CI/CD / DevOps / Sponsored

SaltStack for Event-Based IT Orchestration Across the Hybrid Cloud

28 Nov 2018 8:15am, by

SaltStack sponsored this story.

Many IT operations teams turn to SaltStack for help in configuration management, but this is only a subset of the software’s capabilities. Organizations can think about using SaltStack to orchestrate the initial deployment, and then ongoing security and management, of their entire IT environment.

“Salt was not [initially] designed as a configuration management tool. It is an orchestration engine first, but it happens to do configuration management really, really well,” said Gary Richmond, who is part of the SaltStack’s professional services team. This is why the software has often been lumped in with Puppet, Chef, and Ansible in the configuration management space, but the tool is not limited to configuration.

At the recent SaltConf18 user conference in Salt Lake City, the company behind the open source Salt, and its enterprise component, SaltStack Enterprise, demonstrated how the software can be used to apply intelligent IT automation to many routine actions of setting up IT infrastructure, such as how to provision large numbers of VMs — with multiple configurations — on a cloud service, how to run bare-metal deployments of  full server stacks with no intervention, and even how to manage VLANs and other software-defined network set-ups.

“All the power of Salt, what it could do on specific nodes, can be orchestrated across the environment,” Richmond said, noting that Salt will track the success and failure of each step along the way. If you’ve got a limit on, say, how many VMs you can spin up on AWS, Salt can respond to that failure, and trigger an alternate orchestration. It could halt the step, or roll it back to a previous state.”

This method of orchestration will be increasingly essential in expanding IT ops for the years to come, noted Alex Peay, SaltStack vice president of product. “No matter what your problem is today, you’re not going to solve it by just adding more people to your staff. You need to use event-driven automation to orchestrate the security and management of your digital infrastructure. Then you start to replace complexity by using the system to understand trends and anomalies in the machine, then automating an appropriate response. As digital systems grow, event-driven automation easily scales to manage it all, which is much easier than adding 10 more people to your staff.”

This is not the same kind of orchestration, exactly, in the way that we commonly refer to how Kubernetes “orchestrates” the movements of containers across a cluster, though SaltStack can configure and maintain containers as well. But SaltStack can be used with Kubernetes itself, deciding what containers will be needed and Kubernetes scheduling them on a cluster. One could also use Salt to roll out Kubernetes itself.

Richmond himself is a passionate advocate for Salt, and his enthusiasm arose prior to joining SaltStack. In his previous job, Richmond worked at NASA’s Jet Propulsion Laboratory. In 2013, when the Curiosity Rover landed on Mars, its live video stream of landing generated an immense amount of traffic, so Richmond led an effort to look into configuration management software for their web properties, one that could fully stand up a server with no manual intervention. He compared Puppet, Ansible, Salt, and Chef. Salt turned out to be the best fit.

At its heart, Salt is a remote execution engine, one that can control and extend resources. In a Salt configuration, the master node keeps track of all the resources and their ideal state. A minion runs on each resource and checks in periodically across a service bus for any changes that it needs to execute., Salt can execute any action that can be run from the command line, augmented with any data needed for that specific instance.

The Salt Master is not limited to managing specific machines, however, but to entire environments. “Those orchestration states can orchestrate the deployment of configuration across an environment,” Richmond said, speaking in a recent episode of The New Stack Context podcast. Once you provision servers, you can do additional environmentally specific actions, such as establish security groups, or set up virtual private clouds.

The API interface for Salt can drive this orchestration. An external call could come into Salt by way of the API, and trigger an orchestration process that could create nodes in different environments, with different settings. A single call, along with some POST data, can be used to initiate an orchestration state that leverages inline Salt Pillar data previously captured, so the orchestration state will deploy resources based on the parameters provided.

SaltStack can be used to do bare metal hardware provisioning with PXE-based servers, and work itself all the way up the stack to where it can be used to install the software, checking the repositories for the latest releases. Salt orchestration can not only set up a server, but an entire LAMP stack as well. If a database server is successfully set up, it can then join it to an application server and load balancer. And, in the best GitOps tradition, the administrator could set up a workflow where, as soon as new code is committed in Git or GitHub, it can be automatically deployed into a test or production environment.

The graphical interface and operations framework of SaltStack Enterprise provides a way for IT and security operations teams to coordinate and automate the work of just about any member of the team. SaltStack Enterprise provides IT teams with the ability to create jobs then assign permissions to groups of users so they can run these jobs on specific targets. For global deployment, SaltStack Enterprise can also manage multiple masters, and run jobs across them, holding data in a central file server and database.

Cloud Provisioning

Using SaltStack Enterprise, the admin could create a single job for creating cloud-based (VMs), then for different configurations, point to the appropriate Pillar describing that configuration. Salt Cloud provides connectivity to different hosts, allowing SaltStack to connect to VMs and other cloud infrastructure.

Salt Cloud allows you to specify providers, such as AWS Cloud, Azure, Google Cloud Platform, or any of dozens of other clouds. Providing SaltStack with the path to the secret key needed to access these services will allow the software to provision resources directly. You can designate a distribution, the size of the instance, and the region you want it to run. SaltStack examines its environment, sees what it is running on, adds the correct repositories, and does an installation.

This workflow capability gets interesting when you start to consider jobs like creating large numbers of virtual machines on AWS Cloud, especially if many of the VMs are different.

This approach sets up the possibility of changing behaviors of an orchestration state during a runtime, using inline Pillar data. As an example, Salt could be used as part of a Continuous Integration/Continuous Deployment (CI/CD) pipeline. Once a new version of some software has been tagged, a post-commit git hook initiates a call to the SaltStack API to provision infrastructure for testing.

Today’s cloud provisioning is still largely a manual task at most organizations, with a self-service portal where users can dispatch an email to the admin to provision a virtual machine. There’s no reason that this operation couldn’t be automated, with the command line command tailored to the permissions of the user and the specifications provided:

sudo salt-run state.orch orch.create_vm \ pillar='{"vm": {"hostname": "SaltConf18-SSEOrch-Lab##-Minion01", "role": ["apache", "salt-minion"], "os": "rhel", "provider": "aws", "az": "us-west-1b"}}'

SaltStack is not limited to server management. It can be the bedrock for managing software-defined networking (SDN) and network automation. For instance, it can change a VLAN out from underneath a virtual machine. Normally, this process would take up to 30 minutes under the most organized workflow, though more likely it can take days if the process requires manual approval of some sort. Once that is done, the admin would still have to locate the port and the switch for the specific hypervisor, then make the changes.

Under SaltStack, a new VLAN can be added in seconds. As a bonus, SaltStack keeps live documentation of the network topology, so this documentation never goes out of date.

Feature image: SaltStack’s Alex Peay.

A digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.