67
salt-stack Jose Ignacio Galarza @igalarzab

Salt stack

Embed Size (px)

DESCRIPTION

An introduction about how to use salt-stack and how to improve it developing new modules and states with Python

Citation preview

Page 1: Salt stack

salt-stack

Jose Ignacio Galarza @igalarzab

Page 2: Salt stack

IndexWhy it’s so cool?

Developing for salt-stack

How to use it?

Page 3: Salt stack

devops+

python

Page 4: Salt stack

salt-stack

Page 5: Salt stack

infrastructure management

Page 6: Salt stack
Page 7: Salt stack

master

Page 8: Salt stack

not a polling model,

PUSHING

Page 9: Salt stack

send instructions to the minions telling them what to do

Page 10: Salt stack

PUB/SUB system on 4505

REP system on 4506

Page 11: Salt stack

master

minion minionminion

SUB REPPUB

awesome diagram

Page 12: Salt stack

MessagePack to serialize the messages

Page 13: Salt stack

everything is

encrypted

Page 14: Salt stack

it uses first public keys for authentication

master needs to know public keys of the minions

Page 15: Salt stack

then, it uses AES for communication* (symmetric, faster)

Page 16: Salt stack

how to accept minion keys?$ salt-key Unaccepted Keys: minion_1 !

$ salt-key -a minion_1

Page 17: Salt stack

$ !

!

!

let’s go!salt ‘*’ test.pingminion_1:

True

Page 18: Salt stack

minions

Page 19: Salt stack

controlled machines

Page 20: Salt stack

receive instructions via

PUB/SUB ZeroMQ

Page 21: Salt stack

masterless configuration

* (salt-call)

Page 22: Salt stack

modules

Page 23: Salt stack

they provide the

functionality

Page 24: Salt stack

aliases

pip

mysql

filenginxapache

aptssh

upstart

S3

quota

pamiptables mount

Page 25: Salt stack

execute them with the cli!

$ salt ‘*’ state.highstate ...

$ salt ‘*’ cmd.run ‘ls /’ ...

Page 26: Salt stack

states

Page 27: Salt stack

what to manage or

configure in your

hosts

Page 28: Salt stack

salt-stack states are just DATA

* usually in YAML

Page 29: Salt stack

they usually map to module functions

Page 30: Salt stack

!

!

!

!

!

!

!

!

!

/etc/init/nginx.conf:file:

- managed- template: jinja- user: root- require:

- pkg: nginx

understanding states

Page 31: Salt stack

nginx:   pkg.installed:     - name: nginx   file:     - managed     - name: /etc/init/nginx.conf     - source: salt://nginx.conf     - require:       - pkg: nginx service:     - running     - enable: True - watch:       - file: /etc/nginx/nginx.conf

Page 32: Salt stack

there are a lot of directives

require watch

includeextend

Page 33: Salt stack

returners

Page 34: Salt stack

where to save the

minion output

Page 35: Salt stack

stdout

SQL DB

mongo

redis

Page 36: Salt stack

renderers

Page 37: Salt stack

language of the state

configuration

Page 38: Salt stack

python

...

YAML

JSON

Page 39: Salt stack

grains

Page 40: Salt stack

configuration of the machine

* read-only data

** populated at the beginning

Page 41: Salt stack

{% if grains['os'] == 'RedHat' %} httpd: pkg: - installed {% elif grains['os'] == 'Debian' %} apache2: pkg: - installed {% endif %}

using grains...

Page 42: Salt stack

list the grains$ salt ‘*’ grains.ls ...

you can use them everywheredev: ‘os:Debian’: - match: grain - python_server

Page 43: Salt stack

pillar

Page 44: Salt stack

think of pillar as a

variable container

Page 45: Salt stack

it’s data, just as same as the states

Page 46: Salt stack

{% if grains['os'] == 'RedHat' %} apache: httpd git: git {% elif grains['os'] == 'Debian' %} apache: apache2 git: git-core {% endif %}

create a pillar of salt...

Page 47: Salt stack

apache: pkg: - installed - name: {{ pillar['apache'] }}

and use it!

Page 48: Salt stack

only salt-stack?

Page 49: Salt stack

salt-vagrant

salt-cloud

halite

salt-bootstrap

Page 50: Salt stack

developing for salt-stack

Page 51: Salt stack

developing modules

Page 52: Salt stack

it’s like developing a normal python module!

just create a file inside the _modules dir

Page 53: Salt stack

every callable is exported*

* (with some exceptions)

Page 54: Salt stack

import re!!import salt.utils!from salt.utils.decorators import memoize!!REVIEW_RE = re.compile(‘([\w\d_\-]+)==([\d\.]+) is available \(you have ([\d\.]+)\)’)!!!@memoize!def _detect_install():! return salt.utils.which('pip-review')!!!def __virtual__():! return 'piputils' if _detect_install() else False!

creating a module (for the pip-tools package)

Page 55: Salt stack

!def review(autoinstall=False):! command_ret = __salt__['cmd.run'](! 'pip-review {0}'.format('-a' if autoinstall else '')! )!! packages = command_ret.split('\n')! updates = {}!! for package in packages:! match = REVIEW_RE.match(package)! if match:! name, old_v, new_v = match.groups()! updates[name] = (old_v, new_v)!! return updates!

creating a module (for the pip-tools package)

Page 56: Salt stack

syncing the modules$ salt-call saltutil.sync_modules ...

and use it!$ salt-call piptools.review machine: ---------- Jinja2: - 2.7.1 - 2.6

Page 57: Salt stack

useful variables like:

__salt__

__grains__

__outputter__

Page 58: Salt stack

developing states

Page 59: Salt stack

it’s (also) like developing a normal python module!

just create a file inside the _states dir

Page 60: Salt stack

every callable is exported*

* (with some exceptions)

Page 61: Salt stack

the renderer structure

maps directly to the state python module

Page 62: Salt stack

def keep_updated(name, min_version=None, max_version=None):! updatable_packages = __salt__['piptools.review']()! pkg_info = updatable_packages.get(name, None)!! ret = {! 'name': name,! 'result': pkg_info is not None,! }!

creating a state (for the pip-tools package)

Page 63: Salt stack

! if package_info:! ret['comment'] = 'Update {0} from {2} to {1}'.format(! name, *pkg_info! )! ret['changes'] = {!         name: {! 'old': package_info[1],! 'new': package_info[0]! }! }! else:! ret['comment'] = 'Inexistent package {0}'.format(name)!! if __opts__['test']:! ret['result'] = None!    else:! pass # Perform the update!! return ret!

creating a state (for the pip-tools package)

Page 64: Salt stack

!Jinja2: # maps to "name" argument pip_package: # maps to pip_package state - keep_updated # maps to keep_updated funct - min_version: 1.0 # maps to min_version arg

mapping the file

Page 65: Salt stack

and that’s all!

http://twitter.com/igalarzabhttp://github.com/igalarzab

Page 66: Salt stack

questions?

Page 67: Salt stack

thank you!