[FEATURE REQUEST]Saltstack integration in vra/aria automation #63344
Comments
lehbot
added
Feature
|
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
|
You should make this request via your Enterprise support. The Salt Open community has no control over how VMWare integrates its products. |
|
Hey, |
|
It seems to be a feature request for VRA not for Salt, so I'm not sure why they'd want that. I have no idea how VRA works, but can't you create new VMs that will install salt-minion themselves, or already have it installed? Then all you need is automated key acceptance, which is available e.g. by trusting a custom grain on the minion, or you can also automate it with a reactor I think. There also might be an option in salt-cloud that doesn't use SSH? |
|
Yes, but this goes beyond the integration into vra itself. This would be like having salt in any environment and we would to use the benefits of the integration between vra and saltstack. This is what i would expect when a vendor says "look, we have integrated product x into product y". |
|
There is now a Salt resource in vRA that you can use in your blueprint, @lehbot Have you tried it yet? I think we can close this issue now. |
Hi, since when is this feature implemented? |
|
It's been available for several months. I don't know which release was first. When you're creating your blueprint you can add a Salt resource and set various values like grains and sls files to apply to the minion. |
|
@lehbot I think this doc should help you get started with it. |
The thing is how VMware integrated Saltstack into vra. The integration is the GUI only. You have temporarily open ports so the agent gets deployed. That is not a good idea because in enterprise environments you have a firewall everywhere, which leads to my problems in my initial post: These are two problems: We do not want to open the firewall temporarily from the master to the client for SSH or 445/tcp. We have a separate department that checks and opens every firewall port. So this is not an automatic process and also is not supposed to be. Also this is normal in an enterprise environment. |
|
The salt-minion is part of vmtools now, as well. |
Interesting. Do you have an article about that? |
Is your feature request related to a problem? Please describe.
Vmware acquired saltstack and "integrated" this product also into vra/aria automation.
Sadly the integration was mainly gui related.
Like most enterprise companies we have a segmentation between our customers and roles of several servers.
So this is going to be a problem when rolling out the minion.
Normally the required ports are open from client to server and the port is 4506/tcp mainly.
This would be no problem.
The problem is, that when you want to use the cloud template/blueprint when deploying a server and want to use the saltstack property to apply a state initially, the process wants to deploy the agent.
For that process the saltstack master needs to contact linux servers via ssh with a user and windows server via winrm on port 445/tcp. On windows additional configuration needs to be done. Winrm has to be configured on port 445/tcp.
These are two problems:
Describe the solution you'd like
We want a process that rolls out the agent, in dependancy of the used environment. We have the full stack from vmware, so this would be possible. Also we want to have an initial state file applied when the agent gets deployed, like intended now, when using the saltstack property in the cloud template/blueprint.
Also we want to have the saltstack resource to appear in vra/aria automation like it is intended at the moment.
One possible process desing would be:
Describe alternatives you've considered
Workarounds that were considered are like treating the saltstack master like it would be not integrated into vra were considered.
Also Ansible.
Please Note
If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.
The text was updated successfully, but these errors were encountered: