Configuring the HPE OneView Proxy Minion
Overview
SaltStack Enterprise ships with support for controlling Hewlett-Packard Enterprise hardware via the OneView API. This document covers enabling this integration to work with your infrastructure.
The integration takes the form of a "proxy" Salt Minion–a process that looks and acts like a minion to a Salt Master, but does not control a specific server. Instead it controls a different kind of device that cannot run a regular Salt Minion. Salt ships with proxy modules for a number of different devices including network equipment and REST APIs.
These instructions assume that you have a SaltStack Enterprise license and that your Salt Master has the SaltStack Enterprise API Extensions installed. See the appendix at the end of this document for further instructions should the Salt Master that will control the proxy minion is not connected to SaltStack Enterprise.
Configuration
First, select a machine that will run the OneView proxy. This can be the same machine as your Salt Master, or another machine in your infrastructure. Whatever machine is selected needs to have network access to the OneView API endpoint (typically HTTPS on port 443), the Salt Master (ZeroMQ protocol on ports 4505 and 4506 or TCP Transport on port 443), and the SaltStack Enterprise server (also HTTPS on port 443 if so configured).
In /etc/salt/proxy
you must have at least a directive indicating where the Salt Master is located, as in this example:
The proxy requires the following keys in the configuration:
proxymodule
: should always have the valuehpeov
host
: The IP address or domain name of the OneView instanceusername
: A valid OneView usernamepassword
: Password corresponding to the OneView usernamesse_url
: URL for the SaltStack Enterprise serversse_username
: A valid SaltStack Enterprise usersse_password
: Password for the SSE user
Other valid configuration options are:
- domain: Active Directory domain for when the OneView user is part of AD.
- port: TCP port for OneView instance if other than 443
An example configuration block for /etc/salt/proxy
would be:
The sse_username
and sse_password
parameters are for a user in SaltStack Enterprise. A connection to SSE is made at startup as this user to verify licensing. This user can be an extremely limited-rights user. If desired, a SaltStack Enterprise role can be setup that contains a single permissions entry. The LICENSE.READ
permission was created specifically for this purpose.
Next, ensure the proxy minion host has the following libraries for Python version 2.7.5+ installed:
hpOneView
, version 3.3.0amqp
, version 1.4.9
Startup
Start the proxy minion on that machine with
On the Salt Master, verify that a key has been requested by the proxy, and accept that key if it is correct:
Then attempt to ping the proxy. Test.ping
makes a full connection to the OneView API and verifies that it is responding.
Documentation
Documentation for valid execution module functions can be retrieved with:
State-Change Message Bus Bridge
Activity in a OneView environment is communicated over an event bus called the State-Change Message Bus. This integration contains a Salt engine that bridges the SCMB to the Salt event bus so Salt reactors can be written to perform Salt operations in respond to changes in hardware.
To activate the engine, add the following to /etc/salt/proxy
:
Running the integration on Salt Masters without the SSE API Extensions installed
Attached to this Knowledge Base article is a Salt Package (spm). Use Salt's spm
tool to install this on the Salt Master to which the OneView Proxy Minion will be connected. On startup, the proxy minion will retrieve the files that it needs. Ensure that the additional required Python libraries (see top of this article) are installed on this machine also.