Managing Salt Minions on Microsoft Azure with SUSE Manager
Public cloud is a major player in Enterprise IT. With many companies looking to downsize their on-prem environments to cut down on DC rental costs, solutions like Microsoft Azure, Amazon AWS, and Google Compute Engine are helping these companies cut those costs without lowering their ability to run their workloads.
But not everything lives on the cloud.
When it comes to sensitive information, these companies want to make sure their data stays in-house. So they move their non-sensitive workloads to public clouds and keep the sensitive ones on-prem, creating two distinct environments with different requirements in terms of patching, security, and compliance.
So how will they manage their Linux living both on-prem and in the public cloud?
The answer is – Very easily with SUSE Manager.
Combining grouping with the ability to assign different admins to those groups, one can quickly, and effectively manage both environments, run audits, patch systems, and assign salt states. All from an on-prem SUSE Manager.
Recently, I addressed just that – managing Linux instances on Microsoft Azure using an on-prem SUSE Manager. Obviously, since the instances are residing on a foreign network where your control is limited, there are some considerations to take in.
First, you need to make sure that the proper ports are open, second, you need to bootstrap the clients with SUSE Manager, and lastly, you need to make sure the Salt Minions communicate regularly with their Master – the SUSE Manager.
An issue I came across was the Salt Minion losing connection. After a little while, the SUSE Manager wouldtry to get information to and from the Minion and would return a “not connected”. Running a test.ping would do the same. The connection was getting interrupted somehow and the only way to get it back was to restart the salt-minion service.
With help from a colleague, I added a config for the message queue that included the following:
We pushed this out to our clients as a Salt State.
I noticed that didn’t stop the minion from “hanging” so I dug a bit deeper and found a couple lines in the minion config file which I uncommented and edited as such:
That made sure the minion didn’t stop and I could always get a True return from salt ‘instance’ test.ping
With those edits done, the minions were communicating happily. I was able to push updates, run CVE audits, assign States, and do everything I can do with my on-prem Linux instances.
Staying on top of patches, and staying compliant when using on-prem and cloud environements together doesn’t have to be difficult.
SUSE Manager can be your one tool for both.