Controlling multiple devices via one proxy.

[rajvidhimar]

Hi,
This is more of a feature request rather than a bug. Currently,I am working with junos proxy and I noticed that only one device will be connected by one salt-proxy call. To run 100 proxied devices we would need to start 100 different proxy processes.

If I define my pillars like this:
/srv/pillar/top.sls

'salt_proxy':
  - device1
  - device2
  - device3

/srv/pillar/device1.sls

proxy:
  proxytype: junos
  host: xxxx
  username: xxxx
  passwd: xxxx

...and so on for device2 and device3.
When I execute the following command on my proxy minion:
salt-proxy --proxyid=salt_proxy

All the 3 devices are connected. This way would make more sense than starting up multiple proxy processes.The proxy script can handle that internally.

[Ch3LL]

ping @cro do you think this is possible to implement? My knowledge of salt proxy is lacking so wanted to get your opinion. Thanks

[cro]

If this works, then it is by accident. Because proxy minions are intended
to behave like minions, each separate controlled device should have a
unique ID (just like each minion has a unique ID). That unique ID enables
grains, targeting, and other Salt functionality so proxies don't diverge
significantly from regular minion operations.

There is a state that was created to help manage multiple proxy processes:

https://docs.saltstack.com/en/latest/topics/proxyminion/state.html

Note that pillar and state files can be templated with Jinja, so if you
have many devices you can enclose their definitions in a Jinja for-loop.

On Mon, Jun 20, 2016 at 2:26 PM, Megan Wilhite notifications@github.com
wrote:

ping @cro https://github.com/cro do you think this is possible to
implement? My knowledge of salt proxy is lacking so wanted to get your
opinion. Thanks

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#34132 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAFFe6pyXPpSoUjLbT6WRdtG4hFEcBK2ks5qNvdpgaJpZM4I5r4Q
.

--cro
C. R. Oldham, Platform Engineer, SaltStack
cr@saltstack.com / 801-564-4673

[vnitinv]

Hi @cro As one Proxy consumes upto 40-70MB, running multiple proxy per device has cascading impact. If a single proxy can connect to multiple devices, that won't increase CPU cycle that much.

In above link provided by you, I don't see any state that was created to help manage multiple proxy processes.

@mirceaulinic I saw sometime back someone posting a query on the same topic and you suggesting to use the device with CPU size as per usage. Can you link that issue here? I am not able to find that.

If we can have something like:

cat mx.sls

proxy:
  proxytype: junos
  host: 10.209.16.145, 10.210.40.26, 10.9.23.27
  username: xxxx
  passwd: xxxx

where I can provide a list of multiple hosts. vendor code can take care of this, if support by salt.

any thoughts.

[mirceaulinic]

Yes, there are some serious memory leaking issues going on with SSH-based proxies (and any kind of minions having multiprocessing: false). The issue I raised some time ago is: #38990, but I didn't update just yet with some details I shared in private with @cro. Probably I should put more details into that ticket.

My opinion is that having a field configured as a CSV is a very bad idea. This might work in your particular case, but it won't be the same with others. One of the obvious reasons is that you may want different set of params depending on the device (i.e. you login into 10.209.16.145 using the username nitin, while on 10.210.40.26 you authenticate using juniper, and many other examples like that).

I believe the format under the proxy shouldn't be any different, but we should be working on starting up a different flavour of process, a single process that being said, that manages all your proxy minions.

[triple-it]

What is the status of this feature request?
Is it possible to have 1 proxy handling multiple devices?

[cro]

It is not possible currently to have 1 proxy handling multiple devices.

[mirceaulinic]

FWIW, it is now possible to handle multiple devices with 0 proxies: https://groups.google.com/forum/#!topic/salt-users/j94A41jnOGc HTH!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

[vnitinv]

@cro @michaelrice I understand connecting different boxes under one proxy is a bad idea.

But can proxy themself maintain multiple connections (pool) to same device, this we need to load balance multiple calls (when many calls reach at once time, due to 1st taking longer time all other calls gets timedout). I can pick any available connections to pass on incoming requests.

keep_alive, ping should be handled by the proxy owner
let say user pass variable called connection_pool: 3 where 3 is a number of connection to the same device.

Or is there any better way to achieve it.

[stale]

Thank you for updating this issue. It is no longer marked as stale.

[cro]

This is possible, though there is no generic support that would support all existing proxymodules. In the proxymodule you can define a connection pool and manage it however you want there.