search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.16k stars 5.48k forks source link

[BUG] secret not passed to ConnectHandler on status.proxy_reconnect #62902

Open grbesicb opened 2 years ago

grbesicb commented 2 years ago

Description On first run Salt proxy napalm connection is set up successfully. After switch temporarily loses connectivity, is_alive is set to False and status.proxy_reconnect gets called. During reconnect Salt does not pass optional_args: secret to ConnectHandler and reconnect fails.

Setup Pillar for proxy:

proxy:
  always_alive: true
  driver: brocade_fastiron
  host: **REDACTED**
  username: **REDACTED**
  passwd: **REDACTED**
  multiprocessing: false
  proxytype: napalm
  optional_args:
    secret: **REDACTED**

Steps to Reproduce the behavior

  1. Start proxy minion
  2. Reboot switch
  3. Keepalive sets is_alive to False because it can't reach switch
  4. status.proxy_reconnect gets called but does not pass optional_args: secret to ConnectHandler
  5. Unable to reconnect because optional_args: secret was not passed to ConnectHandler 
    salt-proxy[3653554]: [ERROR   ] Unhandled exception running status.proxy_reconnect
salt-proxy[3653554]: Traceback (most recent call last):
salt-proxy[3653554]:   File "salt/utils/schedule.py", line 841, in handle_func
salt-proxy[3653554]:     ret["return"] = self.functions[func](*args, **kwargs)
salt-proxy[3653554]:   File "salt/loader/lazy.py", line 149, in __call__
salt-proxy[3653554]:     return self.loader.run(run_func, *args, **kwargs)
salt-proxy[3653554]:   File "salt/loader/lazy.py", line 1228, in run
salt-proxy[3653554]:     return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
salt-proxy[3653554]:   File "salt/loader/lazy.py", line 1243, in _run_as
salt-proxy[3653554]:     return _func_or_method(*args, **kwargs)
salt-proxy[3653554]:   File "/opt/saltstack/salt/run/salt/modules/status.py", line 1814, in proxy_reconnect
salt-proxy[3653554]:     __proxy__[proxy_name + ".init"](opts)  # reopen connection
salt-proxy[3653554]:   File "salt/loader/lazy.py", line 149, in __call__
salt-proxy[3653554]:     return self.loader.run(run_func, *args, **kwargs)
salt-proxy[3653554]:   File "salt/loader/lazy.py", line 1228, in run
salt-proxy[3653554]:     return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
salt-proxy[3653554]:   File "salt/loader/lazy.py", line 1243, in _run_as
salt-proxy[3653554]:     return _func_or_method(*args, **kwargs)
salt-proxy[3653554]:   File "/opt/saltstack/salt/run/salt/proxy/napalm.py", line 200, in init
salt-proxy[3653554]:     "network_device": salt.utils.napalm.get_device(opts),
salt-proxy[3653554]:   File "salt/utils/napalm.py", line 339, in get_device
salt-proxy[3653554]:     network_device["DRIVER"] = _driver_(
salt-proxy[3653554]:   File "/opt/saltstack/salt/pypath/lib/python3.9/site-packages/napalm_brocade_fastiron/brocade_fastiron.py", line 56, in __init__
salt-proxy[3653554]:     'secret': optional_args["secret"],
salt-proxy[3653554]: KeyError: 'secret'

Expected behavior Reconnect should be successful with switch when status.proxy_reconnect gets called.

Versions Report

Salt Version:
          Salt: 3005.1

Dependency Versions:
          cffi: 1.14.6
      cherrypy: unknown
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.0
       libgit2: 1.5.0
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: 1.10.1
        Python: 3.9.14 (main, Oct  3 2022, 21:19:16)
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 23.2.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: ubuntu 20.04 focal
        locale: utf-8
       machine: x86_64
       release: 5.4.0-125-generic
        system: Linux
       version: Ubuntu 20.04 focal

Workaround We are able to workaround this by adding opts["proxy"]["optional_args"]["secret"] = opts["pillar"]["proxy"]["optional_args"]["secret"] inside if not is_alive statement in /opt/saltstack/salt/run/salt/modules/status.py.

Complete part of this code with workaround:

    if not is_alive:
        opts["proxy"]["optional_args"]["secret"] = opts["pillar"]["proxy"]["optional_args"]["secret"]
        minion_id = opts.get("proxyid", "") or opts.get("id", "")
        log.info("%s (%s proxy) is down. Restarting.", minion_id, proxy_name)
        __proxy__[proxy_name + ".shutdown"](opts)  # safely close connection
        __proxy__[proxy_name + ".init"](opts)  # reopen connection
        log.debug("Restarted %s (%s proxy)!", minion_id, proxy_name)

    return True  # success
welcome[bot] commented 2 years ago

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!