SlideShare a Scribd company logo

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

C
croldham

Salt now includes proxy minions, a method of controlling devices that cannot run a minion. This deck is an overview of how proxy minions work and how they can be created.

Technology
1 of 20
Download to read offline
Managing network gear and "dumb" devices using SaltStack Proxy Minions1 C. R. Oldham Platform Engineer SaltStack Where's (the) Waldo?
Self-aggrandizement • North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
 • Keyboard + Monitor Give it to C. R. 2 ➮
What is Salt? • Salt is more than just configuration management, it makes up a unified system control platform. • Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn 3
Founded on Remote Execution • The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems • Remote Execution allows for server commands to be sent around an infrastructure • ZeroMQ topology enables powerful and high speed communication • Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information 4
Not Just for Large Infrastructure • Salt can scale up or down as far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi, BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems 5 • Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
Remote Execution Examples salt -G 'os:Ubuntu' pkg.upgrade ! salt '*' pkg.install openssl refresh=True ! salt '*' service.restart apache ! salt '*' shadow.set_password root '$1$UY... 6
State Examples /webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True 7 thorium_proj: git.latest: - rev: develop - name: git@github.com:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key: file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
Minion - to - Master Communication • Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions 8 • What if devices we want to control can't spare 30 MB? • Enter the PROXY MINION
What exactly IS a PROXY MINION??! A process forked from a regular salt-minion that has the sole purpose of talking to a device that cannot run a minion. 9
GRU == salt-master Minion == salt-minion Minions == proxy-minion Car == Car == proxied device
Where we are going eventually... salt datacenter-network state.highstate 11 Woohoo!!
Aren't there other tools? • Web interface • ssh • The CLI tool that shall remain nameless
Persistent Connection • Batch-load • Check • Commit ! • Ephemeral-connection oriented tools drop changes on disconnect. (oops) • Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome 13
Better Image 15 salt- master salt-minion device 🍴 proxy-minion
HOWTO • interface package 
 (/srv/salt/_proxy or site-packages/salt/proxy) • execution modules 
 (/srv/salt/_modules or site-packages/salt/modules) • grains 
 (/srv/salt/_grains or site-packages/salt/grains) 16
Interface package • Python package that handles heavy-lifting for connection • Needs a class Proxyconn! – __init__! – proxytype! – id! – ping! – shutdown 17
Execution Modules • Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__ 18
Caveat Emptor • Process Management • Logging • No Masterless • Lots of things broken 19
C. R. Oldham Platform Engineer SaltStack 20 https://joind.in/11037 cr@saltstack.com https://github.com/cro http://ncbt.org cro Email: GitHub: Blog: IRC:

Recommended

Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackAymen EL Amri
 
Getting started with salt stack
Getting started with salt stackGetting started with salt stack
Getting started with salt stackSuresh Paulraj
 
Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)DevOps Indonesia
 
Meetup - An introduction to Salt
Meetup - An introduction to SaltMeetup - An introduction to Salt
Meetup - An introduction to SaltRichard Woudenberg
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Understanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationUnderstanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationjasondenning
 
Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackRafael de Paula Souza
 
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE
 

Recommended

Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackAymen EL Amri
 
Getting started with salt stack
Getting started with salt stackGetting started with salt stack
Getting started with salt stackSuresh Paulraj
 
Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)Introduction to SaltStack (An Event-Based Configuration Management)
Introduction to SaltStack (An Event-Based Configuration Management)DevOps Indonesia
 
Meetup - An introduction to Salt
Meetup - An introduction to SaltMeetup - An introduction to Salt
Meetup - An introduction to SaltRichard Woudenberg
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Understanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationUnderstanding salt modular sub-systems and customization
Understanding salt modular sub-systems and customizationjasondenning
 
Introduction to SaltStack
Introduction to SaltStackIntroduction to SaltStack
Introduction to SaltStackRafael de Paula Souza
 
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKA
CODE BLUE 2014 : マルウエアによる検出回避方法の解説 by 篠塚 大志 HIROSHI SHINOTSUKACODE BLUE
 
OWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owfOWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owfParis Open Source Summit
 
OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosOSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosNETWAYS
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Deep dive networking
Deep dive networkingDeep dive networking
Deep dive networkingVictor Morales
 
Case Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersCase Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersManuel Schweizer
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityAaronLieberman5
 
Erlang containers
Erlang containersErlang containers
Erlang containersSargun Dhillon
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos EngineeringWillian Paixao
 
Red Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignRed Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignDan Radez
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingSargun Dhillon
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesSargun Dhillon
 
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...Felipe Prado
 
OMD and Check_mk
OMD and Check_mkOMD and Check_mk
OMD and Check_mkArtur Martins
 
Erlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportErlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportSargun Dhillon
 
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringJason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringZenoss
 
Internet
InternetInternet
InternetHero Ben
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE LabFernando Lopez Aguilar
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 
Ppt01 1
Ppt01 1Ppt01 1
Ppt01 1Sabbir Naim
 
AmeetKumar - 1
AmeetKumar - 1AmeetKumar - 1
AmeetKumar - 1Ameet Dubey
 

More Related Content

What's hot

OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosOSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosNETWAYS
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Case Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersCase Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersManuel Schweizer
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityAaronLieberman5
 
Red Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignRed Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignDan Radez
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingSargun Dhillon
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesSargun Dhillon
 
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...Felipe Prado
 
Erlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportErlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportSargun Dhillon
 
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringJason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringZenoss
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 

What's hot (20)

OWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owfOWF12/Open Standards for Cloud - Cs owf
OWF12/Open Standards for Cloud - Cs owf
 
OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over NagiosOSDC 2015: Bernd Erk | Why favour Icinga over Nagios
OSDC 2015: Bernd Erk | Why favour Icinga over Nagios
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Deep dive networking
Deep dive networkingDeep dive networking
Deep dive networking
 
Case Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service ProvidersCase Study - IPv6 Challenges for Cloud Service Providers
Case Study - IPv6 Challenges for Cloud Service Providers
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
 
Erlang containers
Erlang containersErlang containers
Erlang containers
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos Engineering
 
Red Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture DesignRed Hat Forum Tokyo - OpenStack Architecture Design
Red Hat Forum Tokyo - OpenStack Architecture Design
 
Lying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in NetworkingLying, Cheating, and Winning with Containers in Networking
Lying, Cheating, and Winning with Containers in Networking
 
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing MicroservicesBuilding the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing Microservices
 
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
DEF CON 27 - DOUGLAS MCKEE - hvacking understanding the delta between securit...
 
OMD and Check_mk
OMD and Check_mkOMD and Check_mk
OMD and Check_mk
 
Erlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field ReportErlang User Conference 2016: Container Networking: A Field Report
Erlang User Conference 2016: Container Networking: A Field Report
 
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT MonitoringJason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
Jason Stanley, Secure-24 - Own IT Through Proactive IT Monitoring
 
Internet
InternetInternet
Internet
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStorm
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewall
 

Viewers also liked

ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)Nastassia Roy
 
dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015dinCloud Inc.
 
Penyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional KepemudaanPenyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional KepemudaanRissalwan Lubis
 
Edita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween TreatsEdita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween TreatsEdita Kaye
 
وانةى دووةم
وانةى دووةموانةى دووةم
وانةى دووةمChia Barzinje
 
Engage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξηEngage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξηGeorge Androulakis
 
Mixed Use Scheme Management London
Mixed Use Scheme Management LondonMixed Use Scheme Management London
Mixed Use Scheme Management LondonMainstay Gorup
 
Vt419 v granskning biltvätt
Vt419 v granskning biltvättVt419 v granskning biltvätt
Vt419 v granskning biltvättEmilJorgensen
 
ученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы деканаученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы деканаuch_sovet_RGPU
 

Viewers also liked (18)

Ppt01 1
Ppt01 1Ppt01 1
Ppt01 1
 
AmeetKumar - 1
AmeetKumar - 1AmeetKumar - 1
AmeetKumar - 1
 
ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)ViV Magazine Volume 3 (Feb - Mar 2014)
ViV Magazine Volume 3 (Feb - Mar 2014)
 
IJETR022025
IJETR022025IJETR022025
IJETR022025
 
dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015dinCloud PR Highlights Q3 2015
dinCloud PR Highlights Q3 2015
 
Penyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional KepemudaanPenyusunan Dokumen Rencana Aksi Nasional Kepemudaan
Penyusunan Dokumen Rencana Aksi Nasional Kepemudaan
 
Edita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween TreatsEdita Kaye | Creepy Halloween Treats
Edita Kaye | Creepy Halloween Treats
 
وانةى دووةم
وانةى دووةموانةى دووةم
وانةى دووةم
 
Sensores o2 demo
Sensores o2 demoSensores o2 demo
Sensores o2 demo
 
Engage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξηEngage Συζητήσεις στην τάξη
Engage Συζητήσεις στην τάξη
 
Mixed Use Scheme Management London
Mixed Use Scheme Management LondonMixed Use Scheme Management London
Mixed Use Scheme Management London
 
Week6
Week6Week6
Week6
 
Curso efi demo cuerpo acelerador
Curso efi demo cuerpo aceleradorCurso efi demo cuerpo acelerador
Curso efi demo cuerpo acelerador
 
Curso de sistemas de inyección y encendido electrónico programable
Curso de sistemas de inyección y encendido electrónico programableCurso de sistemas de inyección y encendido electrónico programable
Curso de sistemas de inyección y encendido electrónico programable
 
Curso efi demo control
Curso efi demo controlCurso efi demo control
Curso efi demo control
 
Guia poetes
Guia poetesGuia poetes
Guia poetes
 
Vt419 v granskning biltvätt
Vt419 v granskning biltvättVt419 v granskning biltvätt
Vt419 v granskning biltvätt
 
ученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы деканаученый совет 22 мая 2014 -Выборы декана
ученый совет 22 мая 2014 -Выборы декана
 

Similar to OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012Boundary
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudyJohn Adams
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web ScaleSaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web ScaleSaltStack
 
Considerations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfConsiderations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfhik_lhz
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Why SaltStack ?
Why SaltStack ?Why SaltStack ?
Why SaltStack ?SUSE
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceNETWAYS
 
Redis everywhere - PHP London
Redis everywhere - PHP LondonRedis everywhere - PHP London
Redis everywhere - PHP LondonRicard Clau
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Tomas Doran
 
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)Blazeclan Technologies Private Limited
 
Sutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSharon James
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamerWannes Rams
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamerSharon James
 
Connect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsConnect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsAaronLieberman5
 
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshopKathleen Ludewig Omollo
 
Chirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterJohn Adams
 

Similar to OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions (20)

Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012Boundary for puppet @ puppet conf2012
Boundary for puppet @ puppet conf2012
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web ScaleSaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
SaltConf14 - Craig Sebenik, LinkedIn - SaltStack at Web Scale
 
Considerations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmfConsiderations when implementing_ha_in_dmf
Considerations when implementing_ha_in_dmf
 
Software defined networking: Primer
Software defined networking: PrimerSoftware defined networking: Primer
Software defined networking: Primer
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Why SaltStack ?
Why SaltStack ?Why SaltStack ?
Why SaltStack ?
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
 
Redis everywhere - PHP London
Redis everywhere - PHP LondonRedis everywhere - PHP London
Redis everywhere - PHP London
 
Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014Sensu and Sensibility - Puppetconf 2014
Sensu and Sensibility - Puppetconf 2014
 
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
[TechTalks] Learning Configuration Management with SaltStack (Advanced Concepts)
 
Sutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSutol How To Be A Lion Tamer
Sutol How To Be A Lion Tamer
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
 
Connect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom ConnectorsConnect the Dots: Logging and Custom Connectors
Connect the Dots: Logging and Custom Connectors
 
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop
 
Chirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling Twitter
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

OpenWest 2014-05-10 Where's the Waldo, SaltStack Proxy Minions

  • 1. Managing network gear and "dumb" devices using SaltStack Proxy Minions1 C. R. Oldham Platform Engineer SaltStack Where's (the) Waldo?
  • 2. Self-aggrandizement • North Central Association, Director of IT • Marvell Semiconductor, Compute Environment Manager • HopeKids, Executive Director • SaltStack, Platform Engineer
 • Keyboard + Monitor Give it to C. R. 2 ➮
  • 3. What is Salt? • Salt is more than just configuration management, it makes up a unified system control platform. • Complete infrastructure control • A foundation API for communication • Remote execution, job management, state discovery • Control and view all aspects from one source, one medium • Salt is Simplicity • Salt is designed to be simple • Easy to set up, use, understand, and extend • Diving in is the right way to learn 3
  • 4. Founded on Remote Execution • The foundation of Salt is remote execution. Salt's unique remote execution system enables extremely fast and reliable remote control of systems • Remote Execution allows for server commands to be sent around an infrastructure • ZeroMQ topology enables powerful and high speed communication • Commands can be executed quickly and in parallel across large numbers of nodes to execute commands and gather information 4
  • 5. Not Just for Large Infrastructure • Salt can scale up or down as far as you need to go • Home networks • "Micro" networks – Arduino, Raspberry Pi, BeagleBone/BeagleBoard • "Dumb" devices – Switches, Routers – Coffee Makers – Sprinkler Systems 5 • Remote Services • Google Apps • Heroku • Gondor.IO • Anything with a REST api
  • 6. Remote Execution Examples salt -G 'os:Ubuntu' pkg.upgrade ! salt '*' pkg.install openssl refresh=True ! salt '*' service.restart apache ! salt '*' shadow.set_password root '$1$UY... 6
  • 7. State Examples /webroot/web: file.directory: - user: www-data - group: www-data - dir_mode: 2755 - file_mode: '0755' - makedirs: True 7 thorium_proj: git.latest: - rev: develop - name: git@github.com:saltstack/thorium - user: www-data - target: {{ thorium.venv.base }} - force: False - identity:deploy.key - require: - file: /webroot/web/.ssh/deploy.key !/webroot/web/.ssh/deploy.key: file.managed: - user: www-data - group: www-data - dir_mode: 0770 - mode: 0600 - source: salt://deploy.key - makedirs: True - replace: False
  • 8. Minion - to - Master Communication • Each minion runs a salt-minion process – Python runtime, average RSS 30 MB – Minions connect to master – Master controls minions 8 • What if devices we want to control can't spare 30 MB? • Enter the PROXY MINION
  • 9. What exactly IS a PROXY MINION??! A process forked from a regular salt-minion that has the sole purpose of talking to a device that cannot run a minion. 9
  • 10. GRU == salt-master Minion == salt-minion Minions == proxy-minion Car == Car == proxied device
  • 11. Where we are going eventually... salt datacenter-network state.highstate 11 Woohoo!!
  • 12. Aren't there other tools? • Web interface • ssh • The CLI tool that shall remain nameless
  • 13. Persistent Connection • Batch-load • Check • Commit ! • Ephemeral-connection oriented tools drop changes on disconnect. (oops) • Bootstrapping ssh connections over and over can be slow • Needed a persistent connection to overcome 13
  • 14.
  • 16. HOWTO • interface package 
 (/srv/salt/_proxy or site-packages/salt/proxy) • execution modules 
 (/srv/salt/_modules or site-packages/salt/modules) • grains 
 (/srv/salt/_grains or site-packages/salt/grains) 16
  • 17. Interface package • Python package that handles heavy-lifting for connection • Needs a class Proxyconn! – __init__! – proxytype! – id! – ping! – shutdown 17
  • 18. Execution Modules • Some "just work" • Some don't make sense • Some need lots of love • __proxyenabled__ 18
  • 19. Caveat Emptor • Process Management • Logging • No Masterless • Lots of things broken 19
  • 20. C. R. Oldham Platform Engineer SaltStack 20 https://joind.in/11037 cr@saltstack.com https://github.com/cro http://ncbt.org cro Email: GitHub: Blog: IRC: