OpenNebula and

SaltStackValentin Bud

CEO

databus.pro | valentin@databus.pro | @databuspro

OpenNebulaConfBerlin, Germany, September 25th

#OpenNebulaConf

SaltStackAbout

• The name is the vision

• A different approach to infrastructure management

• Transparent control system

• A simple viable building block

#OpenNebulaConfValentin Bud | @valentinbud#CloudTim

SaltStackStanding on the Shoulders of the Giants

• Python

• 0MQ

• MessagePack

• M2Crypto

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackArchitecture

...

0MQ

MASTER(S)

minion

minion

minion

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackThe Remote Execution Engine

root@salt ~ # salt ‘*’ test.ping

nfs:

True

salt:

True

node01:

True

salt nfs

test.ping

response

0MQ

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackMeet your minions - Grains

root@salt ~ # salt ‘nfs’ grains.items

nfs:

...

kernel: Linux

kernelrelease: 2.6.32-358.18.1.el6.x86_64

localhost: nfs master: salt

mem_total: 1877

nodename: nfs

num_cpus: 2

num_gpus: 1

os: CentOS

os_family: RedHat

oscodename: Final

osfullname: CentOS

...

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackGrains - Tag your minions

root@salt ~ # salt ‘salt’ grains.setval role opennebula-frontend

salt:

role: opennebula-frontend

root@salt ~ # salt ‘salt’ grains.item role

salt:

role:

opennebula-frontend

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackTarget your Minions

GLOBBING

root@salt ~ # salt -G 'web*' test.ping

REGULAR EXPRESSIONS

root@salt ~ # salt -E 'web1-(prod|devel)' test.ping

LISTS

root@salt ~ # salt -L 'web1,web2,web3' test.ping

GRAINS

root@salt ~ # salt -G '@os:CentOS' test.ping

#OpenNebulaConfValentin Bud | @valentinbud

OpenNebula and SaltStackOpenNebulaConf Demo Cloud

salt

frontend

node01

salt

nfs

Services Networkprivate

virtual

machine

network

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackThe State System

• The Configuration Management component

• Already available with a basic setup

• Powerful, fast, lightweight system

#OpenNebulaConfValentin Bud | @valentinbud

opennebula-server StateInstall the OpenNebula Server

opennebula-server/init.sls:

opennebula-server:

pkg:

- installed

service:

- running

- require:

- pkg: opennebula-server

#OpenNebulaConfValentin Bud | @valentinbud

The Anatomy of a StateIT IS ALL JUST DATA!

opennebula-server/init.sls:

opennebula-server:

pkg:

- installed

service:

- running

- require:

- pkg: opennebula-server

ID DECLARATION

STATE DECLARATION

STATE ARGUMENTS

#OpenNebulaConfValentin Bud | @valentinbud

opennebula-sunstone StateBeyond a single State File

opennebula-server/init.sls:

opennebula-server:

pkg:

- installed

service:

- running

- require:

- pkg: opennebula-server

opennebula-sunstone/init.sls:

include:

- opennebula-server

opennebula-sunstone:

pkg:

- installed

service:

- running

- require:

- service: opennebula-server

#OpenNebulaConfValentin Bud | @valentinbud

State ExecutionBehind the scenes

salt minion

state.sls opennebula-server

response

root@salt ~ # salt ‘minion’ state.sls opennebula-server

1

parse

and

execute

2

3

0MQ

#OpenNebulaConfValentin Bud | @valentinbud

SaltStack The Highstate

root@salt ~ # salt ‘*’ state.highstate

states/top.sls

base:

‘frontend’:

- opennebula-server

- opennebula-frontend

#OpenNebulaConfValentin Bud | @valentinbud

SaltStack The Render System

• State data is just that - data

• It does not need to be represented in YAML

• State files can be rendered from any medium

• Modular system

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackBe a Ninja with Jinja2

libvirt/init.sls:

libvirt:

pkg:

- installed

{% if grains[‘os’] == ‘Debian’ %}

- name: libvirt-bin

{% elif grains[‘os’] == ‘CentOS’ %}

- name: libvirt

{% endif %}

#OpenNebulaConfValentin Bud | @valentinbud

State ExecutionBehind the scenes with Jinja2

salt minion

state.sls libvirt

response

root@salt ~ # salt ‘minion’ state.sls opennebula-server

1

parse

execute

2

4

render

3

0MQ

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackThe Pillar Interface

• Generate/store data for specific minions

• Highly sensitive data

• Minion configuration

• Variables

• Arbitrary data

#OpenNebulaConfValentin Bud | @valentinbud

OpenNebula oneadmin PasswordStored in Pillar

pillar/opennebula.sls:

opennebula:

oneadmin:

password: SecurePassword

state/oneadmin.sls:

oneadmin_password:

cmd:

- run

- name: oneuser passwd 0 {{ pillar[‘opennebula’][‘oneadmin’][‘password’] }}

#OpenNebulaConfValentin Bud | @valentinbud

OpenNebula Node CommunicationTOP SECRET

frontend node

START VM

VM STARTED

NEEDS:

SSH password-less communication Distribute Public Key to Nodes

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackThe Mine

node

mine

mine.send

oneadmin_public_key.put

1

mine.get2

/var/lib/one/.ssh/authorized_keys

3

frontend:

oneadmin_public_key: ssh-rsa ...

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackThe Mine in States

state/oneadmin_ssh_auth.sls:

oneadmin_ssh_auth:

ssh_auth:

- present

- user: oneadmin

- name: {{ salt['mine.get']('frontend', 'oneadmin_public_key.get') }}

#OpenNebulaConfValentin Bud | @valentinbud

SaltStackPeer Communication

• Allow minion to “talk” to each other

• Chatting done via Master

• Must be enabled on the Master

• Live data from other minions!

#OpenNebulaConfValentin Bud | @valentinbud

OpenNebula Node UpCreate it on the Frontend

salt node

state.sls opennebula-node-kvm

communicate frontend to

create node

1

configure

node2

4

3

frontend

create

node

#OpenNebulaConfValentin Bud | @valentinbud

Bootstrap OpenNebula Demo Cloud

The SaltStack Overstate

overstate

all

network

nfs-server

storage

frontend

frontend

nodes

nodes

1

2

3

4

5

6

7

8

#OpenNebulaConfValentin Bud | @valentinbud

Conclusions

• Two simple tools together = POWER

• Salt is fast

• Both are easy to use

• Salt can morph and grow together with your needs

2

#OpenNebulaConfValentin Bud | @valentinbud

databus.pro

@