Is your feature request related to a problem? Please describe.
Vmware acquired saltstack and "integrated" this product also into vra/aria automation.
Sadly the integration was mainly gui related.
Like most enterprise companies we have a segmentation between our customers and roles of several servers.
So this is going to be a problem when rolling out the minion.
Normally the required ports are open from client to server and the port is 4506/tcp mainly.
This would be no problem.
The problem is, that when you want to use the cloud template/blueprint when deploying a server and want to use the saltstack property to apply a state initially, the process wants to deploy the agent.
For that process the saltstack master needs to contact linux servers via ssh with a user and windows server via winrm on port 445/tcp. On windows additional configuration needs to be done. Winrm has to be configured on port 445/tcp.
These are two problems:
- We do not want to open the firewall temporarily from the master to the client for SSH or 445/tcp. We have a separate department that checks and opens every firewall port. So this is not an automatic process and also is not supposed to be. Also this is normal in an enterprise environment.
- We do not want to configure WinRM on port 445, although we know that we can reset that configuration afterwards in fear of a security hole or breaking SMB Connections.
Describe the solution you'd like
We want a process that rolls out the agent, in dependancy of the used environment. We have the full stack from vmware, so this would be possible. Also we want to have an initial state file applied when the agent gets deployed, like intended now, when using the saltstack property in the cloud template/blueprint.
Also we want to have the saltstack resource to appear in vra/aria automation like it is intended at the moment.
One possible process desing would be:
- vra deploys a blueprint.
- it mounts a source with the agent binaries (e.g. an iso on vsphere)
- via vmware tools in guest acion it installs the agent with parameters fitting the environment (saltstack master address/uri)
- vra then detects that the deployed server makes a request and is in pending state and applies it.
- The defined blueprint state will be applied
- Finish
Describe alternatives you've considered
Workarounds that were considered are like treating the saltstack master like it would be not integrated into vra were considered.
Also Ansible.
Please Note
If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.
Is your feature request related to a problem? Please describe.
Vmware acquired saltstack and "integrated" this product also into vra/aria automation.
Sadly the integration was mainly gui related.
Like most enterprise companies we have a segmentation between our customers and roles of several servers.
So this is going to be a problem when rolling out the minion.
Normally the required ports are open from client to server and the port is 4506/tcp mainly.
This would be no problem.
The problem is, that when you want to use the cloud template/blueprint when deploying a server and want to use the saltstack property to apply a state initially, the process wants to deploy the agent.
For that process the saltstack master needs to contact linux servers via ssh with a user and windows server via winrm on port 445/tcp. On windows additional configuration needs to be done. Winrm has to be configured on port 445/tcp.
These are two problems:
Describe the solution you'd like
We want a process that rolls out the agent, in dependancy of the used environment. We have the full stack from vmware, so this would be possible. Also we want to have an initial state file applied when the agent gets deployed, like intended now, when using the saltstack property in the cloud template/blueprint.
Also we want to have the saltstack resource to appear in vra/aria automation like it is intended at the moment.
One possible process desing would be:
Describe alternatives you've considered
Workarounds that were considered are like treating the saltstack master like it would be not integrated into vra were considered.
Also Ansible.
Please Note
If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.