In my last article, we spun up some bare metal compute on Packet with Pulumi and installed SaltStack.
In order to use SaltStack to provision our workloads on our servers, we need a way to identify which machines should be provisioned with what workload. SaltStack uses Grains to do this ... and there's a metadata grain that can read metadata from cloud providers; unfortunately, it doesn't support Packet.
Drats âšī¸
Happy news though, SaltStack is rather extensible; as long as you don't mind getting your hands a little dirty with Python.
Writing a Custom Grain
Writing a SaltStack grain module is SUPER easy. Lets take a look at the simplest implementation I can put together.
def test(): return dict(test={ "name": "David", "age": "18", }) Yeah, yeah. I know I'm not 18 anymore. Shush.
Grain modules are Python functions that return key value pairs. This code above returns a grain named "test" with the key/value pairs name = David and age = 18. This means we can run salt minion-1 grains.item test and we'll see:
minion-1: ---------- test: ---------- name: David age: 18 Of course, we don't want to return hared coded key values! We want to return information about our servers from Packet's metadata API.
The code to handle this isn't particularly complicated. In-fact, performing a HTTP request in Python is really simple đ
Lets take a look.
import json import logging import salt.utils.http as http # Setup logging log = logging.getLogger( __name__ ) # metadata server information HOST = "https://metadata.packet.net/metadata" def packet_metadata(): response = http.query(HOST) metadata = json.loads(response["body"]) log.error(metadata) grains = {} grains["id"] = metadata["id"] grains["iqn"] = metadata["iqn"] grains["plan"] = metadata["plan"] grains["class"] = metadata["class"] grains["facility"] = metadata["facility"] grains["tags"] = metadata["tags"] return dict(packet_metadata=grains) The important lines here are these three:
HOST = "https://metadata.packet.net/metadata" response = http.query(HOST) metadata = json.loads(response["body"]) We first query the metadata API endpoint, defined by the variable HOST. We then decode the body of the response into a Python dict, using json.loads.
This gives us access to every bit of metadata returned by the Packet metadata API. That looks like:
{ "id": "c5ce85c5-1eef-4581-90b6-88a91e47e207", "hostname": "master-1", "iqn": "iqn.2020-08.net.packet:device.c5ce85c5", "operating_system": { "slug": "debian_9", "distro": "debian", "version": "9", "license_activation": { "state": "unlicensed" }, "image_tag": "b32a1f31b127ef631d6ae31af9c6d8b69dcaa9e9" }, "plan": "c2.medium.x86", "class": "c2.medium.x86", "facility": "ams1", "private_subnets": ["10.0.0.0/8"], "tags": ["role/salt-master"], "ssh_keys": [ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGf0w9b+lPcZhsNHU8Sw5hJPBhpNICTNkjlBz9jxtLbWNGvHTE1lBeXU5VA2/7cuYw48apHmMURHFtK5AZx3srg=" ], "storage": { "disks": [ { "device": "/dev/sdd", "wipeTable": true, "partitions": [ { "label": "BIOS", "number": 1, "size": "512M" }, { "label": "SWAP", "number": 2, "size": "3993600" }, { "label": "ROOT", "number": 3, "size": 0 } ] } ], "filesystems": [ { "mount": { "device": "/dev/sdd1", "format": "vfat", "point": "/boot/efi", "create": { "options": ["32", "-n", "EFI"] } } }, { "mount": { "device": "/dev/sdd3", "format": "ext4", "point": "/", "create": { "options": ["-L", "ROOT"] } } }, { "mount": { "device": "/dev/sdd2", "format": "swap", "point": "none", "create": { "options": ["-L", "SWAP"] } } } ] }, "network": { "bonding": { "mode": 4, "link_aggregation": "bonded", "mac": "50:6b:4b:b4:a9:3a" }, "interfaces": [ { "name": "eth0", "mac": "50:6b:4b:b4:a9:3a", "bond": "bond0" }, { "name": "eth1", "mac": "50:6b:4b:b4:a9:3b", "bond": "bond0" } ], "addresses": [ { "id": "5d28837b-29c5-4505-bb05-930fd3760bac", "address_family": 4, "netmask": "255.255.255.252", "created_at": "2020-08-03T14:07:50Z", "public": true, "cidr": 30, "management": true, "enabled": true, "network": "147.75.84.128", "address": "147.75.84.130", "gateway": "147.75.84.129", "parent_block": { "network": "147.75.84.128", "netmask": "255.255.255.252", "cidr": 30, "href": "/ips/7a30c2bf-f0e5-402c-b0c0-b8ab03359e63" } }, { "id": "937552c6-cf1a-474d-9866-9fb1e0525503", "address_family": 4, "netmask": "255.255.255.254", "created_at": "2020-08-03T14:07:49Z", "public": false, "cidr": 31, "management": true, "enabled": true, "network": "10.80.76.4", "address": "10.80.76.5", "gateway": "10.80.76.4", "parent_block": { "network": "10.80.76.0", "netmask": "255.255.255.128", "cidr": 25, "href": "/ips/8f8cd919-165a-4e62-b461-af7c15a25ec4" } } ] }, "customdata": {}, "specs": { "cpus": [ { "count": 1, "type": "AMD EPYC 7401P 24-Core Processor @ 2.0GHz" } ], "memory": { "total": "64GB" }, "drives": [ { "count": 2, "size": "120GB", "type": "SSD", "category": "boot" }, { "count": 2, "size": "480GB", "type": "SSD", "category": "storage" } ], "nics": [ { "count": 2, "type": "10Gbps" } ], "features": {} }, "switch_short_id": "f8dd5e3f", "volumes": [], "api_url": "https://metadata.packet.net", "phone_home_url": "http://tinkerbell.ams1.packet.net/phone-home", "user_state_url": "http://tinkerbell.ams1.packet.net/events" } I decided not to make all of this available within the grains system, as only a few data points make sense for scheduling workloads. Hence, I cherry pick out the attributes I want for the next demo. You can pick and choose whatever you want too.
grains = {} grains["id"] = metadata["id"] grains["iqn"] = metadata["iqn"] grains["plan"] = metadata["plan"] grains["class"] = metadata["class"] grains["facility"] = metadata["facility"] grains["tags"] = metadata["tags"] return dict(packet_metadata=grains) Provisioning the Custom Grain
Now that we have a custom grain, we need to update our Pulumi code to install this on our Salt master.
NB : We only need to make this grain available on our Salt master, as the Salt master takes responsibility for syncing custom grains to the minions.
I've updated our user-data.sh to create the directory we need and added the mustache template syntax that allows us to inject the Python script. We use & before the variable name to request that mustache doesn't escape our quotes to HTML entities ... I only learnt that today đ
mkdir -p /srv/salt/_grains cat <<EOF >/srv/salt/_grains/packet_metadata.py {{ &PACKET_METADATA_PY }} EOF Next up, we provide the Python script at render time and provide some tags for our servers when we create them.
const pythonPacketMetadataGrain = fs .readFileSync(path.join(__dirname, "..", "salt", "packet_metadata.py")) .toString(); const saltMaster = new Device(`master-${name}`, { // ... code omitted for brevity userData: mustache.render(bootstrapString, { PACKET_METADATA_PY: pythonPacketMetadataGrain, }), // Add tags to this server tags: ["role/salt-master"], }); Syncing Custom Grains
Finally, we need to tell our Salt master to sync the grains to our minions.
salt "*" saltutil.grains_sync You can now confirm the custom grain is working with:
root@master-1:~# salt "*" grains.item packet_metadata minion-1: ---------- packet_metadata: ---------- class: c2.medium.x86 facility: ams1 id: ab0bc2ba-557b-4d99-a1eb-0beec02adff2 iqn: iqn.2020-08.net.packet:device.ab0bc2ba plan: c2.medium.x86 tags: - role/salt-minion master-1: ---------- packet_metadata: ---------- class: c2.medium.x86 facility: ams1 id: 97ce9196-077d-4ce9-82a5-d58bf59d0dbc iqn: iqn.2020-08.net.packet:device.97ce9196 plan: c2.medium.x86 tags: - role/salt-master That's it! Next time we'll take a look at using our tags to provision and schedule our workloads.
See you then.
Top comments (0)