Salt: Salt leaves tmp file when file.managed dest file is immutable
- Create a simple state to manage
$file - If your filesystem is ext[2-4], as root, run:
chattr +i $file - Run salt
Expected behavior:
- Salt would cleanup any tmp files it lays down using a try/except/finally pattern
Actual behavior:
- Salt leaves tmp files on the filesystem
If your state is for /etc/cron.d/foo, but /etc/cron.d/foo is immutable, salt will leave /etc/cron.d/fooXXyWza1 or something arbitrary like that. This causes serious issues as then crond thinks there are multiple crontabs. Hilarity ensues.
SEJeff
All 7 comments
@SEJeff, thanks for reporting. We need to cut down on such hilarity; salt is for serious work.
jfindlay
on 22 Feb 2016
@jfindlay any update on this one? It isn't that high of a severity if it hasn't been fixed in a year :)
SEJeff
on 6 Mar 2017
@jfindlay This is still an issue.
itskenny0
on 27 Nov 2017
Seems like the real issue here is the need for xattr/acl support in the file module. You can work around it by handling the xattrs separately:
{{ file }}-unlocked:
cmd.run:
- name: 'chattr -i {{ file }}'
{{ file }}-managed:
file.managed:
- name: {{ file }}
- require:
cmd: {{ file }}-unlocked
{{ file }}-locked:
cmd.run:
- name: 'chattr +i {{ file }}'
- require:
file: {{ file }}-managed
@SEJeff, severity is intended to conflate ugliness and user cross-section, which are orthogonal to priority, though I agree that High Severity seems like an overstatement in this case, whereas P3 is appropriate.
Nevertheless, despite my reflexive tendency to meta analyze, I think I've found a solution to the immediate problem (you're welcome, @SEJeff, @itskenny0).
jfindlay
on 27 Nov 2017
@jfindlay Thanks for the example state, that is exactly what I was attempting to do. It works great, but unfortunately this causes two states to display as "changed" even when the file in question didn't change. Is there a way to prevent that?
ID: resolvconf-unlocked
Function: cmd.run
Name: chattr -i /etc/resolv.conf
Result: True
Comment: Command "chattr -i /etc/resolv.conf" run
Started: 14:15:11.108186
Duration: 21.26 ms
Changes:
----------
pid:
32618
retcode:
0
stderr:
stdout:
----------
ID: resolvconf-managed
Function: file.managed
Name: /etc/resolv.conf
Result: True
Comment: File /etc/resolv.conf is in the correct state
Started: 14:15:11.132222
Duration: 27.067 ms
Changes:
----------
ID: resolvconf-locked
Function: cmd.run
Name: chattr +i /etc/resolv.conf
Result: True
Comment: Command "chattr +i /etc/resolv.conf" run
Started: 14:15:11.161577
Duration: 20.197 ms
Changes:
----------
pid:
32619
retcode:
0
stderr:
stdout:
resolvconf-unlocked:
cmd.run:
- name: 'chattr -i /etc/resolv.conf'
resolvconf-managed:
file.managed:
- name: /etc/resolv.conf
- source: salt://resolvconf/resolv.conf
- user: root
- group: root
- mode: 644
- follow_symlinks: False
- require:
- cmd: resolvconf-unlocked
resolvconf-locked:
cmd.run:
- name: 'chattr +i /etc/resolv.conf'
- require:
- file: resolvconf-managed
@itskenny0, you can use requisites to construct a custom, idempotent state with cmd.run, because salt roxorz. Consider the following refined example, sprinkled with the appropriate requisites:
setup
# touch /tmp/file && chattr +i /tmp/file
# cat /srv/salt/attr.sls
{%- set file = '/tmp/file' %}
{{ file }}-unlocked:
cmd.run:
- name: chattr -i {{ file }}
- prereq:
- file: {{ file }}-managed
{{ file }}-managed:
file.managed:
- name: {{ file }}
- contents: test
{{ file }}-locked:
cmd.run:
- name: chattr +i {{ file }}
- onchanges:
- file: {{ file }}-managed
execution
# salt-call --local state.apply attr
local:
----------
ID: /tmp/file-unlocked
Function: cmd.run
Name: chattr -i /tmp/file
Result: True
Comment: Command "chattr -i /tmp/file" run
Started: 09:35:44.333549
Duration: 36.907 ms
Changes:
----------
pid:
20747
retcode:
0
stderr:
stdout:
----------
ID: /tmp/file-managed
Function: file.managed
Name: /tmp/file
Result: True
Comment: File /tmp/file updated
Started: 09:35:44.371310
Duration: 3.169 ms
Changes:
----------
diff:
---
+++
@@ -0,0 +1 @@
+test
----------
ID: /tmp/file-locked
Function: cmd.run
Name: chattr +i /tmp/file
Result: True
Comment: Command "chattr +i /tmp/file" run
Started: 09:35:44.374844
Duration: 29.764 ms
Changes:
----------
pid:
20748
retcode:
0
stderr:
stdout:
Summary for local
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 69.840 ms
again
# salt-call --local state.apply attr
local:
----------
ID: /tmp/file-unlocked
Function: cmd.run
Name: chattr -i /tmp/file
Result: True
Comment: No changes detected
Changes:
----------
ID: /tmp/file-managed
Function: file.managed
Name: /tmp/file
Result: True
Comment: File /tmp/file is in the correct state
Started: 09:35:49.403976
Duration: 2.065 ms
Changes:
----------
ID: /tmp/file-locked
Function: cmd.run
Name: chattr +i /tmp/file
Result: True
Comment: State was not run because none of the onchanges reqs changed
Changes:
Summary for local
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 2.065 ms
Related issues
golmaal
路
3Comments
saurabhnemade
路
3Comments
udf2457
路
3Comments
Oloremo
路
3Comments
nixjdm
路
3Comments