The Salt proxy agent is a relatively new feature of Salt allowing to control networked devices where salt-minion cannot be installed directly. The official Salt documentation on the subject is outdated and full of syntax errors. It’s actually quite sad that some talented folks at SaltStack spend months developing new functionality and then decide that spending ten minutes on updating the docs is too much of a hassle. Here’s a quick example of configuring a Salt proxy server for controlling vCenter and individual ESX hosts. 

I started out with a basic RHEL 6+ VM and installed salt-minion and salt-proxy. Then I installed and configured esxcli to work with my vCenter. The next step is to configure Salt Pillars on the Salt Master server. Reference the sample configuration below and adjust hostnames/login credentials as needed for your environment.

mkdir -p /srv/pillar/base
 
cat << EOF > /srv/pillar/base/top.sls
base:
  'vcenter01':
    - vcenter01
EOF
 
cat << EOF > /srv/pillar/base/vcenter01.sls
proxy:
    proxytype: esxi
    host: vcenter01.domain.com
    username: 'AD_DOMAIN\vCenterSVC_Account'
    passwords:
      - 'vCenterSVC_Password'
EOF

The next step is to launch the salt-proxy process on the Salt Proxy VM. There is no init script for this at the moment, so I started the process with nohup and will need to write a startup script at some point.

mkdir -p /var/log/salt
cd /var/log/salt
nohup salt-proxy --proxyid='vcenter01' &
ps -ef | grep [s]alt-proxy

Now you should be able to run some basic test commands on the Salt Master to test connectivity. Here are some examples for you:

salt --output=nested 'vcenter01' vsphere.list_hosts vcenter01 'AD_DOMAIN\vCenterSVC_Account' 'vCenterSVC_Password' | head -5
salt --output=nested 'vcenter01' vsphere.get_coredump_network_config esxi01.domain.com 'root' 'root_passwd'
salt --output=nested 'vcenter01' vsphere.esxcli_cmd 'vm process list' host='esxi01.domain.com' username='root' password='root_passwd'
salt --output=nested 'vcenter01' vsphere.esxcli_cmd 'vm process list' host='vcenter01' username='root' password='root_passwd' esxi_hosts='[esxi01.domain.com, esxi02.domain.com]'

Note: in the last example, you’re connecting to the Proxy, which connects to the vCenter, which connects to the two ESX hosts to get a list of running VMs. You only need to supply the ESX root password, while the login credentials for the vCenter are provided to the proxy server by the Salt master.

Similar to the example above, but will get a list of all VMs matching the Unix host naming convention running on all ESX hosts in the vCenter. This will take a bit of time to run.

all_esx_hosts=$(salt --output=raw 'saltproxy01.domain.com' vsphere.list_hosts plesxvc01 'DOMAIN\SvcAccount' '*************' | grep -oP "(?<=')[a-z0-9-]{1,}\.krazyworks\.local(?=')" | while read i; do echo -n "${i}, "; done | sed 's/, $//g')
salt --output=nested 'vcenter01' vsphere.esxcli_cmd 'vm process list' host='vcenter01' username='root' password='root_passwd' esxi_hosts="[${all_esx_hosts}]" | sed 's/^[ \t]*//'