Introduction to SaltStack (An Event-Based Configuration Management)
1 like109 views
Iman Kurniawan gave an introduction to SaltStack, an open source configuration management tool. Some key points: - SaltStack uses a client-server architecture with Salt minions and a Salt master, and supports key-based authentication. - It can manage configurations, apply patches, prevent drift, and set up complex clusters through states, grains, modules and orchestration. - Events can be observed and reacted to through the event reactor. Results can be sent to external datastores using returners. - Iman works for DKatalis, a tech company focusing on digital solutions and growing in multiple locations.
![Salt Reactor
● React (run command) if there is a specific
event
salt/job/20210326152042932642/ret/salt-minion-001 {
"_stamp": "2021-03-26T15:20:51.888045",
"cmd": "_return",
"fun": "state.single",
"fun_args": [
{
"fun": "pkg.installed",
"name": "zsh"
}
],
"id": "salt-minion-001",
"jid": "20210326152042932642",
"out": "highstate",
"retcode": 0,
"return": {
"pkg_|-zsh_|-zsh_|-installed": {
"__id__": "zsh",
"__run_num__": 0,
"__sls__": null,
"changes": {
"zsh": {
"new": "5.4.2-3ubuntu3.1",
"old": ""
},
"zsh-common": {
"new": "5.4.2-3ubuntu3.1",
"old": ""
}
},
"comment": "The following packages were installed/updated:
zsh",
"duration": 7516.035,
"name": "zsh",
"result": true,
"start_time": "15:20:44.357773"
}
},
"success": true
}](https://image.slidesharecdn.com/devopsindonesiasaltstack-210416034805/85/Introduction-to-SaltStack-An-Event-Based-Configuration-Management-14-320.jpg)
Introduction to SaltStack (An Event-Based Configuration Management)
- 1. PAGE 1 DEVOPS INDONESIA Iman Kurniawan SRE at DKatalis Jakarta, 14 April 2021 DevOps Indonesia (ONLINE) Meetup #43 : Introduction to SaltStack
- 2. Introduction to SaltStack (An Event-Based Configuration Management)
- 3. Speaker Iman Kurniawan SRE at DKatalis Previous Experiences: 1. Schlumberger Oilfield Services (Jakarta, Dubai, India) 2. DKatalis (Jakarta) Can be reached at: 1.https://github.com/footprns 2.https://www.linkedin.com/in/iman-kurniawan-4b738225/ 3.https://www.facebook.com/groups/385005352371154/?ref=share
- 4. Who’s DKatalis? ● A team of tech and digital product enthusiasts, focusing on building relevant digital solutions. ● The proud engineering arms that create Jago digital bank app, Amaan digital platform based on sharia values, and many more solutions to come. ● Growing rapidly in Jakarta, Singapore & Pune (India). ● Stimulating growth through technology & enabled by collaborative environment that fosters creativity and innovation. www.dkatalis.co
- 5. “Opinions expressed are solely my own and do not express the views or opinions of my employer.”
- 6. What is SaltStack 6 ● Configuration Management tool that can do orchestration very well ● Written in Python ● Use Client (salt minion) - Server (salt master) architecture ● Using event-driven architecture ● Key based authentication (RSA/AES) ● Oct 2020, acquired by VMWare ● The opensource is in https://docs.saltproject.io/en/latest/
- 7. Use Case for SaltStack 7 ● SecOps - Apply patch according to CVE ● Prevent configuration drift ● Self-remediation / self-healing ● Setup complex cluster (with orchestration) ● Network Automation (using salt-proxy)
- 9. Event System Architecture ● Asynchronous execution ● Events can be observed on Salt Master and Minion
- 11. Salt Command and Grains ● salt <target minion> <module>.<function> <arguments> ● Ex. salt salt-minion-001 pkg.install vim ● Grains is an information about underlying system ● There is custom grains imankurniawan@salt-master-001:~$ sudo salt salt-minion-001 grains.items salt-minion-001: ---------- biosreleasedate: 01/01/2011 biosversion: Google domain: asia-southeast2-a.c.jago-sre-gcp-poc.internal fqdn: salt-minion-001.asia-southeast2-a.c.jago-sre-gcp-poc.internal fqdn_ip6: fqdns: - salt-minion-001.asia-southeast2-a.c.jago-sre-gcp-poc.internal salt-minion-001 init: systemd ip4_gw: 10.106.64.1 kernel: Linux lvm: ---------- machine_id: bbfd6efc4772103b73e837d5fec91028 os: Ubuntu os_family: Debian saltpath: /usr/lib/python3/dist-packages/salt saltversion: 3002.6 shell: /bin/sh
- 12. Salt State ● The state of the host using salt state file (configuration file in yaml format) ● Best practice in salt-formula (https://github.com/saltstack-formulas) ● Example: Last line in text file add string at the end of file: file.append: - name: /tmp/appendfile.txt - text: last line
- 13. Salt Returner ● Result data redirected to external data-stores ● Returner list ○ Cassandra ○ Couchdb ○ Elasticsearch ○ MySQL ○ PostgreSQL ○ MongoDB ○ Slack ○ Splunk ○ Sqlite3 ○ Nagios ○ Kafka ○ https://docs.saltproject.io/en/latest/ref/returners/all/index.html
- 14. Salt Reactor ● React (run command) if there is a specific event salt/job/20210326152042932642/ret/salt-minion-001 { "_stamp": "2021-03-26T15:20:51.888045", "cmd": "_return", "fun": "state.single", "fun_args": [ { "fun": "pkg.installed", "name": "zsh" } ], "id": "salt-minion-001", "jid": "20210326152042932642", "out": "highstate", "retcode": 0, "return": { "pkg_|-zsh_|-zsh_|-installed": { "__id__": "zsh", "__run_num__": 0, "__sls__": null, "changes": { "zsh": { "new": "5.4.2-3ubuntu3.1", "old": "" }, "zsh-common": { "new": "5.4.2-3ubuntu3.1", "old": "" } }, "comment": "The following packages were installed/updated: zsh", "duration": 7516.035, "name": "zsh", "result": true, "start_time": "15:20:44.357773" } }, "success": true }
- 15. Salt Beacon ● A process in minion that can translate external events into salt event bus salt/beacon/salt-minion-001/inotify//etc/important_file { "_stamp": "2021-03-27T14:25:31.156136", "change": "IN_IGNORED", "id": "salt-minion-001", "path": "/etc/important_file" }
- 16. Salt Orchestration ● Orchestrate order of task and target ---------- ID: apply on minion1 Function: salt.state Result: True Comment: States ran successfully. Updating salt-minion-001. Started: 03:32:04.587496 Duration: 558.065 ms Changes: salt-minion-001: ---------- ID: time stamp for orchestration Function: file.managed Name: /tmp/timestamp.txt Result: True Comment: File /tmp/timestamp.txt updated Started: 03:32:05.018703 Duration: 12.949 ms Changes: ---------- diff: New file Summary for salt-minion-001 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 12.949 ms ---------- ID: apply on minion2 Function: salt.state Result: True Comment: States ran successfully. Updating salt-minion-002. Started: 03:32:05.145740 Duration: 457.751 ms Changes: salt-minion-002: ---------- ID: time stamp for orchestration Function: file.managed Name: /tmp/timestamp.txt Result: True Comment: File /tmp/timestamp.txt updated Started: 03:32:05.477723 Duration: 11.74 ms Changes: ---------- diff: New file Summary for salt-minion-002 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 11.740 ms Summary for salt-master-001.asia-southeast2-a.c.jago-sre-gcp- poc.internal_master ------------ Succeeded: 2 (changed=2) Failed: 0 ------------ Total states run: 2 Total run time: 1.016 s
- 17. Salt API ● Execute salt state from API call curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltdev -d password=saltdev -d eauth=pam curl -sSk https://localhost:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 2cceff677b76d4b668653bae4055ee471547c2d7' -d client=local -d tgt='*' -d fun=test.ping
- 18. 1 8 Tips and Tricks ● Don’t execute raw shell script. Execute raw shell as last option ● Use jinja for as template engine ● Separate code logic and configuration value ● Use best practices from salt-formula ● Use virtual environments for salt-minion to avoid python version/update conflict (OS or application) ● Use salt environment approach ● Use vault to store secret ● Put salt state in git repo and release as salt using CI/CD or use gitfs ● Advance topic, salt proxy, salt syndic (master of master), salt cloud (IaC)
- 19. More Information About DKatalis Website : https://dkatalis.co/ Job Opportunity : https://dkatalis.com/opportunity LinkedIn : DKatalis (Digital Katalis) https://www.linkedin.com/company/dkatalis/jobs/ Instagram : @dkatalis https://www.instagram.com/dkatalis/
- 20. 2 0 Reference ● https://www.digitalocean.com/community/tutorials/an-introduction-to-saltstack- terminology-and-concepts#tutorial_series_53 ● SaltStack-Admin ● https://docs.saltproject.io/
- 22. PAGE 22 DEVOPS INDONESIA Stay Connected @devopsindonesia http://www.devopsindonesia.com @IDDevOps @DevOpsIndonesia @IDDevOps DevOps Indonesia
- 23. Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson