salty ops – saltstack introduction
DESCRIPTION
TRANSCRIPT
Salty OPS – Saltstack IntroductionBy Walter Liu 2013/12/24
Before Saltstack(This section is borrowed slides from slideshare)
BasicsCommands and misc
Basic components
Salt-master
Salt-minion
Salt-syndic: for large deployment or cross data-center.
Basic files of Salt
Configuration files /etc/salt/master /etc/salt/minion /etc/salt/minion_id (generated when first time start
daemon) /etc/salt/pki/ (generated when first time start daemon)
Log: /var/log/salt/
GITFS cache: /var/cache/salt/master/gitfs/refs/master/
Basic command
salt salt –v "*" test.ping salt –v –L “web1,web2” test.ping salt –v –E “web[12]” test.ping Salt –v –N group1 test.ping
salt-key –a, salt-key -d
salt-call
Update to newest state
salt –v '*' state.highstate
Copy file to minions
salt ‘*’ cp.get_file salt://path/to/file /minion/path/to/file
salt ‘*’ cp.get_dir salt://path/to/dir/ /minion/path/to/dir/
Information commands
salt '*' sys.doc [module]
salt '*' grains.items
salt '*' pillar.items
Package something andRun command
salt '*' pkg.install nginx
salt '*' pkg.remove nginx
salt '*' cmd.run ifconfig
Batch Size
Use batch size to rolling web server restart.
Example: salt “websvr*” –batch-size 25% apache.signal restart salt “websvr*” –batch-size 10 apache.signal restart
Troubleshooting and Test your command
Use salt-call to run locally
Add test=True to just view what will be done.
example: salt-call -l info state.highstate test=True salt '*' state.highstate test=True salt ‘testsvr01’ state.sls nginx test=True
Demo: Test failed. only salt-call could see the error.
Let’s run some examples.
Installation (CentOS)
yum install salt-master
yum install salt-minion
yum install salt-api
yum install python-halite
Other OS wget -O - http://bootstrap.saltstack.org | sudo sh
Re-initialize demo environment
salt "*" pkg.remove nginx
salt “*” cmd.run “rm /etc/nginx/conf.d/*”
salt-key -D
Add a new machine to Salt
Minion: edit /etc/salt/minion
Minion: hostname change to “www-01.dc1”
Minion: service salt-minion start
Master: salt-key -A
Configure installation in Salty way
Master: edit /etc/salt/master
Master: Add file top.sls
Master: Add file nginx.sls
Minion: salt-call -l debug state.highstate test=True
Master: salt "*" state.highstate test=True
Execute on master: salt "*" state.highstate
Add another new machine to salt
Minion: Add another machine. (hostname)
Master: salt "*" state.highstate
Add a managed config file
Master: edit top.sls, add dc1 directives.
Master: Add dc1/web.sls
Master: Add conf/dc1/www.conf
Master: salt "*" state.highstate
Add dc2 managed config file
Master: edit top.sls, add dc1 directives.
Master: Add dc2/web.sls
Master: Add conf/dc2/www.conf
Master: salt "*" state.highstate
Grains in short
Key values items of minion hardware/env.
Only acquire at salt-minion startup.
May be used in sls/template.
Let’s see how to config by domain/hostname. Master: salt ‘*’ grains.items Master: Add web_general/web.sls Master: Modify top.sls Master: Add conf/dc3/www.conf Master: salt-call ‘*.dc3’ highstate test=True
Pillar in short
Usage Highly Sensitive Data Minion Configuration Variables Arbitrary Data
Example, DB username, password Configure config file by hostname
GITFS
/etc/salt/master, change below configuration fileserver_backend:
- git Gitfs_remotes:
- git@gitlab……..
salt-run fileserver.update
Another method: Or only use gitfs to host config files.
Check config before restart
Application support check config in service reload (“init.d”). Return error code if failed.
Use cmd.wait: - name: ”nginx -s reload” # do reload - onlyif: “nginx -t” # test if config is ok. - watch: - file: /etc/nginx/conf.d/my_web.conf
Collaboration
RD Installation sls: “nginx.sls” User Config sls: “web_general/web.sls” User Config template: “www_redis.conf.template”
OPS top.sls pillar/top.sls
Reference for writing SLS
Salt Formulars on github https://github.com/saltstack-formulas
Salt-states on github https://github.com/saltstack/salt-states
Halite
Demo Web UI
Q & A