Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Feature: 'ENC'/plugin enforced environments/custom SLS paths (multi-tenant support) #7556

rmt opened this Issue Oct 2, 2013 · 5 comments


None yet
4 participants

rmt commented Oct 2, 2013

As an extremely large scale user with a CMDB managing "what should be running where" across thousands of nodes with hundreds of unique applications managed by dozens of untrusted teams, I want to be able to dynamically specify and enforce the environment by specifying the fileserver plugin AND the node's environment on the Salt Master using an external script or plugin, so that I can properly isolate the applications and nodes from one another using an external authoritative source, as well as easily manage change control requirements of production nodes.

With puppet, this can be more or less achieved by using modulepath = /path/to/environments/$environment and specifying the environment in the Puppet ENC then managing these paths outside of Puppet.

It would be ideal if you could specify multiple paths (eg. a combination of formulae paths), as this would permit proper versioning of a single app's state and all of its dependencies.

Or maybe this could maybe be broken down into separate requirements:

  • Enforcing a node-specific environment server-side.
  • Dynamic environment support.
  • A custom fileserver to lookup files in the environments.
  • Optionally checking whether a node has access to an environment when it requests files. Optional because it'd be a performance hit and not required at every site.

basepi commented Oct 2, 2013

I think much of this is actually possible with the current environment functionality. Environments are one area where the documentation is pretty severely lacking. Let me ask around and figure out what of this is currently possible vs what needs to be implemented.

Thanks for filing this.

@basepi basepi modified the milestones: Helium, Hydrogen Release Feb 4, 2014

@basepi basepi modified the milestones: Approved, Helium Apr 21, 2014

tehmaspc commented Nov 7, 2014

@rmt @basepi - hey guys; so are we saying that dynamic environments ARE possible? I'm actually trying to vet Salt as our new solution and we definitely need dynamic environment capability. Per my understanding thus far environments are only handled via the top.sls file. Is it truly possible to do what @rmt is originally asking for or should I assume based on the state of this issue that this is still missing functionality from Salt?

Thanks very much!


tehmaspc commented Nov 7, 2014

Just came across Master Tops - looks like that is what I need.


bechtoldt commented Jan 26, 2015


basepi commented Jan 28, 2015

Yep, I think this can be closed because of master tops.

@basepi basepi closed this Jan 28, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment