SaltStack @ Aetna

Tehmasp Chaudhri | @tehmaspc

Team Background

  • We are the Aetna (Consumer Digital) Operations team

  • We are an Agile Operations team (currently) consisting of:

    • 3 Site Reliability Engineers (SRE)

    • 2 Cloud Systems Developers (CSD)

    • Product Owner

    • ScrumMaster

    • Director of Operations

  • We build and maintain Utopia, an internal developer platform-as-a-service (PaaS)

  • We employ SaltStack for managing all our infrastructure needs for Utopia (and have been using it for almost a year)

  • We try not to take ourselves too seriously but we're serious about what we do

Why Salt?

  • Speed of execution

  • Flexibility (not as opinionated as other CM tools)

  • Extensibility

  • Environments support

  • No steep learning curve (initial familiarity in team)

  • Salt-Cloud & Salt-API

  • Community & Support

Salt Architecture

  • 2014.7.5 (Helium)

  • Single Salt Master in a management AWS VPC

    • ​could scale out to environment Syndics

  • ~100 Minions currently

  • Environments: {Base, Dev, Stg, Prd, Inf} 

  • Well defined server naming scheme:

    • ​e.g. dev-use1a-pr-01-app-db-0001

Network Topology

Salt Formula Design

  • Every formula in its own repository

  • Use settings.sls to define good defaults as well as Pillar and Grain lookups

  • Use Pillars and Grains consistently across all formulas:

    • ​Pillars for common infrastructure configuration

    • Grains for node (or cluster) specific configuration

  • Documentation

    • Every repo should have a proper README

    • README should describe how to use the formula

    • README should provide admin info (if applicable)

  • Testing

    • Isolate testing setup into .vagrant-salt/

    • Manage dependencies with vagrant-saltdeps

    • Manage integration tests with serverspec

Salt Formula Demo

Environments, Top.sls & Pillars

  • We employ multiple environments in order to allow us to test (breaking) changes:

    • {Base, Dev, Stg, Prd, Inf}

  • ​Our Base environment only includes a single formula, core, which we apply to all minions.

  • Reduce top.sls file changes (for States and Pillars) by templating it out and backing it with a Minion's Grain data

  • Use a separate repository for Pillar data

{%- raw %}
{% set roles = salt['grains.get']('roles', '') %}
{%- if roles %}
{%- endraw %}
{{ env }}:
  'env:{{ env }}':
{%- raw %}
    - match: grain
    {%- for role in roles %}
    - {{ role }}
    {%- endfor %}
{% endif %}
{%- endraw %}

Example Environment top.sls

Salt-Cloud Design

  • Leverage Salt-Cloud for spinning up/down all servers

  • Maintain a separate repository for Salt-Cloud configuration

  • Use our own Python DSL for simplifying Salt Cloud configurations

  • Use Grains extensively to manage Minions

Salt Cloud Demo

Shortcomings with Salt

  • Highly active project which seems to introduce a lot of bugs

  • Salt documentation can be out of sync with actual implementation

  • Salt-Cloud improvements are desired

  • Salt environments can be problematic for some

Future Goals with Salt

  • Salt-API

  • Reactor

  • Enterprise GUI


SaltStack @ Aetna

By Tehmasp Chaudhri

SaltStack @ Aetna

SaltStack Deployment @ Aetna

  • 2,393