How to interface salt proxy with OpenWRT

[Vivien FRENOT]

Hello there,

I'm working on http://docs.saltstack.com/en/latest/topics/topology/proxyminion/index.html but I don't have a lot's of knoledge on Python, so how can I interface a proxy minion with an OpenWRT AP (using PyUSB or any other module) ?

--

Vivien FRENOT

Administrateur Réseaux

Direction des systèmes d’information

École normale supérieure de Cachan
61, avenue du Président Wilson
94235 Cachan cedex
tél : 01 47 40 74 24

[C. R. Oldham]

Vivien,

Good morning!  How you would want to interface to your OpenWRT device depends on how powerful it is. If it has enough RAM and CPU you'll just want to run a salt-minion on it directly.

If it's a lower-powered device, that's when the proxy-minion would come into play.  Can you post specs of your WAP?

-- 

C. R. Oldham, Engineer, SaltStack

c...@saltstack.com

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Vivien FRENOT]

Hello

It's an UBNT PicoStation M²HP

System Information
Processor Specs:
Atheros MIPS 24KC, 400 MHz
Memory:
32 MB SDRAM, 8 MB Flash
Networking Interface:
(1) 10/100 Ethernet Port

On 28/04/2014 15:46, C. R. Oldham wrote:

[C. R. Oldham]

Vivien,

Yeah, you'll need the salt-minion.  There isn't out-of-the-box support for OpenWRT yet, though.  Give me a few days, I'll put something together that you can build on.

--cro

[Vivien FRENOT]

Hello,

Thank you Cro. I'm still working on our personnal OpenWRT binary, i'll include python-mini and pyUSB, and check if the WAP still work fine.

[Vivien FRENOT]

No news ?

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Adrian Lewis]

Hi C.R. / Vivien,

I don't suppose there has been any progress on this front has there? We're currently looking into using OpenWRT devices deployed to customer sites to run a variety of management functions and we need some form of config management for the devices themselves as well as potentially for managing other systems that the devices can see but that we can't directly (behind firewall with potentially overlapping IP ranges).

From my basic understanding of SaltStack, it appears that we could use a minion installed on the device with proxy support to handle much of this requirement but not being a developer myself, it's difficult for me to evaluate its potential or viability. I'm concerned that if we hire devs to try to implement this, they'll get stuck so while I'm not asking for a freebie, it would be great to know that someone has done something similar and that any major obstacles have been overcome. Much of my research so far has been purely about evaluating feasibility so I'd be very grateful to hear any news on this, no matter how trivial. If there's issues with CPU architecture/resources or RAM we're currently in a position to set these requirements for the hardware before mass-deployment.

Is this anything that you can help with?

Adrian

[C. R. Oldham]

I don't suppose there has been any progress on this front has there? We're currently looking into using OpenWRT devices deployed to customer sites to run a variety of management functions and we need some form of config management for the devices themselves as well as potentially for managing other systems that the devices can see but that we can't directly (behind firewall with potentially overlapping IP ranges).

Adrian,

If the CPE is beefy enough you can run a full minion there.  My concern was that typical consumer grade routers just don't have enough memory, and almost never have swap, so running out of memory is a bad thing[tm].  If you are talking about something hefty like a Netgear Nighthawk, which has a 1GHz processor and 256 MB of RAM, this could work fine.

 If there's issues with CPU architecture/resources or RAM we're currently in a position to set these requirements for the hardware before mass-deployment.

This is absolutely the best way to go.  Spec CPE that can run a minion--almost all your effort can be spent on selecting good hardware and making sure that OpenWRT has the packages you need.  You'll get all of Salt available on the minion (less some modules as they depend on some things being installed) as opposed to only what you could expose through the proxy.

Two caveats:  1. If you are committed to OpenWRT, Salt's package management support does not know about opkg (OpenWRTs package manager).  Building a bridge between the virtual package modules and opkg is easy.  2. Salt's network modules are pretty distro-specific.  You may need to roll your own depending on how much customer-side network manipulation you need to do.

On the speculation front, Salt is not yet 100% Python-3 compatible.  When it becomes so, I'll be investigating running it under MicroPython (http://micropython.org).  Since the RAET transport is almost 100% Python and the non-Python dependencies are pretty portable, I think that will be a viable target for running a minion.

--cro

[Dan Garthwaite]

salt-ssh is an option here - although you will still need python pkgs installed on openwrt