[openstack-dev] Unified Guest Agent proposal

Monty Taylor mordred at inaugust.com
Sun Dec 8 06:09:08 UTC 2013



On 12/08/2013 07:36 AM, Robert Collins wrote:
> On 8 December 2013 17:23, Monty Taylor <mordred at inaugust.com> wrote:
>>
> 
>> I suggested salt because we could very easily make trove and savana into
>> salt masters (if we wanted to) just by having them import salt library
>> and run an api call. When they spin up nodes using heat, we could easily
>> have that to the cert exchange - and the admins of the site need not
>> know _anything_ about salt, puppet or chef - only about trove or savana.
> 
> Are salt masters multi-master / HA safe?
> 
> E.g. if I've deployed 5 savanna API servers to handle load, and they
> all do this 'just import', does that work?
> 
> If not, and we have to have one special one, what happens when it
> fails / is redeployed?

Yes. You can have multiple salt masters.

> Can salt minions affect each other? Could one pretend to be a master,
> or snoop requests/responses to another minion?

Yes and no. By default no - and this is protected by key encryption and
whatnot. They can affect each other if you choose to explicitly grant
them the ability to. That is - you can give a minion an acl to allow it
inject specific command requests back up into the master. We use this in
the infra systems to let a jenkins slave send a signal to our salt
system to trigger a puppet run. That's all that slave can do though -
send the signal that the puppet run needs to happen.

However - I don't think we'd really want to use that in this case, so I
think they answer you're looking for is no.

> Is salt limited: is it possible to assert that we *cannot* run
> arbitrary code over salt?

In as much as it is possible to assert that about any piece of software
(bugs, of course, blah blah) But the messages that salt sends to a
minion are "run this thing that you have a local definition for" rather
than "here, have some python and run it"

Monty



More information about the OpenStack-dev mailing list