Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

minion/master file.recurse needs to stop using clean: True #104

Closed
iggy opened this issue Mar 16, 2015 · 35 comments
Closed

minion/master file.recurse needs to stop using clean: True #104

iggy opened this issue Mar 16, 2015 · 35 comments

Comments

@iggy
Copy link
Contributor

iggy commented Mar 16, 2015

The salt code (and myself) put files in /etc/salt/{master,minion}.d

The "clean: True" is killing all that. It probably shouldn't do that.

salt-minion:
  file.recurse:
    - name: {{ salt.get('config-path', '/etc/salt') }}/minion.d
    - template: jinja
    - source: salt://salt/files/minion.d
    - clean: True
    - context:
        standalone: False
@nmadhok
Copy link
Member

nmadhok commented Mar 16, 2015

I think there should be a way to specify this in pillar with the default being clean:True

@iggy
Copy link
Contributor Author

iggy commented Mar 16, 2015

The default will erase files that salt itself is writing out. So... that seems like a bad default to me.

Maybe @thatch45 can weigh in on how important it is to keep that _schedule.conf file around or not (it was a commit from him that added that persist function).

@nmadhok
Copy link
Member

nmadhok commented Mar 16, 2015

@iggy there can be config files present in that directory even before the installation of salt using salt-formula. If this is the case, we wouldn't want them to be there and would want salt-formula to put a set of new config files there. Perhaps backing up the old config files or maybe renaming them to have a .bak extension would be a good idea so if you want to recover the config file, you can do so manually. Thoughts @thatch45 @basepi ?

@basepi
Copy link
Contributor

basepi commented Mar 17, 2015

Sounds like a good solution to me. Backups are always good.

@iggy
Copy link
Contributor Author

iggy commented Mar 17, 2015

That doesn't answer the question of whether it's safe to just obliterate files that the salt master is writing.

@basepi
Copy link
Contributor

basepi commented Mar 17, 2015

I haven't looked closely enough at this formula to know the answer to that question. Is this state running during salt-minion startup? Additionally, I don't think the minion writes files to this directory -- it only writes files to the pki directory as far as I know.

@iggy
Copy link
Contributor Author

iggy commented Mar 17, 2015

I put a link to the code in the original post. It's utils.schedule doing it. It is definitely the minion doing the writing. I didn't write these files myself.

The only thing I don't know is if these files shouldn't be erased (as they are now with this formula).

@basepi
Copy link
Contributor

basepi commented Mar 17, 2015

Oh, I see, it must be a scheduled state run of some sort or something.

@basepi
Copy link
Contributor

basepi commented Mar 17, 2015

I only meant that the main startup of the minion doesn't write those files.

@iggy
Copy link
Contributor Author

iggy commented Mar 17, 2015

Let me know if you need more info.

bjackson@dev-salt01:~$ cat /etc/salt/minion.d/_schedule.conf 
schedule:
  __mine_interval: {function: mine.update, jid_include: true, maxrunning: 2, minutes: 5}

@nmadhok
Copy link
Member

nmadhok commented Mar 17, 2015

@basepi @iggy backing up the old config files and renaming them to have a .bak extension would be a good idea. @iggy Can you submit a PR for that change?

@iggy
Copy link
Contributor Author

iggy commented Mar 17, 2015

I'm unlikely to do a PR for that seeing as I'm against it using "clean: True" to begin with.

@basepi
Copy link
Contributor

basepi commented Mar 17, 2015

If you don't clean: True, how can you ensure that configuration deployed by the master takes effect? Other files in master.d might override what you're trying to do. You want to own the configuration, right?

@nmadhok
Copy link
Member

nmadhok commented Mar 17, 2015

I agree with @basepi

@iggy
Copy link
Contributor Author

iggy commented Mar 17, 2015

I understand where you guys are coming from. My issue is that the clean: True is going to wipe out files that salt is writing for a reason (presumably).

@aboe76
Copy link
Member

aboe76 commented Mar 17, 2015

So i'm reading this and is because salt minion has _schedule.conf in /etc/salt/minion.d
in some way, and the salt-formula cleans out the master.d/ and minion.d folders and pushes its own
_defaults.conf file there.

Only thing I can think of is why salt-formula doesn't create _schedule.conf with configurable settings...
salt-formula should configure/control all configuration files.

@basepi and @nmadhok is _schedule.conf not basically the default mine scheduler of the minion? why is this even in a separate file? shouldn't this be default in /etc/salt/minion....

@basepi
Copy link
Contributor

basepi commented Mar 17, 2015

Well, having it in a different file means salt can manage the whole file. I just think this _schedules.conf should be in the cache or somewhere else. I think minion.d/ should be reserved exclusively for user configs. I'll try to get some time with @thatch45 to discuss.

@aboe76
Copy link
Member

aboe76 commented Mar 17, 2015

@basepi I think that is the most sensible approach, 👍

@nmadhok
Copy link
Member

nmadhok commented Mar 17, 2015

@iggy If you clone this formula on a fresh VM and install salt-minion using it, does it place _schedule.conf under /etc/salt/minion.d/ ? If not then the default behavior of clean: True is correct and it would be nice to backup files already present under that folder (in case someone already had salt installed and had configuration files lying there). Also, we can add a way for the user to specify in the pillar if they don't want to delete old config files. But i still think that the defaults are correct and should be to remove all old config files and put new ones.

From where did you get this config file? What generated it? Was it generated by salt-formula?

@iggy
Copy link
Contributor Author

iggy commented Mar 17, 2015

I'm not beating this poor dead horse any more until basepi gets some input from thatch about why the minion is writing files to the config directory and whether that is going to change (but at this point, it's in a release, so we're stuck with it).

@nmadhok
Copy link
Member

nmadhok commented Mar 17, 2015

@iggy Sure. Not a problem.

iggy referenced this issue Mar 18, 2015
@basepi
Copy link
Contributor

basepi commented Mar 23, 2015

Had a conversation this morning about _schedule.conf. The short and easy fix is to make the clean: True configurable via pillar. The longer, better fix is to add functionality to file.recurse to allow it to ignore certain filename patterns. In this case, it would ignore files with leading underscores, as we can assume those files were put down by salt.

iggy pushed a commit to iggy/salt-formula that referenced this issue Mar 23, 2015
New versions of Salt put config files in /etc/salt/{minion,master}.d. We don't
want to erase them by using a clean: True on the file.recurse. This is a
backward incompatible change, but it's necessary to avoid deleting Salt config
files.

Resolves saltstack-formulas#104
@nmadhok
Copy link
Member

nmadhok commented Mar 23, 2015

@basepi What should be the default? I still think it should be clean: True by default.

@iggy
Copy link
Contributor Author

iggy commented Mar 24, 2015

If it's clean: True by default it erases config files that Salt writes out. I don't think it's a good idea for this formula to be destroying files that Salt expects to exist. I can just hear the IRC channel now... "My scheduled jobs quit working constantly... HALP MEH!!!!!!!!!1!!1!!"

@nmadhok
Copy link
Member

nmadhok commented Mar 24, 2015

@iggy I'm a little confused right now. When you install salt using the salt formula, does it create or place the config file that you're talking about?

@iggy
Copy link
Contributor Author

iggy commented Mar 24, 2015

The way I understand it is, that file is the way that salt.states.schedule persists scheduled jobs across service restarts. So it's created by Salt itself (not the formula).

https://github.com/saltstack/salt/blob/26acc5c1d476284174ba988439a2cc08ce66dc61/salt/utils/schedule.py#L302

@basepi
Copy link
Contributor

basepi commented Mar 24, 2015

Yep, it's completely independent of the formula, and ideally the formula shouldn't mess with it. The ideal solution is to have a whitelist for clean so it doesn't clean certain files but I don't think that functionality is available yet.

@tjstansell
Copy link

Why not just use exclude_pat: _* in the file.recurse definition?

@basepi
Copy link
Contributor

basepi commented Mar 26, 2015

Actually, that's the correct fix. I was stuck on the first half of the exclude_pat docs:

> exclude_pat
> Exclude this pattern from the source when copying. If both include_pat and exclude_pat are supplied, then it will apply conditions cumulatively. i.e. first select based on include_pat, and then within that result apply exclude_pat.

While it actually works on the clean as well:

> Also, when 'clean=True', exclude this pattern from the removal list and preserve in the destination.

@nmadhok
Copy link
Member

nmadhok commented Mar 26, 2015

@basepi Should I revert 8ebb7f5 ?

@iggy
Copy link
Contributor Author

iggy commented Mar 26, 2015

It would probably be easier to just change the default. I've had a couple commits on top of this that might make it not revert cleanly.

@basepi
Copy link
Contributor

basepi commented Mar 26, 2015

Ya, this is not a hard fix to make. =)

@iggy
Copy link
Contributor Author

iggy commented Mar 26, 2015

And you'll have to rename _defaults.conf as it'll be excluded from the original copy (with exclude_pat: _*)

@basepi
Copy link
Contributor

basepi commented Mar 26, 2015

Good point.

@nmadhok
Copy link
Member

nmadhok commented Mar 26, 2015

@iggy Can you submit a PR with the appropriate changes? Change the defaults as well. Thanks for the awesome work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants