From a902f667ba6c8ea3a4db477793c42535fa2cd357 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 21 Apr 2026 09:37:35 -0400 Subject: [PATCH] Target manager by role grain in telegraf_postgres_sync orch The previous MANAGER resolution used pillar.get('setup:manager') with a fallback to grains.get('master'). Neither works from the reactor: setup:manager is only populated by the setup workflow (not by reactor runs), and grains.master returns the minion's master-hostname setting, not a targetable minion id. Match the pattern used by orch/delete_hypervisor.sls: compound-target whichever minion is the manager via role grain. --- salt/orch/telegraf_postgres_sync.sls | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/salt/orch/telegraf_postgres_sync.sls b/salt/orch/telegraf_postgres_sync.sls index f2a3d950f..94be77137 100644 --- a/salt/orch/telegraf_postgres_sync.sls +++ b/salt/orch/telegraf_postgres_sync.sls @@ -3,16 +3,19 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{% set MANAGER = salt['pillar.get']('setup:manager') or salt['grains.get']('master') %} - # Fired by salt/reactor/telegraf_user_sync.sls when salt-key accepts a new # minion. Only provisions the per-minion pillar entry and DB role on the # manager; the minion itself will pick up its telegraf config on its first # highstate during onboarding, so there's no need to push the telegraf state # from here. +# +# Target the manager via role grains — same pattern as orch/delete_hypervisor.sls. +# The reactor doesn't know the manager's minion id, and grains.master on the +# runner is a hostname, not a targetable id. manager_sync_telegraf_pg_users: salt.state: - - tgt: {{ MANAGER }} + - tgt: 'G@role:so-manager or G@role:so-managerhype or G@role:so-managersearch or G@role:so-standalone or G@role:so-eval' + - tgt_type: compound - sls: - postgres.auth - postgres.telegraf_users