search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.2k stars 5.48k forks source link

[BUG] salt version 3006.8 upgrade to 3006.9 grains issue #66774

Closed david-pulkowski closed 3 months ago

david-pulkowski commented 3 months ago

Description Salt hub with version 3006.8 will properly target minions based on grain targeting. e.g.:

salt -G 'os:redhat' test.ping
# Returns all redhat minions

Salt hub with version 3006.9 will NOT properly target minions based on grain targeting. e.g.:

salt -G 'os:redhat' test.ping
# Returns minons that are windows and macOS and redhat

If target for windows or mac, similar results will target other OS as well

Setup Have a salt-master setup with a mac, windows & linux minion (rhel in our case).

Try to test ping minions of a specific OS

salt -G 'os:redhat' test.ping
salt -G 'os:windows' test.ping
salt -G 'os:macos' test.ping

And some more complex targeting with grains seem to be incorrect as well.

Test compound targeting:

salt -C 'G@os:windows or G@os:redhat' test.ping

Will return mac minions as well. (only on 3006.9)

Or

salt -C 'G@os:macos or G@os:redhat' test.ping

Will return windows minions as well. (only on 3006.9)

Please be as specific as possible and give set-up details. We set a grain called unit

unit: 1/1
unit: 1/2
unit: 1/3
unit: 2/2
unit: 2/3
unit: 3/3

This is no longer working as well, version os salt on 3006.9 over target. Say targeting group of server unit:3/3 is returning more minions that are not in that group, and those minions that are incorrectly target fail to respond

Steps to Reproduce the behavior Have a salt-master setup with a mac, windows & linux minion (rhel in our case). And run simple test.ping commands and more complex targeting

Expected behavior Expect to only return targeted minions:

salt -G 'os:redhat' test.ping
salt -G 'os:windows' test.ping
salt -G 'os:macos' test.ping

Test compound targeting:

salt -C 'G@os:windows or G@os:redhat' test.ping

Should only return windows or rhel minions.

Screenshots If applicable, add screenshots to help explain your problem.

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml 3006.8 hub: salt --versions-report Salt Version: Salt: 3006.8 Python Version: Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: unknown dateutil: 2.8.1 docker-py: Not Installed gitdb: 4.0.11 gitpython: 3.1.43 Jinja2: 3.1.3 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.16.0 smmap: 5.0.1 timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: rhel 9.4 Plow locale: utf-8 machine: x86_64 release: 5.14.0-427.26.1.el9_4.x86_64 system: Linux version: Red Hat Enterprise Linux 9.4 Plow 3006.9 salt-hub: salt --versions-report Salt Version: Salt: 3006.9 Python Version: Python: 3.10.14 (main, Jun 26 2024, 11:44:37) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: unknown cryptography: 42.0.5 dateutil: 2.8.1 docker-py: Not Installed gitdb: 4.0.11 gitpython: 3.1.43 Jinja2: 3.1.4 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.17.0 smmap: 5.0.1 timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: rhel 9.4 Plow locale: utf-8 machine: x86_64 release: 5.14.0-427.28.1.el9_4.x86_64 system: Linux version: Red Hat Enterprise Linux 9.4 Plow Salt minons: rhel9: Salt Version: Salt: 3007.1 Python Version: Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0] Dependency Versions: cffi: 1.16.0 cherrypy: 18.8.0 dateutil: 2.8.2 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.4 libgit2: Not Installed looseversion: 1.3.0 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.7 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 23.1 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.5.2 PyYAML: 6.0.1 PyZMQ: 25.1.2 relenv: 0.16.0 smmap: Not Installed timelib: 0.3.0 Tornado: 6.3.3 ZMQ: 4.3.4 Salt Package Information: Package Type: onedir System Versions: dist: rhel 9.4 Plow locale: utf-8 machine: x86_64 release: 5.14.0-427.26.1.el9_4.x86_64 system: Linux version: Red Hat Enterprise Linux 9.4 Plow Windows: Salt Version: Salt: 3006.1 Python Version: Python: 3.10.11 (heads/main:408ea86, May 5 2023, 02:40:17) [MSC v.1934 64 bit (AMD64)] Dependency Versions: cffi: 1.14.6 cherrypy: 18.6.1 dateutil: 2.8.1 docker-py: Not Installed gitdb: 4.0.7 gitpython: Not Installed Jinja2: 3.1.2 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.10.1 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 5.4.1 PyZMQ: 25.0.2 relenv: 0.12.3 smmap: 4.0.0 timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: locale: cp1252 machine: AMD64 release: 2016Server system: Windows version: 2016Server 10.0.14393 SP0 Multiprocessor Free ```

Additional context Add any other context about the problem here.

david-pulkowski commented 3 months ago

It seems our culprit windows were on older versions that were on 3006 & had setups that still used the legacy setup location

C:\salt
# vs
C:\Program Files\Salt Project

Updating to latest 3007.1 & moving the /c/salt dir to the new location cleaned up the windows machines for our salt-hub on 3006.9. Targeting is now working as expected

dmurphy18 commented 3 months ago

:+1: Could not reproduce on RedHat 9 or Rocky Linux 9, thanks for closing it.

david-pulkowski commented 3 months ago

@dmurphy18 I know I closed this out & we can keep it closed. (just an fyi)

I was able to reproduce the odd behavior with our salt-master upgrading on rhel_9.4 from salt-master version 3006.8 to 3006.9 & with Windows machines again in our last environment.

  1. Have a salt-master on rhel_9.4, on salt-version 3006.8
  2. Have a rhel salt-minion on (7, 8, or 9), on salt-version 3007.1
  3. Have a windows server (20016 or 2019), on ondir on salt-version 3007.1
  4. On 3006.8 run test.pings of rhel only and ensure no windows machines respond back.
  5. Upgrade salt-master to 3006.9 & restart the service.
  6. Target a test.ping to rhel machines only, Windows machines (in our case) will try to return & the respond & the salt-master will time out waiting for them to reply (even though they shouldn't be targeted) 
    salt -G 'os:redhat' test.ping
  7. Restart the Windows servers. Rhel machines did not need to be restarted.
  8. Target rhel machines, windows machines successfully did NOT respond when targeting rhel only, as we would expect.

So in our case. Restarting the windows minions after the salt-master upgrade cleared the odd unnecessary targeting we were seeing.

tjyang commented 1 week ago

@dmurphy18 , Thanks for fixing and released the 2024-11-07 version of bootstrap-salt.sh. Do you have time to reproduce and work on this issue ? @david-pulkowski or @dmurphy18 , Can this ticket re-opened ? I opened #67037 for this same issue. Following is my quick summary of issue.

Restarting the windows minions after the salt-master upgrade cleared the odd unnecessary targeting we were seeing.