Fix #7783
Salt grains empty when server is in accepted state.
0%
Description
It has been reported that salt cli returned data during this event
Associated revisions
calamari_rest: work around restrictive grains permissions
The cache of minion data doesn't actually require
root privileges, but the method that salt uses to
resolve a minion glob to minion IDs does. Circumvent
this by using the private _get_cached_minion_data
function to get straight at what we want.
Fixes: #7783
History
#1 Updated by John Spray about 10 years ago
- Tracker changed from Bug to Fix
- Category changed from Backend (services) to Backend (REST API)
Access to grains via PillarUtil works if you're root, doesn't if you're www-data. Using the 'runner' interface may be an option if that can be made to respect client acls.
#2 Updated by John Spray about 10 years ago
- Target version changed from v1.2 Backlog to v1.2-dev6
#3 Updated by John Spray about 10 years ago
- Assignee set to John Spray
#4 Updated by John Spray about 10 years ago
- Status changed from New to Fix Under Review
#5 Updated by John Spray about 10 years ago
- Status changed from Fix Under Review to Resolved
#6 Updated by Dan Mick over 9 years ago
It turns out there are some cases where access also requires root privs (it seems to be the case on RHEL7 that several of the directories on the way to /var/cache/salt/master/minions/<minion> are set with 000 in the 'other' bits.) John had prototyped a solution in wip-1.2-grains, but Gregory hasn't yet got it to help)