Add Tanzu Salt for Spring app discovery on virtual machines

As a Tanzu Platform hub administrator, you need to give your Spring app owners and development teams more visibility into the Spring apps running on your virtual machines (VMs) in your AWS public cloud environment. You want a quick and easy way to scan your cloud environment in minutes and discover Spring apps actively running in your environment and list which actuators are enabled. You also want to see a comprehensive, searchable list of all these applications and actuators in Tanzu Platform hub.

This procedure explains how to configure your Tanzu Platform hub deployment to scan your VMs and display a list of all the Spring apps and actuators running on Linux machines in your environment.

What is Salt?
This configuration solution uses Salt, an open-source automation and configuration management engine approved, sanctioned, and sponsored by Broadcom. Salt is built by the Salt Project community, which includes more than 3,000 contributors working in roles just like yours. This well-known and trusted community works together to improve the underlying technology and extend Salt to accomplish the most common tasks or solve the most important problems that people in your role are likely to face. See the Salt Project home page for more information about Salt.

Before you begin

In VMware Cloud Services, you must have the Organization Administrator role in your Organization to complete these installation and configuration steps.

To view your Organization roles, open the Cloud Services Console, click your user name, and select My Account > My Roles.

If you do not have the Organization Administrator role assigned to you, contact the Organization owner.

Overview of the Tanzu Salt configuration process

Configuring Tanzu Platform hub to discover Spring apps and actuators running in your cloud environment involves the following tasks:

  1. Configure a virtual machine to act as the Salt master. In this step, you designate a virtual machine as the Salt master and ensure it meets the necessary prerequisites. This machine will connect to other machines on the same subnet to complete the installation process. See Step 1: Configure a virtual machine to act as the Salt master for more information.
  2. Run the Salt Configuration script. In this step, you copy a bash script provided in the Tanzu Platform hub user interface which installs the necessary components in your cloud environment. See Step 2: Run the Salt Configuration script for more information.
  3. View a list of your Spring apps in Tanzu Platform hub. After the installation is complete, you can return to the Tanzu Platform hub interface and view or query data about the Spring apps and actuators that are now detected by Tanzu Platform hub. See Step 3: View a list of your Spring apps in Tanzu Platform hub for more information.

Step 1: Configure a virtual machine to act as the Salt master

To start the Spring app discovery process with Salt, you need to configure a virtual machine that will act as the Salt master for the rest of the machines on the same subnet.

What is a Salt master?
Salt uses a client-server model where the Salt server is known as the Salt master and the client is called the Salt minion. A Salt master issues commands to one or more minions. Each client executes these commands and passes the results back to the Salt master.

The Salt minions can send data about running Spring applications back to the Salt master, which then passes the data through the Tanzu Salt RaaS API. From there, the RaaS API passes the data to Tanzu Platform hub for processing.

The virtual machine that will act as the Salt master must meet the following requirements:

  • For large cloud environments, the Salt master should have at least 16 CPU and 16 GB. This is a general recommendation that covers most use cases, but smaller Salt cloud environments can support a Salt master with less CPU and GB, depending on the number of Salt minions the Salt master needs to connect with and the amount of data you expect the minions to send to the master. See system requirements for more information.
  • The Salt master can run on any major operating system. However, a Linux-based machine tends to work best. See Salt supported operating systems for more information.
  • The machine should not have any pre-existing Salt installations. Running the Salt Configuration script could overwrite any existing Salt configurations or could possibly create other instabilities.
  • During the configuration, the machine temporarily needs SSH access to other virtual machines that run Spring applications on the same subnet. The Salt master machine needs to be able to send and receive commands to the other machines on the same subnet. The machine only needs ssh access for the initial minion deployment. After successful deployment ssh access can be blocked at the VPC/firewall level.
  • The other virtual machines on the subnet need to be able to connect to the Salt master outbound on ports 4505 and 4506. The master also needs to be able to accept connections on those ports.
  • You need sudo or root to access the machine’s command line interface (CLI) and run scripts. Contact your system administrator if you need elevated access.
  • Optional for air-gapped environments: If you are working in an air-gapped environment and you can’t enable a one-time outside connection to access the Salt repository, download the necessary installation packages and transfer them to the machine that will act as the Salt master. See Use Case: How do I deploy minions using the API in a Linux environment for more information.

Step 2: Run the Salt Configuration script

To get started with Spring app discovery, run the Salt Configuration script on the machine that you have designated as the Salt master:

  1. In Tanzu Platform hub, select Setup & Configuration > Salt Configuration.

  2. Copy the bash script listed on this page.

  3. Optional (for air-gapped installations only): If you can enable a one-time outside connection to the Salt repository, set the airgap parameter in this bash script to true.

  4. As the root user, access the command line interface (CLI) for the machine that you have designated as the Salt master. In the machine’s CLI, run the bash script you copied in the previous step.

    • The script will take several minutes to run, depending on the size of your cloud environment. As the script runs, the output explains which stage of the installation process is in progress. The script:
    • Installs the Salt master agent on the machine.
    • Installs the Master Plugin on the machine.
    • Connects the Salt master to Tanzu Salt, which uses the RaaS API.
    • Queries Tanzu Platform hub for all machines on the same subnet as the Salt master.
    • Installs the Salt minion agent on all the Linux machines found by Tanzu Platform hub.
    • Sends the Salt minion keys to the Salt master and accepts those keys, enabling the Salt master to issue commands to the Salt minions.
    • Installs the Spring Discovery components, which includes a Salt module, a Salt engine, a Salt state file, and the Telegraf agent.

  5. After the script completes, wait approximately 5 minutes for the Tanzu Platform hub collector to send Spring app data to the Tanzu Platform hub user interface.

The Salt configuration for Spring app discovery is now complete.

What is the RaaS API?
RaaS (Returner as a Service) is the name for the underlying API that powers Tanzu Salt. It provides RPC endpoints to receive management commands from the Tanzu Salt user interface, as well as RPC control endpoints to interface with connected Salt master(s).

Step 3: View a list of your Spring apps in Tanzu Platform hub

Now that you have scanned your cloud environment, you can view details and query the list of your Spring apps in Tanzu Platform hub.

To look at the Spring apps discovered in the scan:

  1. In Tanzu Platform hub, click Explore > Applications.

    This page has a list of all applications that are running in your cloud environment, including any Kubernetes deployments and Tanzu Application Services.

  2. Click Source > AWS to filter the list of applications.

    The table lists all Spring Apps running on virtual machines in your AWS Public Cloud.

  3. Click the name of any application in the table to view the application details of that specific Spring App on a virtual machine. See Managing your resources and applications for more information about what you can do with discovered applications.

The application details provide you with a variety of information about the Spring app.

What to do next

Now that you’ve connected your virtual machines to Tanzu Platform hub, you can now apply Spring-specific policies to enforce the presence of specific actuators and other Spring configurations.

You also have access to a wealth of data about your virtual machines and the Spring apps that are running on them. You can get information about:

  • Any information contained in the Jar file, such as Git repository locations and other Git-related commit data, if it is contained in the file.
  • Attached services, business applications, and connected resources.
  • Configuration details, such as packages and version information.
Note

The type of data available in Tanzu Platform hub depends on whether the actuators and micrometer are compiled in the jar files.

You can also query the system to filter data about your Spring apps, such as a list of all apps running a particular version of Java or specific version of a package with a known vulnerability.

Now that you’ve set up your Salt configuration, you have set the foundation to deploy and use Tanzu Salt as well. Your Operations team can use Tanzu Salt to configure and manage the virtual machines in your cloud environment at scale using automation and orchestration. Your SecOps team can also use Tanzu Salt to run security scans and immediately patch any vulnerabilities or systems that are out of compliance with your organization’s security policy. See the product documentation for Aria Automation Config, which is the same product as Tanzu Salt.

Stop generating Spring application discovery events

If you need to stop generating Spring application discovery events, you can disable the Telegraf plugin on any machines that are generating the discovery events. To use Salt to disable Spring application discovery events:

  1. Login to the Salt master that is connected to the machines running the Spring apps.

  2. Run this command to stop the telegraf agent on one or more machines running the salt-minion agent, replacing the <fqdn-of-target-machine> placeholder text with the fully qualified domain name (FQDN) or minion ID of the target machine:

    salt '<fqdn-of-target-machine>' service.stop telegraf

    Note:
    Salt makes it possible to disable the plugin on many machines at once.Instead of running this command on minions one-by-one, you can use some of the more advanced targeting methods, such as passing a list or targeting a group of minions by operating system. See Aria Automation Config - Target settings and Salt documentation - Targeting minions.

The telegraf agent will stop generating spring application discovery events on the targeted minions.

check-circle-line exclamation-circle-line close-line
Scroll to top icon