This PR migrates our salt-master to run on Ubuntu 22.04, codename "Jammy."
In our previous configuration running salt 3004, the salt-master ran as the root user. In the latest release, the salt-master adds a "salt" user and group by default, and runs as the "salt" user. By adding user: root to out vagrant master.conf file, we allow the salt-master to run as root, like we had previously done, and bypass permissions errors related to loading ca.py and consul.py modules.
This PR also conditionally updates our configuration to use the onedir packaging with codename "jammy" updating the repo URL, path names, and GPG key.
To verify this locally:
bring up the salt-master, laptop:psf-salt user$ vagrant up salt-master
bring up the loadbalancer, laptop:psf-salt user$ vagrant up loadbalancer
bring up a backend service like hg, laptop:psf-salt user$ vagrant up hg
The traceback for the salt-master should show it running on jammy, but to further verify the upgrade:
in another window, ssh into the salt-master, laptop:psf-salt user$ vagrant ssh salt-master
apt-key is deprecated with Ubuntu 22.04. The recommended approach is to configure -aptkey: False to the package repo state, and set signed-by in the repo name.
This PR is currently in a state where all packages are updated to use this recommended approach except for postgresql.
The current bug appears to happen when salt adds the postgresql gpg key to our designated signed by file, the file permissions are not set the _apt user to read.
-rw-r--r-- 1 root root 4538 Jan 12 13:52 datadoghq.gpg
-rw-r--r-- 1 root root 1067 Jan 12 13:52 nginx.gpg
-rw-r--r-- 1 root root 2820 Jan 12 13:51 packagecloud.gpg
-rw-r----- 1 root root 3494 Jan 12 13:52 postgresql.gpg
This PR migrates our salt-master to run on Ubuntu 22.04, codename "Jammy."
In our previous configuration running salt 3004, the salt-master ran as the root user. In the latest release, the salt-master adds a "salt" user and group by default, and runs as the "salt" user. By adding
user: root
to out vagrantmaster.conf
file, we allow the salt-master to run as root, like we had previously done, and bypass permissions errors related to loadingca.py
andconsul.py
modules.This PR also conditionally updates our configuration to use the onedir packaging with codename "jammy" updating the repo URL, path names, and GPG key.
To verify this locally:
laptop:psf-salt user$ vagrant up salt-master
laptop:psf-salt user$ vagrant up loadbalancer
laptop:psf-salt user$ vagrant up hg
The traceback for the salt-master should show it running on jammy, but to further verify the upgrade:
laptop:psf-salt user$ vagrant ssh salt-master
lsb_release -a
Note:
apt-key
is deprecated with Ubuntu 22.04. The recommended approach is to configure-aptkey: False
to the package repo state, and setsigned-by
in the repo name.This PR is currently in a state where all packages are updated to use this recommended approach except for postgresql.
The current bug appears to happen when salt adds the postgresql gpg key to our designated
signed by file
, the file permissions are not set the_apt
user to read.To learn more about this bug, see #333.