Salt Internals, connections from master to minion
I just have a question I can't figure out about saltstack. It concerns the mater and the minion configuration.
Salt is even driven, but the documention says (and it works) we should only open port on the master, and that event are received on the master.
However it seems a little ambiguous as the salt command is run from master to execute task on minions. But I'm unsuccessfuly trying to understand how the master does that, and I can't a clear documention about it.
And we also have these statements in salt documention architechure :
More Salt Master facts:
- Job publisher with pub/sub and reply channel;
- Two open ports on master (default 4505 / 4506);
- Salt Mine stores the most recent miniondata, cached data is visible to other minions;
- Salt Syndic passes jobs from a higher master for hierarchal system management;
- Multi-master for SaltStack high availability.
and this
- More Salt Minion facts: Listens and receives jobs from a remote Salt Master;
- Creates and reports compressed events (job results, system alerts) to the Salt Master;
- No open ports, not chatty;
- Shares data with other Salt Minions via the peer system;
- Returners deliver minion data to any system (Salt Master by default) that can receive the data.
I've highlighted what is ambiguous for me in the attached screenshot.
The question beeing how can we say the no port is to be opened on the minions and also say minions are listerning from master? Minions listen on what? To what?
Thanks for clarifications.
Good question here. By default, Salt uses a zmq pub/sub interface. So there is a slight mismatch between what's literally happening on the network and most people's mental model of how Salt works.
The zmq connection just needs those 2 ports on the Salt master to allow for the pub/sub interface to work. The minion reaches out to the master on pub port. Zmq just handles all the necessary network communication for you. The Salt Master "publishes" jobs on the pub port.
As far as a mental model of how Salt works, it's helpful to think of the minion "listening" on the pub port and executing commands when the Salt Master publishes a job on the pub port when the minion matches the job target.
- Unable to import custom libs in salt module
- Unable to access default grains data in custom grains
- salt pkgrepo.managed appending a new line on every run
- Why is this commit that sets the RSA public exponent to 1 problematic?
- How to refresh grain data in saltstack
- Use multiple statements in the same Jinja block {% ... %}
- How can I recursively filter config data using Salt Jinja2 template
- Unable to get pillars in salt runner
- Creating cronjobs with saltstack from a file
- Issues with rsync.synchronized in SaltStack Not Syncing Directory Content
- Saltstack passing character Escaping backslash and doublequotes for cronjobs Variables
- Salt SLS remove last octect of IP address from grain
- Access argument from command line
- How to restart a systemd service with salt?
- SaltStack : is it possible to apply states on the master and if so, how?
- Why do these SaltStack functions have different output?
- Reload nginx config from salt state, only if the configtest passes
- salt-master very slow when large number of files are in file_roots
- Side-by-side configuration error on Windows
- Salt - Unable to install Powershell modules remotely
- Assigning and working with server variables in a Salt State
- Creating a Salt state that will be executed upon minion connection
- Why isn't salt-api working with this configuration?
- How to merge base values into grains.filter_by?
- How to run a cmd in Windows with Admin priviledges in Salt
- Handle "Jinja variable list object has no element 0" Error or circumvent it
- Can't restrict API access by positional args via external_auth SaltStack
- After the first reload: "nginx: [error] open() "/var/run/nginx.pid" failed (2: No such file or directory)"
- Declaring Jinja variable in Salt state returns error: Jinja syntax error: expected token ',', got 'java'
- How to pass variable from orchestration into minion state?