salt-minion and http_proxy
238 views
Skip to first unread message
Rainer Krienke
May 25, 2022, 4:13:25 AM5/25/22
to Salt-users
Hello,
I have several hosts where I would like to run salt-minion on. However
the problem is these hosts have no direct network access to the salt
master because they are in a unrouted "private" network say "X".
One way for those hosts would be to use a http proxy (tinyproxy) say
myproxy.mydomain that has one networkinterface in network X and another
interface in the network "Y" where salt master is running. This way the
machines in Network X do run eg apt update and apt upgrade because the
proxy can be used by apt to reach external update repositories. This
works just fine.
On the salt client side I found in /etc/salt/minion the variables
"proxy_host" and "proxy_port" and tried to use them:
proxy_host=myproxy.mydomain
proxy_port=8080
Next I started salt-minion but the minion complains that it cannot
contact the master and I also do not see any message that the configured
proxy myproxy.mydomain is accessed when starting the salt-minion. So it
seems setting proxy_host and proxy_port do have no effect on the
salt_minion trying to reach the master.
Do the proxy-settings have a different meaning? How can I make
salt-minion to communicate to the master via a proxy?
I have several hosts where I would like to run salt-minion on. However
the problem is these hosts have no direct network access to the salt
master because they are in a unrouted "private" network say "X".
One way for those hosts would be to use a http proxy (tinyproxy) say
myproxy.mydomain that has one networkinterface in network X and another
interface in the network "Y" where salt master is running. This way the
machines in Network X do run eg apt update and apt upgrade because the
proxy can be used by apt to reach external update repositories. This
works just fine.
On the salt client side I found in /etc/salt/minion the variables
"proxy_host" and "proxy_port" and tried to use them:
proxy_host=myproxy.mydomain
proxy_port=8080
Next I started salt-minion but the minion complains that it cannot
contact the master and I also do not see any message that the configured
proxy myproxy.mydomain is accessed when starting the salt-minion. So it
seems setting proxy_host and proxy_port do have no effect on the
salt_minion trying to reach the master.
Do the proxy-settings have a different meaning? How can I make
salt-minion to communicate to the master via a proxy?
Thanks
Rainer
Phipps, Thomas
May 25, 2022, 11:07:47 AM5/25/22
to salt-...@googlegroups.com
proxy settings are for http connections, not the pub and req ports. honestly you wouldn't be able to use standard proxy connections to connect to a master. generally it is best to have a master in the subnet that a minion is in. or have a vpn connection to the same subnet.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/CAOGk0mQgG8f5FQjxwMcchdMU3r%2BnnFU7BwF%3DeeE2fP6ojdST1w%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages