information” free software “SaltStack is the company behind Salt” “Salt is 100% committed to being open-source, including all of our APIs. It is developed under the Apache 2.0 license”

12 Implementation Python – modular – extensible ZeroMQ message handling
YAML configuration Jinja2 templating With or without agent

13 Structure master minions
Config files Rendering State system Secure message bus minions Secure message bus Execute & return results

14 Terminology target — which minions do I mean?
a list, or a wildcard, or the whole roster state — what do I want to end up with? declarative, not imperative module — what will Salt do to make it happen? install, configure, remove files/packages, hiding differences between platforms run commands

15 Terminology target — which minions do I mean?
a list, or a wildcard, or the whole roster state — what do I want to end up with? declarative, not imperative module — what will Salt do to make it happen? install, configure, remove files/packages, hiding differences between platforms run commands All that complexity just to end up with the equivalent of a shell script?

16 Terminology grain — data about the minion, calculated and stored on the minion when the minion starts operating system, hardware ... pillar — data about the minion, configured on the master (by you) server roles, config parameters, secrets, ... file server — somewhere on the master where you can keep files you’re going to send to the minion nothing special, but has templating, can access git

17 Setup Either Install distro salt-minion package on minions
Install distro salt-master package on master Either Install distro salt-minion package on minions start master and minion daemons exchange keys Or Copy public ssh key to minions and use salt-ssh (agentless) Then write and test configuration files

18 Configuration: YAML Data structures as text
application independent transformable to JSON Off-the-shelf config format Ugly, and picky as heck until you compare it to XML apache2: pkg: - installed service: - running - enable: True - reload: True

19 Configuration: Jinja2 Template engine because YAML isn’t sufficient
apache2: pkg: - installed service: - running - enable: True - reload: True {% if 'htpasswd' in pillar %} /etc/apache2/htpasswd: file.managed: - contents_pillar: htpasswd - makedirs: True {% endif %} variable substitution conditionals loops includes, macros data structures access to grains/pillars

20 When worlds collide YAML is indentation sensitive (like Python) so you can't use indentation to make Jinja readable # WRONG # The Jinja in this YAML comment is still executed! # {% set got_apache = 'apache' in salt.pkg.list_pkgs() %} # OFFICIAL SOLUTION # The Jinja in this Jinja comment will not be executed. {# {% set got_apache = 'apache' in salt.pkg.list_pkgs() %} #} # BETTER SOLUTION # more readable, doesn’t insert a blank line # {# {% set got_apache = 'apache' in salt.pkg.list_pkgs() %} #} YAML and Jinja are replaceable (but people tend not to)

21 Commands salt [options] '<target>' <function> [arguments] salt-ssh [options] '<target>' <function> [arguments] salt-key salt-call salt-run salt '*' test.ping salt-ssh '*' -r 'df -k' salt-ssh '*' pkg.list_upgrades salt-ssh '*' system.reboot salt-ssh newbox state.apply apache2 salt '*' state.highstate test=True

22 a sane way to manage a network of Windows boxes
Chocolatey + Salt a sane way to manage a network of Windows boxes salt mylappie chocolatey.install wireshark salt -G 'os:Windows' chocolatey.upgrade salt '*' system.reboot

23 Only part of a bigger picture
Provisioning Cloud, Containers Monitoring Workflow Where do you stop?

24 Clever stuff Runners depending on one minion, do something on another (orchestration) Events another application writes to message bus, master reacts Cloud; Topology; Python API

25 Salt isn’t very good at... Cleaning up obsolete states, random bodges
Random operational stuff (pssh/ClusterSSH) Facilitating the handling of secrets Expressing dependencies Expressing simple things simply (YAML limitations) Behold! the hellspawn of Cobol, Reverse Polish and Dokuwiki! (but at least it's not XML or Ruby) Orthogonality (why can’t I have a list? wildcards?) Module documentation: “how” and “why” Prototyping; debugging your config salt target state.apply newsls test=True

26 Salt isn’t very good at... Salt is quite good at...
Atypical use cases Unholy mix of policy rules, roles for instances, raw data “Formulas” not well signposted, mostly atrocious Salt is quite good at... Configuration management :-) Not trashing your boxes when you mess up Respectful, constructive bugtracker dialogues that date from 2014, went nowhere, and are still open

27 Resources Formulas and plagiarism Documentation Tutorials Salt best practices FAQ Books (preferably the PACKT one, top right)

28

29

30

31

Download ppt "Salt Configuration Management and David Spencer"

Similar presentations

Devops – The Last Mile. Jay Flowers

Devops – The Last Mile. Jay Flowers
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
IWay Service Manager 6.1 Product Update Scott Hathaway iWay Software Copyright 2010, Information Builders. Slide 1.

IWay Service Manager 6.1 Product Update Scott Hathaway iWay Software Copyright 2010, Information Builders. Slide 1.
UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.

UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.
 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.

 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.
Model a Container Runtime environment on Your Mac with VMware AppCatalyst DevOps @ VMworld Fabio Rapposelli - @fabiorapposelli.

Model a Container Runtime environment on Your Mac with VMware AppCatalyst VMworld Fabio Rapposelli
Introduction Use of makefiles to manage the build process Declarative, imperative and relational rules Environment variables, phony targets, automatic.

Introduction Use of makefiles to manage the build process Declarative, imperative and relational rules Environment variables, phony targets, automatic.
Old Chapter 10: Programming Tools A Developer’s Candy Store.

Old Chapter 10: Programming Tools A Developer’s Candy Store.
INTRODUCTION TO VIRTUALIZATION KRISTEN WILLIAMS MOSES IKE.

INTRODUCTION TO VIRTUALIZATION KRISTEN WILLIAMS MOSES IKE.
15-1 6 Oracle Data Integrator Procedures, Advanced Workflows.

Oracle Data Integrator Procedures, Advanced Workflows.
1 The new Fabric Management Tools in Production at CERN Thorsten Kleinwort for CERN IT/FIO HEPiX Autumn 2003 Triumf Vancouver Monday, October 20, 2003.

1 The new Fabric Management Tools in Production at CERN Thorsten Kleinwort for CERN IT/FIO HEPiX Autumn 2003 Triumf Vancouver Monday, October 20, 2003.
CIT 383: Administrative ScriptingSlide #1 CIT 383: Administrative Scripting Introduction.

CIT 383: Administrative ScriptingSlide #1 CIT 383: Administrative Scripting Introduction.
Ansible with vCloud Air Workshop

Ansible with vCloud Air Workshop
Wordpress with Mina Automated Deployment Solution Jonathan Gravato DIG 4104c.

Wordpress with Mina Automated Deployment Solution Jonathan Gravato DIG 4104c.
Ansible and Ansible Tower 1 A simple IT automation platform. www.europeanspallationsource.se 20 November 2015 Leandro Fernandez and Blaž Zupanc.

Ansible and Ansible Tower 1 A simple IT automation platform November 2015 Leandro Fernandez and Blaž Zupanc.
Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.

Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.
Information Initiative Center, Hokkaido University North 11, West 5, Sapporo 060-0811, Japan Tel, Fax: +81-11-706-2923 General.

Information Initiative Center, Hokkaido University North 11, West 5, Sapporo , Japan Tel, Fax: General.
Introduction to Ansible

Introduction to Ansible
Passwords Passwords are unpleasant Hard to remember Remember a couple

Passwords Passwords are unpleasant Hard to remember Remember a couple
Mr L Challenor ICT Teacher BTEC IT Unit 02 - Lesson 06 Computer Software.

Mr L Challenor ICT Teacher BTEC IT Unit 02 - Lesson 06 Computer Software.

Similar presentations

Ads by Google