Project

General

Profile

Fix #7783

Salt grains empty when server is in accepted state.

Added by Christina Meno about 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Backend (REST API)
Target version:
% Done:

0%

Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

It has been reported that salt cli returned data during this event

Associated revisions

Revision 7fa5c2e4 (diff)
Added by John Spray about 10 years ago

calamari_rest: work around restrictive grains permissions

The cache of minion data doesn't actually require
root privileges, but the method that salt uses to
resolve a minion glob to minion IDs does. Circumvent
this by using the private _get_cached_minion_data
function to get straight at what we want.

Fixes: #7783

History

#1 Updated by John Spray about 10 years ago

  • Tracker changed from Bug to Fix
  • Category changed from Backend (services) to Backend (REST API)

Access to grains via PillarUtil works if you're root, doesn't if you're www-data. Using the 'runner' interface may be an option if that can be made to respect client acls.

#2 Updated by John Spray about 10 years ago

  • Target version changed from v1.2 Backlog to v1.2-dev6

#3 Updated by John Spray about 10 years ago

  • Assignee set to John Spray

#4 Updated by John Spray about 10 years ago

  • Status changed from New to Fix Under Review

#5 Updated by John Spray about 10 years ago

  • Status changed from Fix Under Review to Resolved

#6 Updated by Dan Mick over 9 years ago

It turns out there are some cases where access also requires root privs (it seems to be the case on RHEL7 that several of the directories on the way to /var/cache/salt/master/minions/<minion> are set with 000 in the 'other' bits.) John had prototyped a solution in wip-1.2-grains, but Gregory hasn't yet got it to help)

Also available in: Atom PDF