openwest 2014-05-10 where's the waldo, saltstack proxy minions
DESCRIPTION
Salt now includes proxy minions, a method of controlling devices that cannot run a minion. This deck is an overview of how proxy minions work and how they can be created.TRANSCRIPT
![Page 1: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/1.jpg)
Managing network gear and "dumb" devices using
SaltStack Proxy Minions1
C. R. Oldham Platform Engineer SaltStack
Where's (the)
Waldo?
![Page 2: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/2.jpg)
Self-aggrandizement
• North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
• Keyboard + Monitor Give it to C. R.
2
➮
![Page 3: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/3.jpg)
What is Salt?
• Salt is more than just configuration management, it makes up a unified system control platform.
• Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn
3
![Page 4: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/4.jpg)
Founded on Remote Execution
• The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems
• Remote Execution allows for server commands to be sent around an infrastructure
• ZeroMQ topology enables powerful and high speed communication
• Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information
4
![Page 5: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/5.jpg)
Not Just for Large Infrastructure• Salt can scale up or down as
far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi,
BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems
5
• Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
![Page 6: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/6.jpg)
Remote Execution Examples
salt -G 'os:Ubuntu' pkg.upgrade !
salt '*' pkg.install openssl refresh=True !
salt '*' service.restart apache !
salt '*' shadow.set_password root '$1$UY...
6
![Page 7: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/7.jpg)
State Examples/webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True
7
thorium_proj: git.latest: - rev: develop - name: [email protected]:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key:
file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
![Page 8: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/8.jpg)
Minion - to - Master Communication
• Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions
8
• What if devices we want to control can't spare 30 MB?
• Enter the PROXY MINION
![Page 9: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/9.jpg)
What exactly IS a PROXY MINION??!
A process forked from a regular salt-minion that has the sole purpose of talking to a device that
cannot run a minion.
9
![Page 10: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/10.jpg)
GRU == salt-master Minion == salt-minion
Minions == proxy-minionCar ==
Car == proxied device
![Page 11: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/11.jpg)
Where we are going eventually...
salt datacenter-network state.highstate
11
Woohoo!!
![Page 12: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/12.jpg)
Aren't there other tools?
• Web interface • ssh
• The CLI tool that shall remain nameless
![Page 13: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/13.jpg)
Persistent Connection
• Batch-load • Check • Commit
!
• Ephemeral-connection oriented tools drop changes on disconnect. (oops)
• Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome
13
![Page 14: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/14.jpg)
![Page 15: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/15.jpg)
Better Image15
salt-master salt-minion
device
🍴
proxy-minion
![Page 16: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/16.jpg)
HOWTO
• interface package (/srv/salt/_proxy or site-packages/salt/proxy)
• execution modules (/srv/salt/_modules or site-packages/salt/modules)
• grains (/srv/salt/_grains or site-packages/salt/grains)
16
![Page 17: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/17.jpg)
Interface package
• Python package that handles heavy-lifting for connection • Needs a class Proxyconn!– __init__!– proxytype!– id!– ping!– shutdown
17
![Page 18: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/18.jpg)
Execution Modules
• Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__
18
![Page 19: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/19.jpg)
Caveat Emptor
• Process Management • Logging • No Masterless • Lots of things broken
19
![Page 20: OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions](https://reader033.vdocuments.mx/reader033/viewer/2022052822/554f8f78b4c905d25b8b5124/html5/thumbnails/20.jpg)
C. R. Oldham Platform Engineer
SaltStack
20https://joind.in/11037
[email protected] https://github.com/cro http://ncbt.org cro
Email: GitHub:
Blog: IRC: