salt-proxy
on a remote minion. Specify all your master sideproxy (pillar) configuration and use this state to remotely configure proxies on oneor more minions.salt-proxy
processes.proxy_merge_grains_in_module
configuration variableintroduced in 2016.3, has been changed, defaulting to True
.alive
function and proxy_keep_alive
is set to True
. The polling interval is set using theproxy_keep_alive_interval
option which defaults to 1 minute.proxy_always_alive
,when designing a proxy module flexible enough to open theconnection with the remote device only when required.enumerate_proxy_minions
has been removed.add_proxymodule_to_opts
configuration variable defaults to False
in this release. This means if youhave proxymodules or other code looking in __opts__['proxymodule']
youwill need to set this variable in your /etc/salt/proxy
file, ormodify your code to use the __proxy__ injected variable.__proxyenabled__
directive now only applies to grains and proxy modulesthemselves. Standard execution modules and state modules are not preventedfrom loading for proxy minions.__proxyenabled__
directivesomewhat redundant in dynamic grains code. It is still required, but bestpractices for the __virtual__
function in grains files have changed. Itis now recommended that the __virtual__
functions check to make surethey are being loaded for the correct proxytype, example below:__opts__
dictionary is populated.__proxy__
, __salt__
, etc. are not available. Customgrains located in /srv/salt/_grains
and in the salt install grainsdirectory can now take a single argument, proxy
, that is identicalto __proxy__
. This enables patterns likeip
will contain the result of calling the get_ip()
functionin the proxymodule called proxymodulename
.initialized()
. Thisfunction should return True
if the proxy's init()
function has been successfullycalled. This is needed to make grains processing easier.grains
in the proxymodule, itwill be executed on proxy-minion startup and its contents will be merged withthe rest of the proxy's grains. Since older proxy-minions might have used othermethods to call such a function and add its results to grains, this is config-gatedby a new proxy configuration option called proxy_merge_grains_in_module
. Thisdefaults to True
in the 2017.7.0 release.salt://_proxy
. Proxy minions that need these moduleswill need to be restarted to pick up any changes. A corresponding utility function,saltutil.sync_proxymodules
, has been added to sync these modules to minions.salt-proxy
which takes mostly the same arguments that the standard Saltminion does with the addition of --proxyid
. This is the id that thesalt-proxy will use to identify itself to the master. Proxy configurations arestill best kept in Pillar and their format has not changed.ps
from thecommand line). Also, a full Salt minion is no longer required (though it isstill strongly recommended) on machines hosting proxies./srv/pillar/top.sls
/srv/pillar/net-device1.sls
/srv/pillar/net-device2.sls
/srv/pillar/net-device3.sls
/srv/pillar/i2c-device4.sls
/srv/pillar/i2c-device5.sls
/srv/pillar/433wireless-device6.sls
/srv/pillar/smsgate-device7.sls
--proxyid
set to the id to which you want the proxy to bind.It is possible for the proxy services to be spread acrossmany machines if necessary, or intentionally run on machines that need tocontrol devices because of some physical interface (e.g. i2c and serial above).Another reason to divide proxy services might be security. In more secureenvironments only certain machines may have a network path to certain devices._proxy
directory in your file_roots (default is /srv/salt/_proxy
.At a minimum a proxymodule object must implement the following functions:__virtual__()
: This function performs the same duty that it does for othertypes of Salt modules. Logic goes here to determine if the module can beloaded, checking for the presence of Python modules on which the proxy depends.Returning False
will prevent the module from loading.init(opts)
: Perform any initialization that the device needs. This isa good place to bring up a persistent connection to a device, or authenticateto create a persistent authorization token.initialized()
: Returns True if init()
was successfully called.shutdown()
: Code to cleanly shut down or close a connection toa controlled device goes here. This function must exist, but can contain onlythe keyword pass
if there is no shutdown logic required.ping()
: While not required, it is highly recommended that this function alsobe defined in the proxymodule. The code for ping
should contact thecontrolled device and make sure it is really available.alive(opts)
: Another optional function, it is used together with theproxy_keep_alive
option (default: True
). This function shouldreturn a boolean value corresponding to the state of the connection.If the connection is down, will try to restart (shutdown
followed by init
). The polling frequency is controlled usingthe proxy_keep_alive_interval
option, in minutes.grains()
: Rather than including grains in /srv/salt/_grains or inthe standard install directories for grains, grains can be computed andreturned by this function. This function will be called automaticallyif proxy_merge_grains_in_module
is set to True
in /etc/salt/proxy.This variable defaults to True
in the release code-named 2017.7.0.id()
function. 2015.8 and following don't usethis function because the proxy's id is required on the command line.kernel
,os
, and os_family
--all of these are forced to be proxy
for proxy-minions.proxy_functions
.It demonstrates how a grains function can take a single argument, which will beset to the value of __proxy__
. Dunder variables are not yet injected into Salt processesat the time grains are loaded, so this enables us to get a handle to the proxymodule so wecan cross-call the functions therein used to communicate with the controlled device.grains()
in the proxymodule itself. This might be useful if a proxymodule author wants to keepall the code for the proxy interface in the same place instead of splitting it betweenthe proxy and grains directories.proxy_merge_grains_in_module
is set to True in the proxy configuration file(default /etc/salt/proxy
). This variable defaults to True
in therelease code-named 2017.7.0.__proxyenabled__
directive controlledloading of all Salt modules for proxies (e.g. grains, execution modules, statemodules). From 2016.3 on, the only modules that respect __proxyenabled__
are grains and proxy modules. These modules need to be told which proxy theywork with.__proxyenabled__
is a list, and can contain a single '*' to indicatea grains module works with all proxies.salt/grains/rest_sample.py
:ssh_sample
.init()
method is responsible for connection setup. It uses the host
, username
and password
config variables defined in the pillar data. The prompt
kwarg can be passed to SSHConnection
if your SSH server's prompt differs from the example's prompt (Cmd)
. Instantiating the SSHConnection
class establishes an SSH connection to the ssh server (using Salt VT).package_*
methods use the SSH connection (established in init()
) to send commands out to the SSH server. The sendline()
method of SSHConnection
class can be used to send commands out to the server. In the above example we send commands like pkg_list
or pkg_install
. You can send any SSH command via this utility.sendline()
is a tuple of strings representing the stdout and the stderr respectively. In the toy example shown we simply scrape the output and convert it to a python dictionary, as shown in the parse
method. You can tailor this method to match your parsing logic.shutdown
method is responsible for calling the close_connection()
method of SSHConnection
class. This ends the SSH connection to the server.