SaltGUI icon indicating copy to clipboard operation
SaltGUI copied to clipboard
verified publisher icon erwindon

syndic: add warning to Keys screen when syndic is in use

Open erwindon opened this issue 3 years ago • 13 comments

Is your feature request related to a problem? Please describe. When salt-syndic is in use, there is a difference between the list of keys and the list of minions. Since the list of keys is then shorter, the user may have the feeling that keys are missing.

Describe the solution you'd like When salt-syndic is in use, show a warning about the possible limited list of keys.

Additional context solution is to read configuration from master file (previous solution mentioned reacting on specific salt-events)

erwindon avatar Jun 29 '22 23:06 erwindon

sample: afbeelding

erwindon avatar Jun 29 '22 23:06 erwindon

@pju51 I already registered a few issues in which SaltGUI is misbehaving when salt-syndic is in use (#461,#462,#463). But this issue is about making the shorter list of keys more understandable. what is your opinion about this 'problem' and solution?

erwindon avatar Jun 29 '22 23:06 erwindon

@erwindon normally all masters should have the keys to all minions. it's in the official multimaster saltstack documention. So normally the problem of key difference between masters should not occur.

per example, on our side, the minions register on a master, then there is a synchronization (rsync) to the other masters.

I don't think it's a real problem here because it shouldn't happen.

pju51 avatar Jul 01 '22 14:07 pju51

@pju51 I think there is some confusion here. the mechanism that you refer to is for multi-master (https://docs.saltproject.io/en/latest/topics/tutorials/multimaster.html). with multi-master, each salt-master in a pair (or group) should have all the keys. the keys should be somehow synchronised, e.g. using rsync or file share.

but this github issue is about syndic, and syndic is a different mechanism than multi-master.

you can combine syndic and multi-master. and typically when one uses syndic, the network is large and thus important enough to also use multi-master.

erwindon avatar Jul 01 '22 14:07 erwindon

@erwindon, Ok understood, my mistake was to compare with my infrastracture.

the typical configuration for a salt-syndic is : image

but in my infrastracture, we are using multimaster AND salt-syndic, so the result in my case is : image and in my case, the master of master has no key to the minions, only salt-master servers with salt-syndic have the minion keys.

The warning message is clear.

pju51 avatar Jul 05 '22 12:07 pju51

I've separated the message now into the 4 individual use-cases, based on whether order_masters is true/false and whether syndic_master is set or not.

Note that one of these cases is indistinguishable from a case where salt-syndic is not even used. In that case we'll make that conclusion based on the what we see happening on the salt-event bus.

erwindon avatar Jul 05 '22 18:07 erwindon

migrated issue to PR

erwindon avatar Aug 03 '22 21:08 erwindon

Hello @erwindon ,

still in draft or I can test ?

pju51 avatar Aug 30 '22 15:08 pju51

@pju51 welcome back!

still in draft or I can test ?

It is draft because it is still being tested (by you), I'm not currently changing anything. this is mainly a precaution, so that I do not accidentally merge.

note that I just rebased again, use "git pull -r" to update

erwindon avatar Aug 30 '22 16:08 erwindon

@erwindon Hello, where should I find the warning message? it doesn't appear anywhere on my side.

pju51 avatar Sep 16 '22 13:09 pju51

I was busy setting up many test-VMs to test all combinations. That was a lot of work and I only got halfway. Auto-detecting the exact role of a salt-master within a salt-syndic network is too much work, it is unreliable and there is no uniform convention to describe the roles. I even doubt whether there is enough data available to do full auto-discovery. I think I will simplify the implementation. Instead, I'll just display the following indicators:

  • for variable syndic_master e.g. "The syndic-master of this salt-master is hostname." when the variable is set.
  • for variable order_masters e.g. "This salt-master is ready to work with salt-syndic nodes." when the variable is true.
  • for the presence of syndic-events e.g. "Events related to salt-syndic are seen in the salt-event-bus." when such events are seen.
  • general warning e..g. "Salt-syndic is in use in this network. Results may be received for minions that do not have accepted keys on this salt-master." when any of the indicators are present.

erwindon avatar Sep 17 '22 01:09 erwindon

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Sep 17 '22 11:09 sonarqubecloud[bot]

I've applied the simplification. A warning will be visible on the KEYS page when the current salt-master is configured for use in a syndic topology. I've added a new git-issue to show information on for minions that are in a multi-master setup, see #480.

@pju51 Does SaltGUI show the proper information in your case? (with this git branch)

erwindon avatar Sep 17 '22 12:09 erwindon

Hello @erwindon

sorry for the delay. So today I m testing saltgui :)

I have the message : image and its clear :)

so you can merge your branh. Thanks.

pju51 avatar Sep 28 '22 08:09 pju51

ok, thx!

erwindon avatar Sep 28 '22 09:09 erwindon