SlideShare a Scribd company logo

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

C
croldham

Salt now includes proxy minions, a method of controlling devices that cannot run a minion. This deck is an overview of how proxy minions work and how they can be created.

Technology
1 of 20
Download to read offline
Managing network gear and "dumb" devices using SaltStack Proxy Minions1 C. R. Oldham Platform Engineer SaltStack Where's (the) Waldo?
Self-aggrandizement • North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
 • Keyboard + Monitor Give it to C. R. 2 ➮
What is Salt? • Salt is more than just configuration management, it makes up a unified system control platform. • Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn 3
Founded on Remote Execution • The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems • Remote Execution allows for server commands to be sent around an infrastructure • ZeroMQ topology enables powerful and high speed communication • Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information 4
Not Just for Large Infrastructure • Salt can scale up or down as far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi, BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems 5 • Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
Remote Execution Examples salt -G 'os:Ubuntu' pkg.upgrade ! salt '*' pkg.install openssl refresh=True ! salt '*' service.restart apache ! salt '*' shadow.set_password root '$1$UY... 6
State Examples /webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True 7 thorium_proj: git.latest: - rev: develop - name: git@github.com:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key: file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
Minion - to - Master Communication • Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions 8 • What if devices we want to control can't spare 30 MB? • Enter the PROXY MINION
What exactly IS a PROXY MINION??! A process forked from a regular salt-minion that has the sole purpose of talking to a device that cannot run a minion. 9
GRU == salt-master Minion == salt-minion Minions == proxy-minion Car == Car == proxied device
Where we are going eventually... salt datacenter-network state.highstate 11 Woohoo!!
Aren't there other tools? • Web interface • ssh • The CLI tool that shall remain nameless
Persistent Connection • Batch-load • Check • Commit ! • Ephemeral-connection oriented tools drop changes on disconnect. (oops) • Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome 13
Better Image 15 salt- master salt-minion device 🍴 proxy-minion
HOWTO • interface package 
 (/srv/salt/_proxy or site-packages/salt/proxy) • execution modules 
 (/srv/salt/_modules or site-packages/salt/modules) • grains 
 (/srv/salt/_grains or site-packages/salt/grains) 16
Interface package • Python package that handles heavy-lifting for connection • Needs a class Proxyconn! – __init__! – proxytype! – id! – ping! – shutdown 17
Execution Modules • Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__ 18
Caveat Emptor • Process Management • Logging • No Masterless • Lots of things broken 19
C. R. Oldham Platform Engineer SaltStack 20 https://joind.in/11037 cr@saltstack.com https://github.com/cro http://ncbt.org cro Email: GitHub: Blog: IRC:

Recommended

Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackAymen EL Amri
 
Getting started with salt stack
Getting started with salt stackGetting started with salt stack
Getting started with salt stackSuresh Paulraj
 
Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)DevOps Indonesia
 
Meetup - An introduction to Salt
Meetup - An introduction to SaltMeetup - An introduction to Salt
Meetup - An introduction to SaltRichard Woudenberg
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Understanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationUnderstanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationjasondenning
 
Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackRafael de Paula Souza
 
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE
 

Recommended

Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackAymen EL Amri
 
Getting started with salt stack
Getting started with salt stackGetting started with salt stack
Getting started with salt stackSuresh Paulraj
 
Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)DevOps Indonesia
 
Meetup - An introduction to Salt
Meetup - An introduction to SaltMeetup - An introduction to Salt
Meetup - An introduction to SaltRichard Woudenberg
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Understanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationUnderstanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationjasondenning
 
Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackRafael de Paula Souza
 
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE
 
OWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owfOWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owfParis Open Source Summit
 
OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosOSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosNETWAYS
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Deep dive networking
Deep dive networkingDeep dive networking
Deep dive networkingVictor Morales
 
Case Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersCase Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersManuel Schweizer
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityAaronLieberman5
 
Erlang containers
Erlang containersErlang containers
Erlang containersSargun Dhillon
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos EngineeringWillian Paixao
 
Red Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignRed Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignDan Radez
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingSargun Dhillon
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesSargun Dhillon
 
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...Felipe Prado
 
OMD and Check_mk
OMD and Check_mkOMD and Check_mk
OMD and Check_mkArtur Martins
 
Erlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportErlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportSargun Dhillon
 
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringJason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringZenoss
 
Internet
InternetInternet
InternetHero Ben
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE LabFernando Lopez Aguilar
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 
Ppt01 1
Ppt01 1Ppt01 1
Ppt01 1Sabbir Naim
 
AmeetKumar - 1
AmeetKumar - 1AmeetKumar - 1
AmeetKumar - 1Ameet Dubey
 

More Related Content

What's hot

OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosOSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosNETWAYS
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Case Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersCase Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersManuel Schweizer
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityAaronLieberman5
 
Red Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignRed Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignDan Radez
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingSargun Dhillon
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesSargun Dhillon
 
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...Felipe Prado
 
Erlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportErlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportSargun Dhillon
 
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringJason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringZenoss
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 

What's hot (20)

OWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owfOWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owf
 
OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosOSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Deep dive networking
Deep dive networkingDeep dive networking
Deep dive networking
 
Case Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersCase Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service Providers
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
 
Erlang containers
Erlang containersErlang containers
Erlang containers
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos Engineering
 
Red Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignRed Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture Design
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in Networking
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing Microservices
 
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
 
OMD and Check_mk
OMD and Check_mkOMD and Check_mk
OMD and Check_mk
 
Erlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportErlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field Report
 
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringJason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
 
Internet
InternetInternet
Internet
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStorm
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewall
 

Viewers also liked

ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)Nastassia Roy
 
dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015dinCloud Inc.
 
Penyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional KepemudaanPenyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional KepemudaanRissalwan Lubis
 
Edita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween TreatsEdita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween TreatsEdita Kaye
 
وانةى دووةم
وانةى دووةموانةى دووةم
وانةى دووةمChia Barzinje
 
Engage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξηEngage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξηGeorge Androulakis
 
Mixed Use Scheme Management London
Mixed Use Scheme Management LondonMixed Use Scheme Management London
Mixed Use Scheme Management LondonMainstay Gorup
 
Vt419 v granskning biltvätt
Vt419 v granskning biltvättVt419 v granskning biltvätt
Vt419 v granskning biltvättEmilJorgensen
 
ученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы деканаученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы деканаuch_sovet_RGPU
 

Viewers also liked (18)

Ppt01 1
Ppt01 1Ppt01 1
Ppt01 1
 
AmeetKumar - 1
AmeetKumar - 1AmeetKumar - 1
AmeetKumar - 1
 
ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)
 
IJETR022025
IJETR022025IJETR022025
IJETR022025
 
dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015
 
Penyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional KepemudaanPenyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional Kepemudaan
 
Edita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween TreatsEdita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween Treats
 
وانةى دووةم
وانةى دووةموانةى دووةم
وانةى دووةم
 
Sensores o2 demo
Sensores o2 demoSensores o2 demo
Sensores o2 demo
 
Engage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξηEngage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξη
 
Mixed Use Scheme Management London
Mixed Use Scheme Management LondonMixed Use Scheme Management London
Mixed Use Scheme Management London
 
Week6
Week6Week6
Week6
 
Curso efi demo cuerpo acelerador
Curso efi demo cuerpo aceleradorCurso efi demo cuerpo acelerador
Curso efi demo cuerpo acelerador
 
Curso de sistemas de inyección y encendido electrónico programable
Curso de sistemas de inyección y encendido electrónico programableCurso de sistemas de inyección y encendido electrónico programable
Curso de sistemas de inyección y encendido electrónico programable
 
Curso efi demo control
Curso efi demo controlCurso efi demo control
Curso efi demo control
 
Guia poetes
Guia poetesGuia poetes
Guia poetes
 
Vt419 v granskning biltvätt
Vt419 v granskning biltvättVt419 v granskning biltvätt
Vt419 v granskning biltvätt
 
ученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы деканаученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы декана
 

Similar to OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012Boundary
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudyJohn Adams
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web ScaleSaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web ScaleSaltStack
 
Considerations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfConsiderations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfhik_lhz
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Why SaltStack ?
Why SaltStack ?Why SaltStack ?
Why SaltStack ?SUSE
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceNETWAYS
 
Redis everywhere - PHP London
Redis everywhere - PHP LondonRedis everywhere - PHP London
Redis everywhere - PHP LondonRicard Clau
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Tomas Doran
 
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)Blazeclan Technologies Private Limited
 
Sutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSharon James
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamerWannes Rams
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamerSharon James
 
Connect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsConnect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsAaronLieberman5
 
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshopKathleen Ludewig Omollo
 
Chirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterJohn Adams
 

Similar to OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions (20)

Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web ScaleSaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
 
Considerations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfConsiderations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmf
 
Software defined networking: Primer
Software defined networking: PrimerSoftware defined networking: Primer
Software defined networking: Primer
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Why SaltStack ?
Why SaltStack ?Why SaltStack ?
Why SaltStack ?
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
 
Redis everywhere - PHP London
Redis everywhere - PHP LondonRedis everywhere - PHP London
Redis everywhere - PHP London
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014
 
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
 
Sutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSutol How To Be A Lion Tamer
Sutol How To Be A Lion Tamer
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
 
Connect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsConnect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom Connectors
 
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop
 
Chirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling Twitter
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

  • 1. Managing network gear and "dumb" devices using SaltStack Proxy Minions1 C. R. Oldham Platform Engineer SaltStack Where's (the) Waldo?
  • 2. Self-aggrandizement • North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
 • Keyboard + Monitor Give it to C. R. 2 ➮
  • 3. What is Salt? • Salt is more than just configuration management, it makes up a unified system control platform. • Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn 3
  • 4. Founded on Remote Execution • The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems • Remote Execution allows for server commands to be sent around an infrastructure • ZeroMQ topology enables powerful and high speed communication • Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information 4
  • 5. Not Just for Large Infrastructure • Salt can scale up or down as far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi, BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems 5 • Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
  • 6. Remote Execution Examples salt -G 'os:Ubuntu' pkg.upgrade ! salt '*' pkg.install openssl refresh=True ! salt '*' service.restart apache ! salt '*' shadow.set_password root '$1$UY... 6
  • 7. State Examples /webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True 7 thorium_proj: git.latest: - rev: develop - name: git@github.com:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key: file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
  • 8. Minion - to - Master Communication • Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions 8 • What if devices we want to control can't spare 30 MB? • Enter the PROXY MINION
  • 9. What exactly IS a PROXY MINION??! A process forked from a regular salt-minion that has the sole purpose of talking to a device that cannot run a minion. 9
  • 10. GRU == salt-master Minion == salt-minion Minions == proxy-minion Car == Car == proxied device
  • 11. Where we are going eventually... salt datacenter-network state.highstate 11 Woohoo!!
  • 12. Aren't there other tools? • Web interface • ssh • The CLI tool that shall remain nameless
  • 13. Persistent Connection • Batch-load • Check • Commit ! • Ephemeral-connection oriented tools drop changes on disconnect. (oops) • Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome 13
  • 14.
  • 16. HOWTO • interface package 
 (/srv/salt/_proxy or site-packages/salt/proxy) • execution modules 
 (/srv/salt/_modules or site-packages/salt/modules) • grains 
 (/srv/salt/_grains or site-packages/salt/grains) 16
  • 17. Interface package • Python package that handles heavy-lifting for connection • Needs a class Proxyconn! – __init__! – proxytype! – id! – ping! – shutdown 17
  • 18. Execution Modules • Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__ 18
  • 19. Caveat Emptor • Process Management • Logging • No Masterless • Lots of things broken 19
  • 20. C. R. Oldham Platform Engineer SaltStack 20 https://joind.in/11037 cr@saltstack.com https://github.com/cro http://ncbt.org cro Email: GitHub: Blog: IRC: