Personal tools

Contact Us 24/7 > 1 866.SIX FEET
Sections

Skip to content. | Skip to navigation

Home > Blog > Using SaltStack for server configuration management and more
12/01/16

EVERYONE.NET SCHEDULED MAINTENANCE 

Everyone.net will be performing maintenance on their databases Friday December 2nd, 2016 between 9:00PM PT to 3:00AM PT / 12:00AM ET to 06:00AM ET. During this time, all services including web mail, POP, IMAP, and SMTP relay may experience degraded performance and inbound mail delivery delays. We apologize for any inconvenience.

Blog

Using SaltStack for server configuration management and more

written by Calvin Hendryx-Parker on Tuesday October 21, 2014
Comments | Filed under: , ,

SaltStacklogoblackonwhite.png

What is SaltStack (Salt)?

Salt is currently one of the fastest growing configuration management systems. It is written in Python and uses ZeroMQ to communicate nearly instantaneously with all of the servers in your infrastructure that it calls minions.

Some of the common tasks people use Salt for are:

  • Orchestration

  • Remote Execution

  • Configuration Management

  • and more!

Why we chose salt

Over two years ago we recognized that to maintain a high level of service and availability, we were going to need to deploy some mechanism to keep our server's (now mostly VMs) configured in a consistent manner. This is even more true today if you consider the rate at which security vulnerabilities are being reported that need to be addressed across the entire infrastructure, in our case this is a few hundred managed hosts. We had in the past had two false starts trying to use cfengine, but in the end we put together a list and evaluated the following choices:

  • Puppet

  • Chef

  • cfengine

  • bcfg2

  • Salt

Given our previous failed attempts at using cfengine, we ruled it out right away. bcfg2 was also a smaller project and didn't support FreeBSD as well as we would have liked so it also got eliminated pretty quickly. Chef and Puppet are both written in Ruby, and writing your management details requires either using Ruby or a specific language for Puppet. Personally, I wasn't excited about learning more things to reduce my workload.

Salt was very new at this time, but seemed increasingly promising. The first big thing it had going for it was it was written in Python and we are a Python shop. The next big benefit for us was it used YAML as it language for representing the states of servers and Jinja for the templating language. This was important because we already have Jinja experience and YAML keeps things nice and simple. The last big benefit for me was the fact that it wasn't just configuration management, the remote execution was very important for being able to inventory, query and remotely fix servers en masse.

How we use salt

We touch and use salt everyday now at Six Feet Up, but one of the nice features was the ability to start small. We initially started with a simple set of states that just configured ntpd and our LDAP settings for all of our hosts. With each new service we needed to roll out, we would make Salt states and now maintain those services strictly with Salt. You can eventually work your way up to never touching the servers directly, but always implementing the changes via the Salt states.

Salt now enables us to track the history of the state of our servers using git as our backend to the states. We are also now leveraging the Salt pillar system (along with git as well) to simplify keeping our states cross platform as we actually manage and maintain FreeBSD along with Ubuntu and CentOS.

Now when a new security vulnerability comes out, we can quickly audit our hosts by querying the infrastructure for vulnerable packages using Salt. We also use salt for purposes beyond configuration management such as attaching customer information such as tech contacts to the minions in salt so we can query for contacts based on VM host or rack location.

 
Add comment

You can add a comment by filling out the form below. Plain text formatting.

puzzle
Calvin Hendryx-Parker
Chief Technology Officer
Calvin's Recent Posts:
Django CMS vs Plone (10/31/2016)

Next Steps


Select a type of support:

Contact our sales team

First name:
Last name:
Email:
Phone Number:
Message:
Fight spam:
What is + ?
 
Call Us 1 866.SIX FEET
Sections