SaltStack Enterprise ships with support for controlling Hewlett-Packard Enterprise hardware via the OneView API. This document covers enabling this integration to work with your infrastructure.
The integration takes the form of a "proxy" Salt Minion–a process that looks and acts like a minion to a Salt Master, but does not control a specific server. Instead it controls a different kind of device that cannot run a regular Salt Minion. Salt ships with proxy modules for a number of different devices including network equipment and REST APIs.
These instructions assume that you have a SaltStack Enterprise license and that your Salt Master has the SaltStack Enterprise API Extensions installed. See the appendix at the end of this document for further instructions should the Salt Master that will control the proxy minion is not connected to SaltStack Enterprise.
First, select a machine that will run the OneView proxy. This can be the same machine as your Salt Master, or another machine in your infrastructure. Whatever machine is selected needs to have network access to the OneView API endpoint (typically HTTPS on port 443), the Salt Master (ZeroMQ protocol on ports 4505 and 4506 or TCP Transport on port 443), and the SaltStack Enterprise server (also HTTPS on port 443 if so configured).
/etc/salt/proxy you must have at least a directive indicating where the Salt Master is located, as in this example:
The other required proxy configuration can be accomplished through Salt's Pillar mechanism, or in the proxy's configuration file on the machine. The configuration format is the same for both mechanisms.
The proxy requires the following keys in the configuration:
proxymodule: should always have the value
host: The IP address or domain name of the OneView instance
username: A valid OneView username
password: Password corresponding to the OneView username
sse_url: URL for the SaltStack Enterprise server
sse_username: A valid SaltStack Enterprise user
sse_password: Password for the SSE user
Other valid configuration options are:
- domain: Active Directory domain for when the OneView user is part of AD.
- port: TCP port for OneView instance if other than 443
An example configuration block for
/etc/salt/proxy would be:
proxy: proxymodule: hpeov host: oneview.internal.corporate.net username: oneview_user password: supersekrit sse_url: https://saltstackenterprise.internal.corporate.net sse_username: restricted_user sse_password: evenmoresekrit
This same block could be placed in a pillar file, and could then be referenced in the Salt Master's pillar top file like so:
base: 'oneview': - proxyconfig
This would tell Salt that the minion named
oneview should get the values found in
/srv/pillar/proxyconfig.sls, assuming pillar locations are left at their defaults.
sse_password parameters are for a user in SaltStack Enterprise. A connection to SSE is made at startup as this user to verify licensing. This user can be an extremely limited-rights user. If desired, a SaltStack Enterprise role can be setup that contains a single permissions entry. The
LICENSE.READ permission was created specifically for this purpose.
Next, ensure the proxy minion host has the following libraries for Python version 2.7.5+ installed:
hpOneView, version 3.3.0
amqp, version 1.4.9
Start the proxy minion on that machine with
salt-proxy -l debug --proxyid=<desired minion name>
On the Salt Master, verify that a key has been requested by the proxy, and accept that key if it is correct:
# salt-key [...] minion2 minion3 <desired minion name> [...] # salt-key -a <desired minion name>
Then attempt to ping the proxy.
Test.ping makes a full connection to the OneView API and verifies that it is responding.
# salt <desired minion name> test.ping <desired minion name>: True
Next verify that you can retrieve server names from the API:
# salt <desired minion name> hpeov.get_server_names <desired minion name>: - Server01 - Blade02 - [...]
After you have verified that the proxy minion is responding, you can stop salt-proxy with ^C and restart it by configuring a systemd unit or other
Documentation for valid execution module functions can be retrieved with:
# salt <desired minion name> sys.doc hpeov
Documentation for valid state functions can be retrieved with:
# salt <desired minion name> sys.doc state.hpeov
State-Change Message Bus Bridge
Activity in a OneView environment is communicated over an event bus called the State-Change Message Bus. This integration contains a Salt engine that bridges the SCMB to the Salt event bus so Salt reactors can be written to perform Salt operations in respond to changes in hardware.
To activate the engine, add the following to
engines: - hpeov
Events from OneView will then show up on the Salt event bus with the tag
Running the integration on Salt Masters without the SSE API Extensions installed
Attached to this Knowledge Base article is a Salt Package (spm). Use Salt's
spm tool to install this on the Salt Master to which the OneView Proxy Minion will be connected. On startup, the proxy minion will retrieve the files that it needs. Ensure that the additional required Python libraries (see top of this article) are installed on this machine also.