Closed PabloLemos closed 6 years ago
i'm having a hard time replicating this:
➜ salt git:(e7893aedcf) sudo salt -C 'G@ip_interfaces:*:10.62.147.*' test.version
the_cake_is_a_lie:
2018.3.2
Did you recently upgrade? i'm also wondering if there is something in the minion cache from teh older minion versions that is possibly causing the issue
@Ch3LL Thanks for answering so fast!!!
Yes, im recently upgrade the master.
My salt infrastructure is extensive (about 800 minions). I have filtered by the salt version to go over the grains ip_interfaces and I have not obtained any error information in the logs.
An example of 2014 versions:
[master] $ salt -C 'G@saltversion:2014. *' grains.item ip_interfaces saltversion
minion1:
----------
ip_interfaces:
----------
eth0:
- 10.178.247.50
eth1:
- 10.179.246.50
the:
- 127.0.0.1
saltversion:
2014.1.4
minion2:
----------
ip_interfaces:
----------
lo0:
- 127.0.0.1
vnet0:
- 10.27.209.61
vnet407001:
- 0.0.0.0
vnet421001:
- 11.27.162.142
vnet601001:
- 0.0.0.0
saltversion:
2014.1.4
An example of 2015 versions:
[master]$ salt -C 'G@saltversion:2015.*' grains.item ip_interfaces saltversion
minion1:
----------
ip_interfaces:
----------
eth0:
- 10.27.208.252
eth1:
- 11.27.246.252
lo:
- 127.0.0.1
- 127.0.0.2
saltversion:
2015.8.1
minion2:
----------
ip_interfaces:
----------
eth0:
- 10.27.170.41
- fe80::250:56ff:fe89:6177
lo:
- 127.0.0.1
- ::1
saltversion:
2015.8.1
minion3:
----------
ip_interfaces:
----------
e1000g2:
- 10.27.164.133
e1000g3:
- 10.27.245.254
lo0:
- 127.0.0.1
saltversion:
2015.8.7
I have also tried to empty the cache of all the minions by removing the directory:
rm -rf /var/cache/salt/master/minions/*
and forcing the update using the command:
salt '*' saltutil.sync_grains refresh=True
Can I perform some command to get a more accurate debug of the targetting functions?
Thanks a lot!!
Checking the information of some windows servers I have verified that the name of the network interface has extended ASCII characters:
windows_minion_1:
----------
ip_interfaces:
----------
Intel(R) 82574L Gigabit Network Connection:
- 10.11.10.1
windows_minion_2:
----------
ip_interfaces:
----------
Conexión de red Intel(R) PRO/1000 MT #2:
- 10.11.10.2
windows_minion_3:
----------
ip_interfaces:
----------
vmxnet3 Ethernet Adapter:
- 10.11.10.3
windows_minion_4:
----------
ip_interfaces:
----------
Citrix Virtual Adapter - Deterministic Network Enhancer Miniport:
- 0.0.0.0
vmxnet3 Ethernet Adapter - Deterministic Network Enhancer Miniport:
- 10.11.10.4
Can this be the cause of the exception that appears in the salt logs?
Thanks!!
thanks for tracking that down. i believe thats exactly the issue.
I was able to replicate by hacking the code with:
diff --git a/salt/grains/core.py b/salt/grains/core.py
index 8545d4368c..5ba212b21e 100644
--- a/salt/grains/core.py
+++ b/salt/grains/core.py
@@ -1946,6 +1946,7 @@ def ip_interfaces():
if 'address' in secondary:
iface_ips.append(secondary['address'])
ret[face] = iface_ips
+ ret['Conexión de red Intel(R) PRO/1000 MT #2'] = ['1.1.1.1']
return {'ip_interfaces': ret}
ping @terminalmage any ideas here?
The matching system was not intended to support multiple wildcards like this. The wildcard only works when it's in the value being matched, not in any of the intermediate nested levels of keys. To make it work for intermediate nested levels would require some significant restructuring, which would need to be done in a future feature release.
I have a question though: Were you aware that there is a subnet matcher? This would seem to be a much easier way of doing what you want:
salt -S 10.0.1.0/24 test.version
Hmm it seems that support for intermediate wildcards may have been added since I last looked at this code, I'm investigating. But still, I think that the subnet matcher is a better way of doing what you want.
Hi @terminalmage
The subnet matcher I understand is for the service IPs of the agent, right? my agents have different network interfaces: the service interface and a couple of non-routed network interfaces (NFS, etc).
Using network identification can I interrogate my agents for those interfaces that are NOT routed?
Yes, it should still work. Did you try it?
The ip_interfaces
and ip6_interfaces
grains contain the same contents as the ipv4
and ipv6
grains, which are used in the the subnet matcher. The one difference is that the ipv4
and ipv6
grains are just lists of IP addresses, while ip_interfaces
and ip6_interfaces
are dictionaries mapping interface names to lists of IP addresses.
AH! I found the problem. So yes, wildcard matching was indeed added at some point, but while I was in the process of writing new unit tests for this I discovered a completely unrelated bug! If the data being matched on the level after the wildcard is the value side of a key/value pair in a dict, the match fails. However, when it's a list (as in your example) the match succeeds.
I'm working on a fix for that right now, as well as for the UnicodeDecodeError.
I still recommend the subnet matcher though :wink:
Thanks a lot!!
ZD-3024
Description of Issue/Question
I need to list those machines that are located in a certain network. For this I usually use the grains ip_interfaces and so far it has worked for me; but I'm currently getting the following error when I try to list the machines.
Filtering the logs I see the following error message
However, when I consult for other grains; for example kernel, I get the machine listing
Setup
Steps to Reproduce Issue
Versions Report
Thanks a lot