Project

General

Profile

Bug #8743

Salt grains empty when server is in accepted state, rev 2

Added by Dan Mick about 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Normal
Category:
Backend (services)
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

Start by tracking this down in salt.

#7783 documented a problem with permissions accessing grains for the minion; the fix there seemed complete, but a different problem occurs on RHEL7 at least: some of the paths on the master along the way to /var/cache/salt/master/minions are missing the 'other' read/execute permissions:

# for p in /var /var/cache /var/cache/salt /var/cache/salt/master/ /var/cache/salt/master/minions/ ; do ls -ld $p; done
drwxr-xr-x. 21 root root 4096 Jul  3 18:26 /var
drwxr-xr-x. 8 root root 81 Jul  3 17:49 /var/cache
drwxrwx--- 4 root root 32 Jul  3 17:57 /var/cache/salt
drwxrwx--- 8 root root 118 Jul  3 18:26 /var/cache/salt/master/
drwxr-xr-x 6 root root 142 Jul  3 18:04 /var/cache/salt/master/minions/

It's not clear what controls this inside salt; it seems as though salt is merely creating the cache dirs on demand, and something somewhere has a different idea of what umask should be.


Related issues

Related to Calamari - Bug #8768: Rhel 7: Information displays a lot of unknown values. Duplicate 07/07/2014
Related to Calamari - Bug #8791: logs are not visible Resolved 07/09/2014

Associated revisions

Revision 436f3324 (diff)
Added by Christina Meno about 7 years ago

calamari-ctl: relax perms on some salt dirs during initialization

Fixes: #8743
Signed-off-by: Gregory Meno <>

Revision 7251ef19 (diff)
Added by Christina Meno about 7 years ago

calamari-ctl: relax perms on some salt dirs during initialization

Fixes: #8743
Signed-off-by: Gregory Meno <>
(cherry picked from commit 436f3324909fa0844c6f0da7e617df099bb29235)

History

#1 Updated by Dan Mick about 7 years ago

(The workaround is to add r-x permissions to those dirs. It's not clear if this is any sort of security hole.)

#2 Updated by Christina Meno about 7 years ago

  • Target version set to 1.3-dev2

#3 Updated by Christina Meno about 7 years ago

  • Description updated (diff)

#4 Updated by Christina Meno about 7 years ago

  • Status changed from 12 to In Progress

#5 Updated by Christina Meno about 7 years ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF