A dash of Salt(Stack): Using Salt for better OpenStack, Kubernetes, and Cloud — Q&A

Ales Komarek - January 20, 2017 -

On January 16, Ales Komarek presented an introduction to Salt. We covered the following topics:

  • The model-driven architectures behind how Salt stores topologies and workflows
  • How Salt provides solution adaptability for any custom workloads
  • Infrastructure as Code: How Salt provides not only configuration management, but entire life-cycle management
  • How Continuous Delivery/ Integration/ Management fits into the puzzle
  • How Salt manages and scales parallel cloud deployments that include OpenStack, Kubernetes and others

What we didn’t do, however, is get to all of the questions from the audience, so here’s a written version of the Q&A, including those we didn’t have time for.

Q: Why Salt?

A: It’s python, it has a huge and growing base of imperative modules and declarative states, and it has a good message bus.

Q: What tools are used to initially provision Salt across an infrastructure? Cobbler, Puppet, MAAS?

A: To create a new deployment, we rely on a single node, where we bootstrap the Salt master and Metal-as-a-Service (formerly based on Foreman, now Ironic). Then we control the MaaS service to deploy the physical bare-metal nodes.

Q: How broad a range of services do you already have recipes for, and how easy is it to write and drop in new ones if you need one that isn’t already available?

A: The ecosystem is pretty vast. You can look at either https://github.com/tcpcloud or the formula ecosystem overview at http://openstack-salt.tcpcloud.eu/develop/extending-ecosystem.html. There are also guidelines for creating new formulas, which is very straight-forward process. A new service can be created in matter of hours, or even minutes.

Q: Can you convert your existing Puppet/Ansible scripts to Salt, and what would I search to find information about that?

A: Yes, we have reverse engineered autmation for some of these services in the past. For example we were deeply inspired by the Ansible module for Gerrit resource management.  You can find some information on creating Salt Formulas at https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html,  and we will be adding tutorial material here on this blog in the near future.

Q: Is there a NodeJS binding available?

A: If you meant the NodeJS formula to setup a NodeJS enironment, yes, there is such a formula. If you mean bindings to the system, you can use the Salt API to integrate NodeJS with Salt.

Q: Have you ever faced performance issues when storing a lot of data in pillars?

A: We have not faced performance issues with pillars that are deliverd by reclass ENC. It has been tested up to a few thousands of nodes.

Q: What front end GUI is typically used with Salt monitoring (e.g., Kibana, Grafana,…)?

A: Salt monitoring uses Sensu or StackLight for the actual functional monitoring checks. It uses Kibana to display events stored in Elasticsearch and Grafana to visualize metrics coming from time-series databases such as Graphite or Influx.

Q: What is the name of the salt PKI manager? (Or what would I search for to learn more about using salt for infrastructure-wide PKI management?)

A: The PKI feature is well documented in the Salt docs, and is available at https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html.

Q: Can I practice installing and deploying SaltStack on my laptop? Can you recommend a link?

A: I’d recommend you have a look at http://openstack-salt.tcpcloud.eu/develop/quickstart-vagrant.html where you can find a nice tutorial on how to setup a simple infrastructure.

Q:  What is the best way to manage Reclass-based metadata?

A:  Because metadata is text-based, you can easily use any version control system that enables you to ensure that changes are tracked and tested.

Q: Thanks for the presentation! Within Heat, I’ve only ever seen salt used in terms of software deployments. What we’ve seen today, however, goes clear through to service, resource, and even infrastructure deployment! In this way, does Salt become a viable alternative to Heat? (I’m trying to understand where the demarcation is between the two now.)

A: Think of Heat as part of the solution responsible for spinning up the harware resources such as networks, routers and servers, in a way that is similar to MaaS, Ironic or Foreman. Salt’s part begins where Heat’s part ends – after the resources are started, Salt takes over and finishes the installation/configuration process.

Q: When you mention Orchestration, how does salt differentiate from Heat, or is Salt making Heat calls?

A: Heat is more for hardware resources orchestration. It has some capability to do software configuration, but rather limited. We have created heat resources that help to classify resources on fly. We also have salt heat modules capable of running a heat stack.

Q: Will you be showing any parts of SaltStack Enterprise, or only FREE Salt Open Source? Do you use Salt in Multi-Master deployment?

A: We are using the opensource version of SaltStack, the enterprise gets little gain given the pricing model. In some deployments, we use the salt master HA deployment setups.

Q: What HA engine is typically used for the Salt master?

A: We use 2 separate masters with shared storage provided by GlusterFS on which the master’s and minions’ keys are stored.

Q: Is there a GUI ?

A: The creation of a GUI is currently under discussion.

Q: How do you enforce Role Based Administration in the Salt Master? Can you segregate users to specific job roles and limit which jobs they can execute in Salt?

A: We use the ACLs of the Salt master to limit the user’s options. This also applies for the Jenkins-powered pipelines, which we also manage by Salt, both on the job and the user side.

Q: Can you show the salt files (.sls, pillar, …)?

A: You can look at the github for existing formulas at https://github.com/tcpcloud and good example of pillars can be found at https://github.com/Mirantis/mk-lab-salt-model/.

Q: Is there a link for deploying Salt for Kubernetes? Any best practices guide?

A: The best place to look is the https://github.com/openstack/salt-formula-kubernetes README.

Q: Is SaltStack the same as what’s on saltstack.com, or is it a different project?

A: These are the same project. Saltstack.com is company that is behind the Salt technology and provides support and enterprise versions.

Q: So far this looks like what Chef can do. Can you make a comparison or focus on the “value add” from Salt that Chef or Puppet don’t give you?

A: The replaceability/reusability of the individual components is very easy, as all formulas are ‘aware’ of the rest and share a common form and single dependency tree. This is a problem with community-based formulas in either of the other tools, as they are not very compatible with each other.

Q: In terms of purpose, is there any difference between SaltStack vs Openstack?

A: Apart from the fact that SaltStack can install OpenStack, it can also provide virtualization capabilities. However, Salt has very limited options, while OpenStack supports complex production level scenarios.

Q: Great webinar guys. Ansible seems to have a lot of traction as means of deploying OpenStack. Could you compare/contrast with SaltStack in this context?

A: With Salt, the OpenStack services are just part of wider ecosystem; the main advantage comes from the consistency across all services/formulas, the provision of support metadata to provide documentation or monitoring features.

Q: How is Salt better than Ansible/Puppet/Chef ?

A: The biggest difference is the message bus, which lets you control, and get data from, the infrastructure with great speed and concurrency.

Q: Can you elaborate mirantis fuel vs saltstack?

Fuel is an open source project that was (and is) designed to deploy OpenStack from a single ISO-based artifact, and to provide various lifecycle management functions once the cluster has been deployed. SaltStack is designed to be more granular, working with individual components or services.

Q: Are there plans to integrate SaltStack in to MOS?

A: The Mirantis Cloud Platform (MCP) will be powered by Salt/Reclass.

Q: Is Fuel obsolete or it will use Salt in the background instead of Puppet?

A: Fuel in its current form will continue to be used for deploying Mirantis OpenStack in the traditional manner (as a single ISO file). We are extending our portfolio of life cycle management tools to include appropriate technologies for deploying and managing open source software in MCP. For example, Fuel CCP will be used to deploy containerized OpenStack on Kubernetes. Similarly, Decapod will be used to deploy Ceph. All of these lifecycle management technologies are, in a sense, Fuel. Whether a particular tool uses Salt or Puppet will depend on what it’s doing.

Q: MOS 10 release date?

A: We’re still making plans on this.

From Virtualization to Containerization
Learn how to move from monolithic to microservices in this free eBook
Download Now
Radio Cloud Native – Week of May 11th, 2022

Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news. This week they discussed: Docker Extensions Artificial Intelligence shows signs that it's reaching the common person Google Cloud TPU VMs reach general availability Google buys MobileX, folds into Google Cloud NIST changes Palantir is back, and it's got a Blanket Purchase Agreement at the Department of Health and Human …

Radio Cloud Native – Week of May 11th, 2022
Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!

In the last several weeks we have released two updates to Mirantis Container Cloud - versions 2.16 and 2.17, which bring a number of important changes and enhancements. These are focused on both keeping key components up to date to provide the latest functionality and security fixes, and also delivering new functionalities for our customers to take advantage of in …

Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!
Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]

Cloud environments & Kubernetes are becoming more and more expensive to operate and manage. In this demo-rich workshop, Mirantis and Kubecost demonstrate how to deploy Kubecost as a Helm chart on top of Mirantis Kubernetes Engine. Lens users will be able to visualize their Kubernetes spend directly in the Lens desktop application, allowing users to view spend and costs efficiently …

Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
Manage your cloud-native container environment with Mirantis Container Cloud

Wednesday, January 5 at 10:00 am PST
Mirantis Webstore
Purchase Kubernetes support