Changes between Initial Version and Version 1 of Internal/salt


Ignore:
Timestamp:
May 31, 2018, 3:14:22 AM (6 years ago)
Author:
msherman
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/salt

    v1 v1  
     1== Configuration Management in ORBIT and WINLAB ==
     2
     3We are currently using saltstack to push configuration changes to servers. This is a server/client model, with the salt-minion running on clients, and salt-master on the central servr.
     4
     5Clients find the master via looking for 'salt' in DNS, by default, and can be otherwise configured in a multitude of ways.
     6Currently, 'salt' resolves to salt.winlab.rutgers.edu or salt.orbit-lab.org, and both are CNAMES for interfaces of remote-l, which exists in both networks.
     7
     8After finding the master, the minion performs a key exchange. Further communication is done via encrypted message broker traffic over tcp, using the ZMQ protocol.
     9
     10=== File structure and layout ===
     11We are using salt 'states' and 'pillars'. States describe a desired configuration, e.g., this package is installed, these files are present, this user has these properties, etc. Pillars contain more specific configurations in key-value pairs, or YAML more generally.
     12
     13States reference pillars, so instead of configuring PAM to refer to ldap.orbit, the specific string would be pulled in as needed. TODO: Syntax reference.
     14
     15Importantly, information in the 'state' files are available to ALL clients, as it represents potential commands to run.
     16Conversely, information in the 'pillar' files are ONLY available to the clients targeted. Other clients will see either nothing, or a default value.
     17
     18States and pillars are each targeted to clients via a 'top' file. This contains a list of matching rules, and state IDs.
     19For example:
     20{{{
     21base:
     22  external*.orbit-lab.org:
     23    - ssh.present
     24}}}
     25
     26This top file would target all clients with a name matching external*.orbit-lab.org, and have them execute the state ssh.present, from the tree for enviroment 'base'
     27
     28Our current structure is as follows:
     29{{{
     30/srv
     31    /pillar
     32        /base
     33            top.sls
     34        /orbit
     35        /winlab
     36    /salt
     37        /base
     38            top.sls
     39        /orbit
     40        /winlab
     41}}}
     42