salt
salt copied to clipboard
saltstack
[BUG] runner salt.execute failing where cli works
Description I am writing a custom runner to genrate a cloud-init config for new minion. Due to our process cloud module would not fit our needs.
salt syndic1 saltutil.wheel key.gen_accept minion1 this works as intended
But the following line that should be the equivilent in a custom runner
__salt__["salt.execute"]("syndic1", "saltutil.wheel", ("key.gen_accept", "minion1")) fails with the following error
{ 'fun': 'wheel.key.gen_accept', 'jid': '2024043016015263', 'user': 'UNKNOWN', 'fun_args': ['minion1'], '_stamp': '2024-04-30T16:01:53.198468', 'return': 'Exception occurred in wheel key.gen_accept: Traceback (most recent call last): File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/mixins.py", line 388, in low data["return"] = func(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 159, in call ret = self.loader.run(run_func, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1245, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1260, in run_as return func_or_method(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/wheel/key.py", line 437, in gen_accept ret = gen(id, keysize) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/wheel/key.py", line 383, in gen with salt.utils.files.fopen(pub) as fp: File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/files.py", line 393, in fopen f_handle = open(*args, **kwargs) # pylint: disable=resource-leakage FileNotFoundError: [Errno 2] No such file or directory: '/etc/salt/pki/master/dev01.pub' ', 'success': False, 'retcode': 1 }
Setup (Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Two masters to two syndic servers, same result no matter the master or syndic server used or targeted (i tested all four combernation).
- [ ] on-prem machine
- [ ] VM (Virtualbox, KVM, etc. please specify)
- [x] VM running on a cloud service, please be explicit and add details
- [ ] container (Kubernetes, Docker, containerd, etc. please specify)
- [ ] or a combination, please be explicit
- [ ] jails if it is FreeBSD
- [ ] classic packaging
- [x] onedir packaging
- [x] used bootstrap to install
Expected behavior A clear and concise description of what you expected to happen.
Both cases to return pre-auth minion keys
Screenshots If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Masters
Salt Version:
Salt: 3006.7
Python Version:
Python: 3.10.13 (main, Feb 19 2024, 03:31:20) [GCC 11.2.0]
Dependency Versions:
cffi: 1.16.0
cherrypy: unknown
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.3
libgit2: 1.5.0
looseversion: 1.0.2
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 22.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: 1.10.1
python-gnupg: 0.4.8
PyYAML: 6.0.1
PyZMQ: 23.2.0
relenv: 0.15.1
smmap: Not Installed
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: debian 12 bookworm
locale: utf-8
machine: x86_64
release: 6.1.0-18-cloud-amd64
system: Linux
version: Debian GNU/Linux 12 bookworm
Syndic
Salt Version:
Salt: 3006.7
Python Version:
Python: 3.10.13 (main, Feb 19 2024, 03:31:20) [GCC 11.2.0]
Dependency Versions:
cffi: 1.16.0
cherrypy: 18.6.1
dateutil: 2.8.1
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.3
libgit2: 1.5.0
looseversion: 1.0.2
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 22.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: 1.10.1
python-gnupg: 0.4.8
PyYAML: 6.0.1
PyZMQ: 23.2.0
relenv: 0.15.1
smmap: Not Installed
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: debian 12 bookworm
locale: utf-8
machine: x86_64
release: 6.1.0-18-cloud-amd64
system: Linux
version: Debian GNU/Linux 12 bookworm
Additional context Add any other context about the problem here.
Works for me as expected on 3006.8, Ubuntu 22.04:
MoM
- Has
order_masters: truein/etc/salt/master - Runs
salt-masteras salt user - Has
master: localhostandid: minionin/etc/salt/minion - Runs
salt-minionas root
Syndic
- Has
syndic_master: MOM_IP_ADDRESSin/etc/salt/master - Runs
salt-masteras root - Has
master: localhostandid: syndic1in/etc/salt/minion - Runs
salt-syndicas root - Runs
salt-minionas root
The runner is located /srv/salt/_runners/myrunner.py on MoM:
def genacc():
return __salt__["salt.execute"]("syndic1", "saltutil.wheel", ("key.gen_accept", "minion1"))
Then run on the MoM:
# salt-run saltutil.sync_runners
- runners.myrunner
# salt-run myrunner.genacc
syndic1:
----------
_stamp:
2024-05-02T05:18:16.151661
fun:
wheel.key.gen_accept
fun_args:
- minion1
jid:
20240502051815539132
return:
----------
success:
True
user:
UNKNOWN
# salt-key
Accepted Keys:
minion
syndic1
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# salt syndic1 cmd.run salt-key
syndic1:
Accepted Keys:
minion1
syndic1
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Try it without a syndic first, on a single VM that has master and minion running. That is much simpler to configure and reason about
Sorry I took me so long to get back too this, I updated the minion version to v3006.8 and that resolved the issue