Gate postgres telegraf fan-out on reactor-provided minion id

postgres.auth was running an `unless` shell check per up-minion on every manager highstate, even when nothing had changed — N fork+python starts of so-yaml.py add up on large grids. The work is only needed when a specific minion's key is accepted. - salt/postgres/auth.sls: fan out only when postgres_fanout_minion pillar is set (targets that single minion). Manager highstates with no pillar take a zero-N code path. - salt/reactor/telegraf_user_sync.sls: re-pass the accepted minion id as postgres_fanout_minion to the orch. - salt/orch/telegraf_postgres_sync.sls: forward the pillar to the salt.state invocation so the state render sees it. - salt/manager/tools/sbin/soup: for the one-time 3.1.0 backfill, drop the per-minion state.apply and do an in-shell loop over the minion pillar files using so-yaml.py directly. Skips minions that already have postgres.telegraf.user set.
2026-05-29 22:45:33 +02:00 · 2026-04-21 10:05:08 -04:00
parent a149ea7e8f
commit 05f6503d61
4 changed files with 42 additions and 20 deletions
@@ -12,6 +12,8 @@
 # Target the manager via role grains — same pattern as orch/delete_hypervisor.sls.
 # The reactor doesn't know the manager's minion id, and grains.master on the
 # runner is a hostname, not a targetable id.
+{% set FANOUT_MINION = salt['pillar.get']('postgres_fanout_minion', '') %}
+
 manager_sync_telegraf_pg_users:
  salt.state:
    - tgt: 'G@role:so-manager or G@role:so-managerhype or G@role:so-managersearch or G@role:so-standalone or G@role:so-eval'
@@ -20,3 +22,7 @@ manager_sync_telegraf_pg_users:
      - postgres.auth
      - postgres.telegraf_users
    - queue: True
+    {% if FANOUT_MINION %}
+    - pillar:
+        postgres_fanout_minion: {{ FANOUT_MINION }}
+    {% endif %}