OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

  • 360 views
Uploaded on

Salt now includes proxy minions, a method of controlling devices that cannot run a minion. This deck is an overview of how proxy minions work and how they can be created.

Salt now includes proxy minions, a method of controlling devices that cannot run a minion. This deck is an overview of how proxy minions work and how they can be created.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
360
On Slideshare
352
From Embeds
8
Number of Embeds
1

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 8

http://www.slideee.com 8

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Managing network gear and "dumb" devices using SaltStack Proxy Minions1 C. R. Oldham Platform Engineer SaltStack Where's (the) Waldo?
  • 2. Self-aggrandizement • North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
 • Keyboard + Monitor Give it to C. R. 2 ➮
  • 3. What is Salt? • Salt is more than just configuration management, it makes up a unified system control platform. • Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn 3
  • 4. Founded on Remote Execution • The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems • Remote Execution allows for server commands to be sent around an infrastructure • ZeroMQ topology enables powerful and high speed communication • Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information 4
  • 5. Not Just for Large Infrastructure • Salt can scale up or down as far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi, BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems 5 • Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
  • 6. Remote Execution Examples salt -G 'os:Ubuntu' pkg.upgrade ! salt '*' pkg.install openssl refresh=True ! salt '*' service.restart apache ! salt '*' shadow.set_password root '$1$UY... 6
  • 7. State Examples /webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True 7 thorium_proj: git.latest: - rev: develop - name: git@github.com:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key: file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
  • 8. Minion - to - Master Communication • Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions 8 • What if devices we want to control can't spare 30 MB? • Enter the PROXY MINION
  • 9. What exactly IS a PROXY MINION??! A process forked from a regular salt-minion that has the sole purpose of talking to a device that cannot run a minion. 9
  • 10. GRU == salt-master Minion == salt-minion Minions == proxy-minion Car == Car == proxied device
  • 11. Where we are going eventually... salt datacenter-network state.highstate 11 Woohoo!!
  • 12. Aren't there other tools? • Web interface • ssh • The CLI tool that shall remain nameless
  • 13. Persistent Connection • Batch-load • Check • Commit ! • Ephemeral-connection oriented tools drop changes on disconnect. (oops) • Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome 13
  • 14. Better Image 15 salt- master salt-minion device 🍴 proxy-minion
  • 15. HOWTO • interface package 
 (/srv/salt/_proxy or site-packages/salt/proxy) • execution modules 
 (/srv/salt/_modules or site-packages/salt/modules) • grains 
 (/srv/salt/_grains or site-packages/salt/grains) 16
  • 16. Interface package • Python package that handles heavy-lifting for connection • Needs a class Proxyconn! – __init__! – proxytype! – id! – ping! – shutdown 17
  • 17. Execution Modules • Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__ 18
  • 18. Caveat Emptor • Process Management • Logging • No Masterless • Lots of things broken 19
  • 19. C. R. Oldham Platform Engineer SaltStack 20 https://joind.in/11037 cr@saltstack.com https://github.com/cro http://ncbt.org cro Email: GitHub: Blog: IRC: