Minion-Specific Data With etcd

Josh VanderLinden

2014-04-27 17:35

So I've been spending a fair amount of my free time lately learning more about salt, docker, and CoreOS. Salt has been treating very well. I mostly only use it at home, but more opportunities to use it at work are near.

The first I remember really hearing about Docker was when one of my co-workers tried using it for one of his projects. I didn't really spend much time with it until after SaltConf earlier this year (where lots of others brought it up). I'm pretty excited about Docker. I generally go out of my way to make sure my stuff will work fine on various versions of Linux, and Docker makes testing on various platforms insanely easy.

CoreOS is one of my more recent discoveries. I stumbled upon it in the wee hours of the night a few weeks ago, and I've been very curious to see how CoreOS and my fairly limited knowledge of Docker could help me. For those of you who haven't heard of CoreOS yet, it's kinda like a "hypervisor" for Docker containers with some very cool clustering capabilities.

I was able to attend a SaltStack and CoreOS meetup this past week. Most of the CoreOS developers stopped by on their way to GopherCon, and we all got to see a very cool demo of CoreOS in action. It was very cool to see everything in action.

One of the neat projects that the CoreOS folks have given us is called etcd. It is a "highly-available key value store for shared configuration and service discovery." I'm still trying to figure out how to effectively use it, but what I've seen of it is very cool. Automatic leader election, rapid synchronization, built-in dashboard, written in Go.

Anyway, I wanted to be able to use information stored in an etcd cluster in my Salt states. techhat committed some initial support for etcd in Salt about a month ago, but the pillar support was a bit more limited than I had hoped. Last night I submitted a pull request for getting minion-specific information out of etcd. This won't be available for a little while--it's only in the develop branch for now.

To use it, you'll need a couple of things in your Salt master's configuration file (/etc/salt/master). First, you must configure your etcd host and port. In order to use this information in our pillar, we need to configure this using a named profile. We'll call the profile "local_etcd":

local_etcd:
  etcd.host: 127.0.0.1
  etcd.port: 4001

Now we can tell Salt to fetch pillar information from this etcd server as so:

ext_pillar:
  - etcd: local_etcd root=/salt

Be sure to restart your Salt master after making these modifications. Let's add some information to etcd to play with:

etcdctl set salt/foo/bar baz
etcdctl set salt/foo/baz qux

After doing so, you should be able to grab this information from any minion's pillar:

salt "*" pillar.items foo
test1:
    ----------
    foo:
        ----------
        bar:
            baz
        baz:
            qux
test2:
    ----------
    foo:
        ----------
        bar:
            baz
        baz:
            qux

Ok, that's great! We've achived shared information between etcd and our Salt pillar. But what do we do to get minion-specific data out of etcd? Well, we need to start by modifying our master's configuration again. Replace our previous ext_pillar config with the following:

ext_pillar:
  - etcd: local_etcd root=/salt/shared
  - etcd: local_etcd root=/salt/private/%(minion_id)s

Note that the original etcd root changed from /salt to /salt/shared. We do this so we don't inadvertently end up with all minion-specific information from etcd in the shared pillar. Now let's put the sample data back in (again, noting the addition of shared/):

etcdctl set salt/shared/foo/bar baz
etcdctl set salt/shared/foo/baz qux

To override the value of one of these keys for a specific minion, we can use that minion's ID in the key:

etcdctl set salt/private/test2/foo/baz demo

Now when we inspect our pillar, it should look like this:

salt "*" pillar.items foo
test1:
    ----------
    foo:
        ----------
        bar:
            baz
        baz:
            qux
test2:
    ----------
    foo:
        ----------
        bar:
            baz
        baz:
            demo

Notice that the value for foo.baz is qux for minion test1, while its value is demo for test2. Success!

SaltConf 2014

Josh VanderLinden

2014-02-01 21:44

Comments

Being one to try to automate all teh things, I'm always curious to find and experiment with new tools that appear which are supposed to help me be lazy. SaltStack is one such tool.

I first stumbled upon references to SaltStack sometime before the summer of 2012. At the time, I only put enough effort into SaltStack to be aware of what it does and a little bit of its history. I remember telling a few of my friends about it, and adding it to my TODO list. At some point, I even installed it on a couple of my computers.

The problem was that I never made time to actually learn how to use it. I kept telling myself that I'd experiment with it, but something else always got in the way--kids, work, gaming... Also, I had briefly used tools like chef and puppet (or tried to), and I had a bad taste in my mouth about configuration management utilities. I'm sure part of my hesitation had to do with those tools.

Anyway, fast forward to the beginning of January 2014. Salt is still installed on my main computer, but I've never even launched or configured it. I decided to uninstall salt and come back to it another time. Just a few short days after uninstalling salt, my supervisor at work sent me an email, asking if I'd be interested in attending SaltConf. I was more than happy to jump on the opportunity to finally learn about this tool that I had been curious and hesitant to use (and get paid to do it!).

The Training

I was able to sign up for an introductory course for SaltStack, which took place on Tuesday, January 28th. This was an all-day ordeal, but it was very intriguing to me. Normally, I'm one of the quiet ones in a classroom setting. I rarely ask questions or comment on this or that. This was not the case with the training course. I was all over everything our instructors had to say. I was hooked.

A lot of topics were quickly reviewed during the training. What normally takes 3 days was compressed into a single-day course. It was rather brutal in that sense--tons of material to digest. I think they did a fantastic job of explaining the core concepts and giving a fair number of examples during the training.

The Conference

SaltConf really began on Wednesday, and there were some absolutely fantastic sessions. I was particularly impressed with a demo of VMware's vCloud Application Director, which can orchestrate the creation of entire clusters of inter-related servers.

Other sessions that were quite interesting to me mostly related to virtualization using Docker, straight LXC, and libvirt. I'm very excited to become proficient with salt when dealing with virtualized environments.

The Certification

SaltStack officially introduced its first certification, known as SSCE (SaltStack Certified Engineer). The certification fee was included in the registration for the conference. Despite only having a matter of hours worth of rudimentary experience with SaltStack, I decided I might as well take a stab at the exam. I fully expected to fail, but I had absolutely nothing to lose other than an hour taking the exam.

Well, I took the exam Wednesday night, after the full day of training and another full day of seeing real-world uses for salt. I did spend an hour or two reading docs, installing, and configuring salt on my home network too. Eighty questions and 56 minutes later, I learned my score.

I got 68 our of the 80 questions correct--85%! Not bad for a newbie. I hear the pass/fail threshold is 80%, but I've yet to receive my SSCE number or anything like that. Hopefully by Monday I'll receive that information.

Moving Forward

It actually occurred to me that I've basically built my own version of the platform-independent remote execution portion of SaltStack (for work). Many of the same concepts exist in both salt and my own implementation. I will say that I am partial to the my design, but I'll most likely be phasing it out to move toward salt in the long term.

After attending all three days of SaltStack deliciousness, I'm absolutely convinced that salt will be a part of my personal and professional toolkit for a long time to come. It's an extremely powerful and modular framework.

In the little bit of experimentation that I've done with salt on my home network, I've already found a few bug that appear to be low-hanging fruit. I plan on working closely with the community to verify that they are indeed bugs, and I most definitely plan on contributing back everything I can. This is such an exciting project!!

If you haven't used it yet, you must research it and give it a try. It is a game-changer.