[BUG] Unable to use pdbedit.managed on Ubuntu 22.04.1 LTS minion

[tbennett6421]

Description

Unable to use pdbedit.managed on Ubuntu 22.04.1 LTS minion

          ID: roles@smb/configure-smb.sls//myuser
    Function: pdbedit.managed
        Name: jasonbourne
      Result: False
     Comment: State 'pdbedit.managed' was not found in SLS 'roles/smb/configure-smb'
              Reason: 'pdbedit' __virtual__ returned False: pdbedit state module can only be loaded when the pdbedit module is available

Setup

OS Version

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:    22.04
Codename:   jammy

Samba Version

$ samba --version
Version 4.15.9-Ubuntu

pdbedit version

$ pdbedit -V
Version 4.15.9-Ubuntu

Relevant state file

addauser:
  pdbedit.managed:
    - name: jasonbourne
    - password: A70C708517B5DD0EDB67714FE25336EB
    - password_hashed: True

Please be as specific as possible and give set-up details.

• [x] on-prem machine
• [x] VM (Virtualbox, KVM, etc. please specify) vmware esxi
• [ ] VM running on a cloud service, please be explicit and add details
• [ ] container (Kubernetes, Docker, containerd, etc. please specify)
• [ ] or a combination, please be explicit
• [ ] jails if it is FreeBSD
• [ ] classic packaging
• [ ] onedir packaging
• [ ] used bootstrap to install

Steps to Reproduce the behavior

1. Install fresh ubuntu 22.04 LTS
2. apt install samba -y
3. salt 'ubuntu22' state.apply roles/smb/smb-users

Expected behavior

Updates the samba database with the user/password in the state

Versions Report

Salt Master:

Salt Version:
          Salt: 3005.1

Dependency Versions:
          cffi: 1.14.6
      cherrypy: unknown
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.0
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.9.14 (main, Oct  3 2022, 21:19:17)
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 23.2.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: ubuntu 18.04 bionic
        locale: utf-8
       machine: x86_64
       release: 4.15.0-193-generic
        system: Linux
       version: Ubuntu 18.04 bionic

Salt Minion:

Salt Version:
          Salt: 3005.1

Dependency Versions:
          cffi: 1.14.6
      cherrypy: 18.6.1
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.0
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
        Python: 3.9.14 (main, Oct  3 2022, 21:22:21)
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 23.2.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: ubuntu 22.04 jammy
        locale: utf-8
       machine: x86_64
       release: 5.15.0-52-generic
        system: Linux
       version: Ubuntu 22.04 jammy

[tbennett6421]

My setup for the minions involves adding the ubuntu salt-minion package to add the hosts to the salt master, then running a state file to apply the latest salt-minon. This minion was provisioned using the following relevant state files.

{% set state_context = "base" %}
{% set state_folder = "apt" %}
{% set state_name = "saltstack" %}
{% set state_id = state_context ~ "@" ~ state_folder ~ "/" ~ state_name ~ ".sls" %}

# variables
{% set hostname = grains.host %}
{% set apt_humanname = "Saltstack Repo" %}
{% set apt_dstfile = "/etc/apt/sources.list.d/saltstack.list" %}

{% if grains['osfinger'] == 'Ubuntu-22.04' %}
  {% set os = "ubuntu" %}
  {% set osnum = "22.04" %}
  {% set codename = "jammy" %}
  {% set codename_full = "jammy jellyfish" %}
{% endif %}

## For 22.04: use apt-key-signing
{% if grains['osfinger'] == 'Ubuntu-22.04' %}
  {% set key_src = "https://repo.saltproject.io/salt/py3/ubuntu/" ~ osnum ~ "/amd64/3005/salt-archive-keyring.gpg" %}
  {% set key_dst = "/usr/share/keyrings/salt-archive-keyring.gpg" %}
  {% set key_hash = "67fff8c170554427b61a83dcb8430d85e6a00453"%}
{% endif %}

{{state_id}}//saltstack_pkgrepo_key_{{osnum}}:
  file.managed:
    - name: {{key_dst}}
    - source: {{key_src}}
    - source_hash: {{key_hash}}

{{state_id}}//saltstack_pkgrepo_{{osnum}}:
  pkgrepo.managed:
    - humanname: {{apt_humanname}}
    - name: deb [signed-by={{key_dst}} arch=amd64] https://repo.saltproject.io/salt/py3/{{os}}/{{osnum}}/amd64/3005 {{codename}} main
    - file: {{ apt_dstfile }}
    - key_url: {{key_src}}
    - architectures: amd64
    - aptkey: False
    - require:
      - file: {{state_id}}//saltstack_pkgrepo_key_{{osnum}}
    - require_in:
      - pkg: {{state_id}}//salt.minion

{{state_id}}//salt.minion:
  pkg.latest:
    - name: salt-minion
    - refresh: True

[OrangeDog]

pdbedit needs to be found on the salt-minion's PATH.

I believe 22.04 changed the default behaviour so that root has a reduced PATH. A change to the service definition is probably required.

[tbennett6421]

user@host:~$ pdbedit -V
Version 4.15.9-Ubuntu
user@hots:~$ which pdbedit
/usr/bin/pdbedit

root@host:~# pdbedit -V
Version 4.15.9-Ubuntu
root@host:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

Unless the salt-minion has a different PATH then root's default (like cron) that doesn't seem to be it. Is there are way to modify salt's environment such as the following in ansible?

- name: Execute task with extended PATH
  shell: echo $PATH
  environment:
    PATH: "/usr/other/bin:{{ ansible_env.PATH }}"

[tbennett6421]

user@salt:~$ sudo salt 'host' cmd.run "echo $PATH"
jid: 20221031181410828213
host:
    /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

[greenaar]

Also dealing with this, traced it down to https://stackoverflow.com/questions/69938570/md4-hashlib-support-in-python-3-8 when working with the newer onedir install.

[Dr-Bone]

OS: Arch Linux Can report to have the same issue (actually since 2022.11.20 already, but did not find the time to look at it) I can also report that the workaround posted by @greenaar works. Edit your /etc/ssl/openssl.cnf accordingly and restart the salt-minion.service

is this the related upstream issue? https://bugs.python.org/issue47101