[BUG] file.managed and file.symlink both run in test mode by default #64195
Comments
|
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
|
What is the output of |
|
As per the screenshot, a value of Edit: Another thing I should mention is, some other file.managed and file.symlinks are working, but some aren't. There doesn't appear to be much to link the ones that don't together, except perhaps that they are located within areas chown by |
|
Do you have any custom code that might be putting a run into test mode accidentally? |
|
@OrangeDog I don't think so. There's nothing too spectacular in my configuration really. I'm using a fairly simple Salt install with a simple git repo, etc. if I create the symlink or file by hand, it takes a few refreshes, and then it finally sticks. If I then remove the symlink/file it goes back to "Unchanged". All these snippets are in the same SLS file: /opt/netbox:
file.symlink:
- target: /opt/netbox-{{ netboxversion }}
- force: True
- require:
- archive: /opt
/opt/netbox/gunicorn.py:
file.managed:
- source: salt://filesets/netbox/gunicorn.py
- require:
- file: /opt/netbox
/opt/netbox/netbox/media:
file.directory:
- user: netbox
- group: netbox
- recurse:
- user
- group
/opt/netbox/local_requirements.txt:
file.managed:
- source: salt://filesets/netbox/local_requirements.txt
- require:
- file: /opt/netbox
/opt/netbox/netbox/netbox/configuration.py:
file.managed:
- source: salt://filesets/netbox/configuration.py
- template: jinja
- require:
- file: /opt/netboxThat's copy paste verbatim from the sls file, with some intervening states, but in the same sequence in the file. I'm fairly sure the sequence doesn't affect it, but just in case.
Edit: I should add {% set netboxversion = "3.5.0" %}Just for clarity sake. That's the only variable in the SLS. From what I've tested, template doesn't affect it either, two template files worked perfectly in the same state as this one. |
|
You're saying other states in the same run are applying changes, but these two and only these two are in test mode? |
|
Yup. Everything else in the SLS for these actions applies properly. Creating files, restarting services, etc. The whole thing. It's only those two specific states that appear to be in "Test" mode. And I have NO idea how that works. TBH, I don't bother with Test mode. I just apply state until steady. |
|
"it takes a few refreshes, and then it finally sticks", and "until steady" do not make sense to me. After applying the state once, the system is then in that state. If that is not true then there is something else wrong. |
|
So, I removed the symlink earlier to confirm it's still doing weird stuff, then I re-added the symlink manually. Here is the result: netbox01:
salt master:
This is what I mean by "it finally sticks". When I first ran it tonight, it told me that the state matches. Of course it matched. The symlink was there from last night. Manually, I go and I remove the symlink, and the state dies. I go and manually create the symlink, and it still thinks there's a problem. Previously, in 3005, if I manually intervened because of something, Salt would simply go "Hey, it's here. Awesome". Now it appears to be caching the state or the files or something and then getting horribly confused when I manually take an action in the SLS file. In the course of writing this comment, I reran the
The symlink exists. I took a screenshot. And yet, Salt appears to be confused because it does not want to apply a state that is already in place and functional. By "until steady", what I mean is, sometimes I'm a little overzealous with some of my states, and they take a second or a third pass before the are 100% ready. It's because I'm still learning, and I don't want to lean too heavily on the "before","after","require" pieces of Salt. I'm used to this, so I put up with it for some things. I have a whole SLS to deploy ElasticSearch and Kibana from scratch. It works perfectly... after the second or third |
I had the same intuition, but I don't see how this would be related since that PR only affected failing runs. I think I have seen similar behavior as described in here since including [a patched variant of] the current [3006] |
|
So, as a question that might sound a bit stupid, what should I look out for to confirm its not just something stupid with my setup? Is there anything obvious to look for? Anything I should double check? I'm out of time today, but I can check anything and everything tomorrow. It's not even outside the realm to rebuild the Salt server if needed. |
|
It has to be a problem with my configuration. I now have the following
Which is insane. I can't imagine that Salt would've released 3006 without finding this, but. I can't figure out how or where. Need to figure that out now I guess... |
|
Same problem after 3004.2 to 3006.1 upgrade of salt-minion. comment of file.managed : The file is not updated. The service reload like it was updated. the state: salt version: 3006.1 |
|
in the same formula, i have few other or using it seems affecting only HTTP sources. |
|
Just a hunch since I wrote and use those: Does anyone affected by this problem not use the |
|
I use the x509_v2 module |
OrangeDog
added
Regression
|
@lkubb That is plausible. I use the new x509_v2 module as well. I can try it without the x509_v2 module relatively easily when I get time. |
|
Update: I can reproduce this behavior when the So it seems the workaround for #62590 (https://github.com/saltstack/salt/blob/0cb3dc87e780b514b07ac0da66906a085893ceb2/salt/states/x509_v2.py#L1576C4-L1582) has the potential to trigger an inverse bug in the loader, which is much worse. I will code up a fix now that I have a test for it. |
|
@ymasson @zeddD1abl0 Sorry for the delay. Would you be able to test if this change fixes your issues once CI passes? Edit: Adapted the previous commit a bit for completeness' sake, should work regardless. |
IMO changing it and not telling you is worse than not changing it and telling you. |
Point taken, thanks for encouraging. :) Not changing it can lead to manifested breakage though and this interaction could be described as spooky action a distance for anyone not familiar with the relevant codebase. I have stumbled on the loader in the past by treating it as a context manager, hope it becomes more robust at some point. Anyways, CI is looking mostly fine and my states still work, so the commit should be good to test. |
|
@lkubb your patch work. no worries for the delay. thanks |
Hi @lkubb , I tried to patch it... I think it did it right. I found the file in /opt/saltstack ( If so, unfortunately, it's still failing in the same way.
|
My apologies @lkubb , I didn't realise it was a minion-side issue. After applying the patch to a minion suffering the issue, it is indeed fixed. I concur with @ymasson . |
|
@zeddD1abl0 No worries, glad to hear it fixes the issue for you as well. :) As an aside, it might be a bit easier for you to just copy the patched module into a |
|
file.directory still runs in test with #64269 |
|
I've the same issue with |
|
@lmf-mx Let's continue here. You wrote:
Am I understanding you correctly? When applying the described state,
Is there any |
|
Has this issue been resolved by merging #64960? |
|
I believe so, at least my reproduction test passed on that PR. Mind that it is not part of any release currently. |
|
The PR and this bug were slated for 3006.2, but they're not mentioned in the release notes (https://docs.saltproject.io/en/latest/topics/releases/3006.2.html). When can we expect a Salt release with a fix for this bug? |
|
@danielbakken 3006.2 was a cve only release. we are working on getting 3006.3 out with this and other fixes. |
|
Closing as this was fixed in #64960 Will be included in the 3006.3 release. |
|
Any idea when 3006.3 is going to drop @Ch3LL? |
|
Oops. My bad. It did drop. ;) |
Description
During a basic file.managed or file.symlink, running
salt state.applyresults in "symlink is set for creation" or "The file is set to be changed. Note: No changes have been applied."Even explicitly setting "test" in the minion configuration to False did not fix the issue. The only fix is to manually intervene and hope that the files line up as expected.
Setup
Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior
With the given symlink and managed examples above, simply running
salt state.applyfails. The same is true of a managed fileExpected behavior
Prior to 3006, when running
salt state.applythe file would be changed or updated as per the SLS definition.Screenshots
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)The text was updated successfully, but these errors were encountered: