OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

1,316 views
959 views

Published on

Salt now includes proxy minions, a method of controlling devices that cannot run a minion. This deck is an overview of how proxy minions work and how they can be created.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,316
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

  1. 1. Managing network gear and "dumb" devices using SaltStack Proxy Minions1 C. R. Oldham Platform Engineer SaltStack Where's (the) Waldo?
  2. 2. Self-aggrandizement • North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
 • Keyboard + Monitor Give it to C. R. 2 ➮
  3. 3. What is Salt? • Salt is more than just configuration management, it makes up a unified system control platform. • Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn 3
  4. 4. Founded on Remote Execution • The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems • Remote Execution allows for server commands to be sent around an infrastructure • ZeroMQ topology enables powerful and high speed communication • Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information 4
  5. 5. Not Just for Large Infrastructure • Salt can scale up or down as far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi, BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems 5 • Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
  6. 6. Remote Execution Examples salt -G 'os:Ubuntu' pkg.upgrade ! salt '*' pkg.install openssl refresh=True ! salt '*' service.restart apache ! salt '*' shadow.set_password root '$1$UY... 6
  7. 7. State Examples /webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True 7 thorium_proj: git.latest: - rev: develop - name: git@github.com:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key: file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
  8. 8. Minion - to - Master Communication • Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions 8 • What if devices we want to control can't spare 30 MB? • Enter the PROXY MINION
  9. 9. What exactly IS a PROXY MINION??! A process forked from a regular salt-minion that has the sole purpose of talking to a device that cannot run a minion. 9
  10. 10. GRU == salt-master Minion == salt-minion Minions == proxy-minion Car == Car == proxied device
  11. 11. Where we are going eventually... salt datacenter-network state.highstate 11 Woohoo!!
  12. 12. Aren't there other tools? • Web interface • ssh • The CLI tool that shall remain nameless
  13. 13. Persistent Connection • Batch-load • Check • Commit ! • Ephemeral-connection oriented tools drop changes on disconnect. (oops) • Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome 13
  14. 14. Better Image 15 salt- master salt-minion device 🍴 proxy-minion
  15. 15. HOWTO • interface package 
 (/srv/salt/_proxy or site-packages/salt/proxy) • execution modules 
 (/srv/salt/_modules or site-packages/salt/modules) • grains 
 (/srv/salt/_grains or site-packages/salt/grains) 16
  16. 16. Interface package • Python package that handles heavy-lifting for connection • Needs a class Proxyconn! – __init__! – proxytype! – id! – ping! – shutdown 17
  17. 17. Execution Modules • Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__ 18
  18. 18. Caveat Emptor • Process Management • Logging • No Masterless • Lots of things broken 19
  19. 19. C. R. Oldham Platform Engineer SaltStack 20 https://joind.in/11037 cr@saltstack.com https://github.com/cro http://ncbt.org cro Email: GitHub: Blog: IRC:

×