Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Introduction to Systems Management with SaltStack

581 visualizaciones

Publicado el

A very high level introduction to "salt" (SaltStack) given a Code Camp (3 Oct 2015).

Publicado en: Tecnología
  • Sé el primero en comentar

Introduction to Systems Management with SaltStack

  1. 1. Introduction to Systems Management with SaltStack Craig Sebenik Infrastructure Engineer@Matterport 3 Oct 2015
  2. 2. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  3. 3. What Is SaltStack? • System and Configuration Management • Encrypted communication channel • Remote execution framework • 100% open: one of the most active on github • Scales to tens of thousands of nodes • Built (and extended) with python
  4. 4. What Am I Covering? • Simple/quick overview of salt • Very simple examples • Only a basic single master topology • Only the core functionality • Glossing over details: ask questions!
  5. 5. Who Am I? • Degrees in Chemistry, Mathematics, Food • Computational Chemist (lifetime ago) • Abbott Labs, Eastman Kodak, Parke-Davis • Sysadmin/SRE • NetApp, LinkedIn, Matterport
  6. 6. One More Thing About Me…
  7. 7. Quick History Of Salt • Initial release in March 2011 • States added a few months later • Pillars added March 2012 • Salt SSH added Sept 2013 • Salt Cloud merged in Jan 2014 • Custom transport (RAET) added in Jul 2014
  8. 8. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  9. 9. Minions and Master • Master: central command and control • Minion: paired with master • Encrypted communication • Communication over ZeroMQ using MessagePack • Target minions based on their attributes
  10. 10. Quick Example
  11. 11. What Does This Mean? • Central management of many nodes • Ensuring hosts match a “recipe” • Easy to add more hosts that match a template
  12. 12. PUB-SUB master minion1 minion2 4505
  13. 13. Returning Data master minion1 minion2 4506
  14. 14. Targeting Minions • List: “minion1,minion2 • Globs: “minion*” • Regular expression: “minion([2|3])” • Grains: “OS: Ubuntu” • Combinations of the above
  15. 15. Set up Trust With salt-key • Salt uses standard public key encryption • Key exchange • Master needs to verify identity of minions • User needs to “accept” the minion’s key • Minion’s public key stored on master • Master’s public key stored on minion
  16. 16. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  17. 17. Execution Modules • Salt comes with over 100 modules • Over 1000 functions • Examples: • pkg.install, pkg.remove • file.copy, file.find, file.chown • user.add, user.info
  18. 18. Minor Vocabulary Clarification • Modules contains functions • Modules correspond to python files • Functions correspond to methods • There are some exceptions, but beyond today’s scope
  19. 19. Add User To All Hosts
  20. 20. What’s Happening • Master looks at target (‘*’) and determines hosts • Puts message out on event bus • Over ZeroMQ using messagepack • Minion sees message and executes • All execution is on minion, not master • Minion returns data back to master
  21. 21. Master Maintains Job Data • Job cache on master • Contains history of jobs run and data returned • Tools to query the job cache • Default is to cache 24 hours of history • Performance penalties when storing longer
  22. 22. Commands Sent In Parallel • Command sent via event bus • Minions see and execute • Jobs are done asynchronously
  23. 23. Can Run Locally • Command to run locally: salt-call • No central coordination • Data *IS* still returned to master • Can bypass with “—local” flag
  24. 24. Documentation • Function called “sys.doc” • Uses python docstrings • Important when writing your own custom modules/functions
  25. 25. salt-call Example
  26. 26. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  27. 27. States • Recipe for how a host should be configured • Default file format is YAML (with jinja) • Write state files on the master • Master will sync to minion automatically • States use the remote execution framework • But, they are not the same
  28. 28. State Example
  29. 29. Running State Example
  30. 30. Running highstate • Running individual states can be tedious • Collect all states for a host (or “template”) in a single file: top.ls • Called: top file • Target just like running the “salt” command
  31. 31. Example Top File
  32. 32. Running highstate
  33. 33. Targeting Example
  34. 34. Running Targeting Example
  35. 35. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  36. 36. Data: Minion and Master • Grains: minion side data • Example: host operating system • Pillars: master side data • Example: database passwords
  37. 37. Grains: Minion-Side Data • Data gathered on the minion • Master has a cache of minion grains • Salt comes with a number of grains built in • OS name (eg CentOS) • number of CPUs • kernel version
  38. 38. Viewing Grains
  39. 39. Targeting With Grains
  40. 40. Adding Grains • Minion config • /etc/salt/grains • Via command • sudo salt minion grains.setval foo bar • Via python (will discuss later)
  41. 41. Pillars: Master-Side Data • Data sent to a specific minion (from master) • Typically used for sensitive data • E.g. passwords • Uses a “top file” (just like “states”)
  42. 42. Pillar Example
  43. 43. Running Pillar Example
  44. 44. Targeted Pillar Data
  45. 45. Running Targeted Pillars
  46. 46. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  47. 47. Extending Salt • Jinja • Custom modules/functions (python) • salt python API (LocalClient) • Customizations are synced via salt command • Easy to automate
  48. 48. Templates Using jinja • Jinja is a widely used python templating language • Inspired by Django’s templates • Default template for flask applications • Gives basic control commands to flat files
  49. 49. Jinja Example
  50. 50. Running The ‘vim state’
  51. 51. Python Module/Function
  52. 52. Custom Modules are NOT Automatically Synced
  53. 53. Running hello.world
  54. 54. Docstrings Are Important
  55. 55. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  56. 56. Demo Minions • minion1: development database server • minion2: development application server • minion3: production database server • minion4: production application server
  57. 57. • Introduction • Architecture Overview • Execution Modules • States • Data - Minion and Master • Extending Salt • Demo • Summary
  58. 58. Summary • Master and minions encrypted communications • Grains: minion-side data, Pillars: master-side data • Execution functions run on the minions • States are formulas/recipes to define a host • Collect multiple states with highstate • Lots of ways to extend salt functionality
  59. 59. Other Features • Runners: master side orchestration • Orchestrate Runner: master coordination of states • Salt cloud: manage cloud virtual machines • Salt ssh: like normal salt without minion process • More advanced topologies • multi-master • master-less minions (with salt-call) • GitFS
  60. 60. References • https://docs.saltstack.com/en/latest/ • https://docs.saltstack.com/en/getstarted/ • https://github.com/saltstack/salt
  61. 61. Questions? @craigs55 irc:chitown https://www.linkedin.com/in/craigsebenik Yes, we’re hiring! http://matterport.com/positions/

×