OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions
-
Upload
croldham -
Category
Technology
-
view
453 -
download
1
description
Transcript of OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions
Managing network gear and "dumb" devices using
SaltStack Proxy Minions1
C. R. Oldham Platform Engineer SaltStack
Where's (the)
Waldo?
Self-aggrandizement
• North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
• Keyboard + Monitor Give it to C. R.
2
➮
What is Salt?
• Salt is more than just configuration management, it makes up a unified system control platform.
• Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn
3
Founded on Remote Execution
• The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems
• Remote Execution allows for server commands to be sent around an infrastructure
• ZeroMQ topology enables powerful and high speed communication
• Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information
4
Not Just for Large Infrastructure• Salt can scale up or down as
far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi,
BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems
5
• Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
Remote Execution Examples
salt -G 'os:Ubuntu' pkg.upgrade !
salt '*' pkg.install openssl refresh=True !
salt '*' service.restart apache !
salt '*' shadow.set_password root '$1$UY...
6
State Examples/webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True
7
thorium_proj: git.latest: - rev: develop - name: [email protected]:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key:
file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
Minion - to - Master Communication
• Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions
8
• What if devices we want to control can't spare 30 MB?
• Enter the PROXY MINION
What exactly IS a PROXY MINION??!
A process forked from a regular salt-minion that has the sole purpose of talking to a device that
cannot run a minion.
9
GRU == salt-master Minion == salt-minion
Minions == proxy-minionCar ==
Car == proxied device
Where we are going eventually...
salt datacenter-network state.highstate
11
Woohoo!!
Aren't there other tools?
• Web interface • ssh
• The CLI tool that shall remain nameless
Persistent Connection
• Batch-load • Check • Commit
!
• Ephemeral-connection oriented tools drop changes on disconnect. (oops)
• Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome
13
Better Image15
salt-master salt-minion
device
🍴
proxy-minion
HOWTO
• interface package (/srv/salt/_proxy or site-packages/salt/proxy)
• execution modules (/srv/salt/_modules or site-packages/salt/modules)
• grains (/srv/salt/_grains or site-packages/salt/grains)
16
Interface package
• Python package that handles heavy-lifting for connection • Needs a class Proxyconn!– __init__!– proxytype!– id!– ping!– shutdown
17
Execution Modules
• Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__
18
Caveat Emptor
• Process Management • Logging • No Masterless • Lots of things broken
19
C. R. Oldham Platform Engineer
SaltStack
20https://joind.in/11037
[email protected] https://github.com/cro http://ncbt.org cro
Email: GitHub:
Blog: IRC: