Startseite Erkunden Hilfe
Registrieren Anmelden
nee2c
/
salt
Mirror von https://github.com/nee2c/salt.git
1
0
Fork 0
Dateien Issues 0 Wiki
Branch: hotfix/2019.2.3
Branches Tags
salt
/
doc
/
topics
/
transports
/
raet
/
index.rst

index.rst 5.1 KB
Permalink Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. .. _raet:
    2. 

  2. 

  3. ==================
    4. 

  4. The RAET Transport
    5. 

  5. ==================
    6. 

  6. 

  7. .. note::
    8. 

  8. 

  9.     The RAET transport is in very early development, it is functional but no
    10. 

  10.     promises are yet made as to its reliability or security.
    11. 

  11.     As for reliability and security, the encryption used has been audited and
    12. 

  12.     our tests show that raet is reliable. With this said we are still conducting
    13. 

  13.     more security audits and pushing the reliability.
    14. 

  14.     This document outlines the encryption used in RAET
    15. 

  15. 

  16. .. versionadded:: 2014.7.0
    17. 

  17. 

  18. The Reliable Asynchronous Event Transport, or RAET, is an alternative transport
    19. 

  19. medium developed specifically with Salt in mind. It has been developed to
    20. 

  20. allow queuing to happen up on the application layer and comes with socket
    21. 

  21. layer encryption. It also abstracts a great deal of control over the socket
    22. 

  22. layer and makes it easy to bubble up errors and exceptions.
    23. 

  23. 

  24. RAET also offers very powerful message routing capabilities, allowing for
    25. 

  25. messages to be routed between processes on a single machine all the way up to
    26. 

  26. processes on multiple machines. Messages can also be restricted, allowing
    27. 

  27. processes to be sent messages of specific types from specific sources
    28. 

  28. allowing for trust to be established.
    29. 

  29. 

  30. Using RAET in Salt
    31. 

  31. ==================
    32. 

  32. 

  33. Using RAET in Salt is easy, the main difference is that the core dependencies
    34. 

  34. change, instead of needing pycrypto, M2Crypto, ZeroMQ, and PYZMQ, the packages
    35. 

  35. `libsodium`_, libnacl, ioflo, and raet are required. Encryption is handled very cleanly
    36. 

  36. by libnacl, while the queueing and flow control is handled by
    37. 

  37. ioflo. Distribution packages are forthcoming, but `libsodium`_ can be easily
    38. 

  38. installed from source, or many distributions do ship packages for it.
    39. 

  39. The libnacl and ioflo packages can be easily installed from pypi, distribution
    40. 

  40. packages are in the works.
    41. 

  41. 

  42. Once the new deps are installed the 2014.7 release or higher of Salt needs to
    43. 

  43. be installed.
    44. 

  44. 

  45. Once installed, modify the configuration files for the minion and master to
    46. 

  46. set the transport to raet:
    47. 

  47. 

  48. ``/etc/salt/master``:
    49. 

  49. 

  50. .. code-block:: yaml
    51. 

  51. 

  52.     transport: raet
    53. 

  53. 

  54. 

  55. ``/etc/salt/minion``:
    56. 

  56. 

  57. .. code-block:: yaml
    58. 

  58. 

  59.     transport: raet
    60. 

  60. 

  61. 

  62. Now start salt as it would normally be started, the minion will connect to the
    63. 

  63. master and share long term keys, which can then in turn be managed via
    64. 

  64. salt-key. Remote execution and salt states will function in the same way as
    65. 

  65. with Salt over ZeroMQ.
    66. 

  66. 

  67. Limitations
    68. 

  68. ===========
    69. 

  69. 

  70. The 2014.7 release of RAET is not complete! The Syndic and Multi Master have
    71. 

  71. not been completed yet and these are slated for completion in the 2015.5.0
    72. 

  72. release.
    73. 

  73. 

  74. Also, Salt-Raet allows for more control over the client but these hooks have
    75. 

  75. not been implemented yet, thereforre the client still uses the same system
    76. 

  76. as the ZeroMQ client. This means that the extra reliability that RAET exposes
    77. 

  77. has not yet been implemented in the CLI client.
    78. 

  78. 

  79. Why?
    80. 

  80. ====
    81. 

  81. 

  82. Customer and User Request
    83. 

  83. -------------------------
    84. 

  84. 

  85. Why make an alternative transport for Salt? There are many reasons, but the
    86. 

  86. primary motivation came from customer requests, many large companies came with
    87. 

  87. requests to run Salt over an alternative transport, the reasoning was varied,
    88. 

  88. from performance and scaling improvements to licensing concerns. These
    89. 

  89. customers have partnered with SaltStack to make RAET a reality.
    90. 

  90. 

  91. More Capabilities
    92. 

  92. -----------------
    93. 

  93. 

  94. RAET has been designed to allow salt to have greater communication
    95. 

  95. capabilities. It has been designed to allow for development into features
    96. 

  96. which out ZeroMQ topologies can't match.
    97. 

  97. 

  98. Many of the proposed features are still under development and will be
    99. 

  99. announced as they enter proof of concept phases, but these features include
    100. 

  100. `salt-fuse` - a filesystem over salt, `salt-vt` - a parallel api driven shell
    101. 

  101. over the salt transport and many others.
    102. 

  102. 

  103. RAET Reliability
    104. 

  104. ================
    105. 

  105. 

  106. RAET is reliable, hence the name (Reliable Asynchronous Event Transport).
    107. 

  107. 

  108. The concern posed by some over RAET reliability is based on the fact that
    109. 

  109. RAET uses UDP instead of TCP and UDP does not have built in reliability.
    110. 

  110. 

  111. RAET itself implements the needed reliability layers that are not natively
    112. 

  112. present in UDP, this allows RAET to dynamically optimize packet delivery
    113. 

  113. in a way that keeps it both reliable and asynchronous.
    114. 

  114. 

  115. RAET and ZeroMQ
    116. 

  116. ===============
    117. 

  117. 

  118. When using RAET, ZeroMQ is not required. RAET is a complete networking
    119. 

  119. replacement. It is noteworthy that RAET is not a ZeroMQ replacement in a
    120. 

  120. general sense, the ZeroMQ constructs are not reproduced in RAET, but they are
    121. 

  121. instead implemented in such a way that is specific to Salt's needs.
    122. 

  122. 

  123. RAET is primarily an async communication layer over truly async connections,
    124. 

  124. defaulting to UDP. ZeroMQ is over TCP and abstracts async constructs within the
    125. 

  125. socket layer.
    126. 

  126. 

  127. Salt is not dropping ZeroMQ support and has no immediate plans to do so.
    128. 

  128. 

  129. Encryption
    130. 

  130. ==========
    131. 

  131. 

  132. RAET uses Dan Bernstein's NACL encryption libraries and `CurveCP`_ handshake.
    133. 

  133. The libnacl python binding binds to both `libsodium`_ and tweetnacl to execute
    134. 

  134. the underlying cryptography. This allows us to completely rely on an
    135. 

  135. externally developed cryptography system.
    136. 

  136. 

  137. Programming Intro
    138. 

  138. =================
    139. 

  139. 

  140. .. toctree::
    141. 

  141. 

  142.    programming_intro
    143. 

  143. 

  144. .. _libsodium: http://doc.libsodium.org/
    145. 

  145. .. _CurveCP: http://curvecp.org/
    146.