Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Controlling multiple devices via one proxy. #34132

Closed
rajvidhimar opened this issue Jun 20, 2016 · 14 comments
Closed

Controlling multiple devices via one proxy. #34132

rajvidhimar opened this issue Jun 20, 2016 · 14 comments
Assignees
Labels
Pending-Discussion
Milestone

Comments

@rajvidhimar
Copy link
Contributor

@rajvidhimar rajvidhimar commented Jun 20, 2016

Hi,
This is more of a feature request rather than a bug. Currently,I am working with junos proxy and I noticed that only one device will be connected by one salt-proxy call. To run 100 proxied devices we would need to start 100 different proxy processes.

If I define my pillars like this:
/srv/pillar/top.sls

'salt_proxy':
  - device1
  - device2
  - device3

/srv/pillar/device1.sls

proxy:
  proxytype: junos
  host: xxxx
  username: xxxx
  passwd: xxxx

...and so on for device2 and device3.
When I execute the following command on my proxy minion:
salt-proxy --proxyid=salt_proxy

All the 3 devices are connected. This way would make more sense than starting up multiple proxy processes.The proxy script can handle that internally.

@Ch3LL
Copy link
Contributor

@Ch3LL Ch3LL commented Jun 20, 2016

ping @cro do you think this is possible to implement? My knowledge of salt proxy is lacking so wanted to get your opinion. Thanks

@Ch3LL Ch3LL added the Pending-Discussion label Jun 20, 2016
@Ch3LL Ch3LL added this to the Blocked milestone Jun 20, 2016
@cro
Copy link
Member

@cro cro commented Jun 20, 2016

If this works, then it is by accident. Because proxy minions are intended
to behave like minions, each separate controlled device should have a
unique ID (just like each minion has a unique ID). That unique ID enables
grains, targeting, and other Salt functionality so proxies don't diverge
significantly from regular minion operations.

There is a state that was created to help manage multiple proxy processes:

https://docs.saltstack.com/en/latest/topics/proxyminion/state.html

Note that pillar and state files can be templated with Jinja, so if you
have many devices you can enclose their definitions in a Jinja for-loop.

On Mon, Jun 20, 2016 at 2:26 PM, Megan Wilhite notifications@github.com
wrote:

ping @cro https://github.com/cro do you think this is possible to
implement? My knowledge of salt proxy is lacking so wanted to get your
opinion. Thanks


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#34132 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAFFe6pyXPpSoUjLbT6WRdtG4hFEcBK2ks5qNvdpgaJpZM4I5r4Q
.

--cro
C. R. Oldham, Platform Engineer, SaltStack
cr@saltstack.com / 801-564-4673

@vnitinv
Copy link
Contributor

@vnitinv vnitinv commented Sep 22, 2017

Hi @cro As one Proxy consumes upto 40-70MB, running multiple proxy per device has cascading impact. If a single proxy can connect to multiple devices, that won't increase CPU cycle that much.

In above link provided by you, I don't see any state that was created to help manage multiple proxy processes.

@mirceaulinic I saw sometime back someone posting a query on the same topic and you suggesting to use the device with CPU size as per usage. Can you link that issue here? I am not able to find that.

If we can have something like:

cat mx.sls

proxy:
  proxytype: junos
  host: 10.209.16.145, 10.210.40.26, 10.9.23.27
  username: xxxx
  passwd: xxxx

where I can provide a list of multiple hosts. vendor code can take care of this, if support by salt.

any thoughts.

@mirceaulinic
Copy link
Member

@mirceaulinic mirceaulinic commented Sep 22, 2017

Yes, there are some serious memory leaking issues going on with SSH-based proxies (and any kind of minions having multiprocessing: false). The issue I raised some time ago is: #38990, but I didn't update just yet with some details I shared in private with @cro. Probably I should put more details into that ticket.

My opinion is that having a field configured as a CSV is a very bad idea. This might work in your particular case, but it won't be the same with others. One of the obvious reasons is that you may want different set of params depending on the device (i.e. you login into 10.209.16.145 using the username nitin, while on 10.210.40.26 you authenticate using juniper, and many other examples like that).

I believe the format under the proxy shouldn't be any different, but we should be working on starting up a different flavour of process, a single process that being said, that manages all your proxy minions.

@triple-it
Copy link

@triple-it triple-it commented Jun 21, 2018

What is the status of this feature request?
Is it possible to have 1 proxy handling multiple devices?

@cro
Copy link
Member

@cro cro commented Jun 28, 2018

It is not possible currently to have 1 proxy handling multiple devices.

@mirceaulinic
Copy link
Member

@mirceaulinic mirceaulinic commented Jun 20, 2019

FWIW, it is now possible to handle multiple devices with 0 proxies: https://groups.google.com/forum/#!topic/salt-users/j94A41jnOGc HTH!

@stale
Copy link

@stale stale bot commented Jan 8, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

@stale stale bot added the stale label Jan 8, 2020
@vnitinv
Copy link
Contributor

@vnitinv vnitinv commented Jan 8, 2020

@cro @michaelrice I understand connecting different boxes under one proxy is a bad idea.

But can proxy themself maintain multiple connections (pool) to same device, this we need to load balance multiple calls (when many calls reach at once time, due to 1st taking longer time all other calls gets timedout). I can pick any available connections to pass on incoming requests.

keep_alive, ping should be handled by the proxy owner
let say user pass variable called connection_pool: 3 where 3 is a number of connection to the same device.

Or is there any better way to achieve it.

@stale
Copy link

@stale stale bot commented Jan 8, 2020

Thank you for updating this issue. It is no longer marked as stale.

@stale stale bot removed the stale label Jan 8, 2020
@cro
Copy link
Member

@cro cro commented Jan 8, 2020

This is possible, though there is no generic support that would support all existing proxymodules. In the proxymodule you can define a connection pool and manage it however you want there.

@sagetherage
Copy link
Collaborator

@sagetherage sagetherage commented Jan 23, 2020

@vnitinv does this get you what you need and we can close the ticket or do you need more information or have more questions?

@sagetherage sagetherage self-assigned this Jan 23, 2020
@sagetherage
Copy link
Collaborator

@sagetherage sagetherage commented Jan 23, 2020

Assigning myself for any needed follow up

@vnitinv
Copy link
Contributor

@vnitinv vnitinv commented Jan 23, 2020

I am good for now, will try to handle this in our module itself as suggested by @cro
Please go ahead and close the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Pending-Discussion
Projects
None yet
Development

No branches or pull requests

7 participants