I understand what a "syndic" is used for ... but wanted to confirm in
reality how it operates, and if the following relationship and that my
expectations are inline with the methodology.
We have a relatively decent sized OpenStack cloud, with a number of
Domain/Projects (tenants). We do not allow access to VMs in a project via
Floating IPs for general access. We do not expose access to the VMs via a
private network. A projects VMs are completely isolated. Instead, we
instantiate a "bastion" host that has a Floating IP attached, and that's
the jump point to reach all of a projects resources. Projects to get
Floating IPs for "service endpoints", (e.g. whatever service their project
provides to the "outside world").
Since we don't have direct access to the internal VMs from outside of the
cloud (without altering/adding new plumbing...), I was thinking of using a
Syndic on the bastion host. In this case, the relationship would be like:
outside cloud --> salt master
outside cloud --> salt minions: talk to salt master above
cloud edge --> "bastion" host: runs salt syndic, communicating with salt
inside cloud --> salt minions: connect to syndic on "bastion" host
In this case, I then (should) gain the ability to
query/command/control/etc. the minions inside the cloud, via the Syndic.
Any thoughts, gotchas, or considerations I should take in terms of doing
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.
For more options, visit https://groups.google.com/d/optout.