Merge remote-tracking branch 'origin/2.4/dev' into upgrade/salt3006.3

salt/salt/engines/master/checkmine.py

@@ -0,0 +1,81 @@
+# -*- coding: utf-8 -*-
+
+import logging
+from time import sleep
+import os
+import salt.client
+
+log = logging.getLogger(__name__)
+local = salt.client.LocalClient()
+
+def start(interval=60):
+    def mine_delete(minion, func):
+      log.warning('checkmine engine: deleting mine function %s for %s' % (func, minion))
+      local.cmd(minion, 'mine.delete', [func])
+
+    def mine_flush(minion):
+        log.warning('checkmine engine: flushing mine cache for %s' % minion)
+        local.cmd(minion, 'mine.flush')
+
+    def mine_update(minion):
+        log.warning('checkmine engine: updating mine cache for %s' % minion)
+        local.cmd(minion, 'mine.update')
+
+    log.info("checkmine engine: started")
+    cachedir = __opts__['cachedir']
+    while True:
+        log.debug('checkmine engine: checking which minions are alive')
+        manage_alived = __salt__['saltutil.runner']('manage.alived', show_ip=False)
+        log.debug('checkmine engine: alive minions: %s' % ' , '.join(manage_alived))
+
+        for minion in manage_alived:
+            mine_path = os.path.join(cachedir, 'minions', minion, 'mine.p')
+            # it is possible that a minion is alive, but hasn't created a mine file yet
+            try:
+                mine_size = os.path.getsize(mine_path)
+                log.debug('checkmine engine: minion: %s mine_size: %i' % (minion, mine_size))
+                # For some reason the mine file can be corrupt and only be 1 byte in size
+                if mine_size == 1:
+                    log.error('checkmine engine: found %s to be 1 byte' % mine_path)
+                    mine_flush(minion)
+                    mine_update(minion)
+                    continue
+            except FileNotFoundError:
+                log.warning('checkmine engine: minion: %s %s does not exist' % (minion, mine_path))
+                mine_flush(minion)
+                mine_update(minion)
+                continue
+
+            # if a manager check that the ca in in the mine and it is correct
+            if minion.split('_')[-1] in ['manager', 'managersearch', 'eval', 'standalone', 'import']:
+                x509 = __salt__['saltutil.runner']('mine.get', tgt=minion, fun='x509.get_pem_entries')
+                try:
+                    ca_crt = x509[minion]['/etc/pki/ca.crt']
+                    log.debug('checkmine engine: found minion %s has ca_crt: %s' % (minion, ca_crt))
+                    # since the cert is defined, make sure it is valid
+                    import salt.modules.x509_v2 as x509_v2
+                    if not x509_v2.verify_private_key('/etc/pki/ca.key', '/etc/pki/ca.crt'):
+                        log.error('checkmine engine: found minion %s does\'t have a valid ca_crt in the mine' % (minion))
+                        log.error('checkmine engine: %s: ca_crt: %s' % (minion, ca_crt))
+                        mine_delete(minion, 'x509.get_pem_entries')
+                        mine_update(minion)
+                        continue
+                    else:
+                        log.debug('checkmine engine: found minion %s has a valid ca_crt in the mine' % (minion))
+                except IndexError:
+                    log.error('checkmine engine: found minion %s does\'t have a ca_crt in the mine' % (minion))
+                    mine_delete(minion, 'x509.get_pem_entries')
+                    mine_update(minion)
+                    continue
+
+            # Update the mine if the ip in the mine doesn't match returned from manage.alived
+            network_ip_addrs = __salt__['saltutil.runner']('mine.get', tgt=minion, fun='network.ip_addrs')
+            try:
+                mine_ip = network_ip_addrs[minion][0]
+                log.debug('checkmine engine: found minion %s has mine_ip: %s' % (minion, mine_ip))
+            except IndexError:
+                log.error('checkmine engine: found minion %s does\'t have a mine_ip' % (minion))
+                mine_delete(minion, 'network.ip_addrs')
+                mine_update(minion)
+
+        sleep(interval)

salt/salt/files/engines.conf

@@ -0,0 +1,6 @@
+engines_dirs:
+  - /etc/salt/engines
+
+engines:
+  - checkmine:
+      interval: 60

salt/salt/master.sls

@@ -12,22 +12,34 @@ hold_salt_master_package:
       - name: salt-master
 {% endif %}
 
+# prior to 2.4.30 this engine ran on the manager with salt-minion
+# this has changed to running with the salt-master in 2.4.30
+remove_engines_config:
+  file.absent:
+    - name: /etc/salt/minion.d/engines.conf
+    - source: salt://salt/files/engines.conf
+    - watch_in:
+      - service: salt_minion_service
+
+checkmine_engine:
+  file.managed:
+    - name: /etc/salt/engines/checkmine.py
+    - source: salt://salt/engines/master/checkmine.py
+    - makedirs: True
+
+engines_config:
+  file.managed:
+    - name: /etc/salt/master.d/engines.conf
+    - source: salt://salt/files/engines.conf
+
 salt_master_service:
   service.running:
     - name: salt-master
     - enable: True
-
-checkmine_engine:
-  file.absent:
-    - name: /etc/salt/engines/checkmine.py
-    - watch_in:
-        - service: salt_minion_service
-
-engines_config:
-  file.absent:
-    - name: /etc/salt/minion.d/engines.conf
-    - watch_in:
-        - service: salt_minion_service
+    - watch:
+      - file: checkmine_engine
+      - file: engines_config
+    - order: last
 
 {% else %}
 

salt/salt/minion.sls

@@ -67,6 +67,9 @@ set_log_levels:
       - "log_level: info"
       - "log_level_logfile: info"
 
+# prior to 2.4.30 this managed file would restart the salt-minion service when updated
+# since this file is currently only adding a sleep timer on service start
+# it is not required to restart the service
 salt_minion_service_unit_file:
   file.managed:
     - name: {{ SYSTEMD_UNIT_FILE }}
@@ -89,6 +92,5 @@ salt_minion_service:
       - file: mine_functions
 {% if INSTALLEDSALTVERSION|string == SALTVERSION|string %}
       - file: set_log_levels
-      - file: salt_minion_service_unit_file
 {% endif %}
     - order: last