[Deepsea-users] Antw: Re: Deepsea dependency on salt-minion?

Jan Fajerski jfajerski at suse.com
Thu Jan 19 04:12:28 MST 2017


On Thu, Jan 19, 2017 at 03:40:36AM -0700, Martin Weiss wrote:
>   If you do a "mistake" in targeting - you end up with "killing" the
>   master.
>   This is also the reason why SUMA servers per default to not patch or
>   configure "themselves"..
>   Could you give more details why we need a minion on the salt-master for
>   "key management"? Is this just for the ceph-keys or for ssh keys etc?
>   Salt should also be able to do any file management on remote minions
>   without requiring a minion on the master... (even getting the keys from
>   an other "remote" minion.)
Talking about cephx keys only. What we gain is that we never leak keys to 
minions that have more privileges then the daemon on that host needs. I.e. the 
admin key is only needed on the master (and admin nodes of course) but not on 
OSDs for example.
Otherwise one needs a privileged key on, say an OSD node to authorize the OSD 
key.
So its not an issue of managing files but the way salt manages files in 
interaction with the cephx tools.
>   Martin
>   On Thu, Jan 19, 2017 at 03:03:52AM -0700, Martin Weiss wrote:
>   >   Hi *,
>   >   I had expected that Deepsea needs to be installed on the
>   salt-master -
>   >   but have seen that there is a dependency on salt-minion.
>   >   Any idea why we have this dependency?
>   Yes DeepSea needs a minion on the master machine. This is most
>   importantly used
>   for key management.
>   >   (there are customers that do not want to have the salt-master to be
>   a
>   >   salt-minion at the same point in time)
>   Did the customer mention why they have an issue with that?
>   >   Thanks,
>   >   Martin
>   >_______________________________________________
>   >Deepsea-users mailing list
>   >Deepsea-users at lists.suse.com
>   >[1]http://lists.suse.com/mailman/listinfo/deepsea-users
>   --
>   Jan Fajerski
>   Engineer Enterprise Storage
>   SUSE Linux GmbH
>   jfajerski at suse.com
>   _______________________________________________
>   Deepsea-users mailing list
>   Deepsea-users at lists.suse.com
>   [2]http://lists.suse.com/mailman/listinfo/deepsea-users
>
>References
>
>   1. http://lists.suse.com/mailman/listinfo/deepsea-users
>   2. http://lists.suse.com/mailman/listinfo/deepsea-users

>_______________________________________________
>Deepsea-users mailing list
>Deepsea-users at lists.suse.com
>http://lists.suse.com/mailman/listinfo/deepsea-users


-- 
Jan Fajerski
Engineer Enterprise Storage
SUSE Linux GmbH
jfajerski at suse.com


More information about the Deepsea-users mailing list