Skip to content

Instantly share code, notes, and snippets.

@dhedlund

dhedlund/gist:1727909

Created February 3, 2012 04:31
Show Gist options
  • Save dhedlund/1727909 to your computer and use it in GitHub Desktop.
Save dhedlund/1727909 to your computer and use it in GitHub Desktop.
Download ZIP
Salt Presentation
Raw
gistfile1.md

Intro

Started by Thomas Hatch. Released under the Apache 2.0 license.

A good comparison of open-source configuration managements systems: [http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software]

Thomas Hatch is also working on a project called butter that sits on top of salt for more complex operations such as cloud provisioning.

Talking Points

simplicity - At it's heart, salt is about making it easy to execute commands on a remote server...and fast.

parallel - Leveraging ZeroMQ, salt is able to execute commands in parallel across servers. Say goodbye to the SSH for loop.

security - Uses public keys for authentication, AES for payload communication.

Highlighted Features

  • Remote Execution
  • Configuration Management
  • Highly Scalable
  • Highly Configurable

Architecture

Salt consists of a salt master and one or more salt minions. The master is the server that all the minions connect to. Commands originate on the master and are sent to the minions. The minions, in return, send data back to the master.

ZeroMQ

ZeroMQ is as high-performance asynchronous messaging library for distributed or concurrent applications. Messages may be queued if remote peer is uanble to receive them. Provides an interface that looks and feels like sockets, but makes it trivial to adjust concurrency styles.

Installation and Configuration

Doesn't exist in most distro repositories yet, but they're working on it. Can be installed on most Linux distros and FreeBSD. Installation instructions.

Ubuntu

aptitude -y install python-software-properties
add-apt-repository ppa:chris-lea/libpgm
add-apt-repository ppa:chris-lea/zeromq
add-apt-repository ppa:saltstack/salt
aptitude update
aptitude install salt

Salt configuration files are normally kept in /etc/salt with names based on its role (/etc/salt/master and/or /etc/salt/minion).

Starting the Master

salt-master (-d flag to daemonize)

Starting the Minion

salt-minion (-d flag to daemonize)

Debugging

``salt-master --log-level=debug```

Key Management

List public keys: salt-key -L

Accept a minion key: salt-key -a <minion id>

Accept all unaccepted minion keys: salt-key -A

Executing Code Remotely

salt TARGET FUNCTION [ARGUMENTS]

Examples

# execute function a single minion
salt minion1 test.ping

# execute function on all minions
salt '*' test.ping

# support for 
salt --raw-out test.ping # raw python (can be 'eval'd)
salt --yaml-out test.ping # yaml
salt --text-out test.ping # text
salt --json-out test.ping # json
salt --json-out '*' test.ping | json_pp -t dumper # perl data dumper

# match minion using shell-style wildcard expressions
salt '*.example.org' test.ping

# match minion using a grain, in this case the operating system
salt -G 'os:Ubuntu' test.ping

# match minions using regular expressions
salt -E 'virtmach[0-9]' test.ping

# run arbitrary commands
salt --json-out '*' cmd.run 'uname -a'
salt --json-out '*' cmd.run 'lsmod'
salt '*' cmd.exec_code python 'import sys; print sys.version'

Full list of built-in modules and functions: [http://saltstack.org/ref/modules/all/#all-salt-modules]

Salt Grains

Grains are pieces of information collected about a salt minion. They are calculated when the minion first starts.

salt '*' grains.ls
salt '*' grains.items
salt '*' grains.item os

Salt States

States are stored on the master and transferred to the minion as needed.

/etc/salt/master:

file_roots:
  base:
    - /srv/salt

/srv/salt/top.sls:

base:
  '*':
    - webserver

/srv/salt/webserver.sls:

apache:              # ID declaration
  pkg:               # state declaration
    - installed      # function declaration

Instructs salt minions to download the the top file and each expression is matched again. As it matches, it will download, compile and execute as necessary.

salt minion1 state.show_highstate
salt minion1 state.highstate

States can be organized into modules:

mkdir webserver
mv webserver.sls webserver/init.sls

Can create dependencies using requires:

apache:
  pkg:
    - installed
  service:
    - running

/var/www/index.html:
  file:
    - managed
      source: salt://webserver/index.html
    - require:
      - pkg: apache

Arch compatible version of the above:

apache:
  pkg:
    - installed
  service:
    - name: httpd
    - running

/srv/http/index.html:
  file:
    - managed
    - source: salt://webserver/index.html
    - require:
      - pkg: apache

Templating can be used in configurations as well as grains:

apache:
  pkg:
    {% if grains['os'] == 'RedHat' %}
    - name: httpd
    {% elif grains['os'] == 'Ubuntu' %}
    - name: apache2
    {% endif %}
    - installed

Some more examples of salt states: [https://github.com/saltstack/salt-states]

Custom Modules

[https://github.com/saltstack/salt-contrib]

Caveats

  • Currently communicates using serialized Python objects (pickles)
  • Timeouts on command-line salt. Default timeout is 5 seconds. Without an explicit timeout value, the master will most likely not return a status from a minion unless it's very simple (and you will forget). This is especially important for salt states.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment