Page MenuHomeDevCentral
Differential D3278

Deploy REST API for Salt using rest_cherrypy
ClosedPublic
Actions

Authored by dereckson on Jan 13 2024, 23:47.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jun 25, 01:49
Unknown Object (File)
Tue, Jun 25, 01:10
Unknown Object (File)
Mon, Jun 24, 20:00
Unknown Object (File)
Mon, Jun 24, 19:37
Unknown Object (File)
Mon, Jun 24, 19:29
Unknown Object (File)
Mon, Jun 24, 19:14
Unknown Object (File)
Mon, Jun 24, 19:05
Unknown Object (File)
Mon, Jun 24, 01:41
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1942: Allow Jenkins to trigger deployment through Salt
Commits
rOPS6c4328e270b9: Deploy REST API for Salt using rest_cherrypy
Summary

Salt provides a REST API applications can use to communicate through HTTP.

This deployment is intended to be able to trigger events to the reactor
from external sources like Notifications Center or Jenkins.

It reuses the TLS certificates for Vault as they share the same server.

Ref T1942.

Test Plan

sockstat | grep 8300

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Jan 13 2024, 23:47
dereckson created this revision.
Harbormaster completed remote builds in B5179: Diff 8428.Jan 13 2024, 23:47
dereckson added a comment.EditedJan 13 2024, 23:49

Current status

The service starts, then quit a few seconds later. When running in foreground, we see an error
similar to the one we have when Salt is updated without restarting the primary service.

Complector
$ sudo su - salt
$ /usr/local/bin/python3.9 /usr/local/bin/salt-api -c /usr/local/etc/salt
[ERROR   ] Failed to import netapi rest_cherrypy, this is due most likely to a syntax error:
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/salt/loader/lazy.py", line 751, in _load_module
    mod = spec.loader.load_module()
  File "<frozen importlib._bootstrap_external>", line 529, in _check_name_wrapper
  File "<frozen importlib._bootstrap_external>", line 1029, in load_module
  File "<frozen importlib._bootstrap_external>", line 854, in load_module
  File "<frozen importlib._bootstrap>", line 274, in _load_module_shim
  File "<frozen importlib._bootstrap>", line 711, in _load
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/usr/local/lib/python3.9/site-packages/salt/netapi/rest_cherrypy/__init__.py", line 18, in <module>
    import cherrypy
  File "/usr/local/lib/python3.9/site-packages/cherrypy/__init__.py", line 60, in <module>
    import pkg_resources
  File "/usr/local/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3260, in <module>
    def _initialize_master_working_set():
  File "/usr/local/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3234, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3272, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python3.9/site-packages/pkg_resources/__init__.py", line 581, in _build_master
    ws.require(__requires__)
  File "/usr/local/lib/python3.9/site-packages/pkg_resources/__init__.py", line 909, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/local/lib/python3.9/site-packages/pkg_resources/__init__.py", line 795, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'contextvars' distribution was not found and is required by salt
`

This can be fixed by removing contextvars from python3.9/site-packages/salt-3006.2-py3.9.egg-info/entry_points.txt,
as contextvars is now a part of Python 3.7+ standard library.

Then, another TLS-related issue occurs:

Complector
$ /usr/local/bin/python3.9 /usr/local/bin/salt-api -c /usr/local/etc/salt
[ERROR   ] [14/Jan/2024:00:11:05] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/cheroot/server.py", line 1814, in serve
    self._connections.run(self.expiration_interval)
  File "/usr/local/lib/python3.9/site-packages/cheroot/connections.py", line 198, in run
    self._run(expiration_interval)
  File "/usr/local/lib/python3.9/site-packages/cheroot/connections.py", line 241, in _run
    new_conn = self._from_server_socket(self.server.socket)
  File "/usr/local/lib/python3.9/site-packages/cheroot/connections.py", line 294, in _from_server_socket
    s, ssl_env = self.server.ssl_adapter.wrap(s)
  File "/usr/local/lib/python3.9/site-packages/cheroot/ssl/builtin.py", line 270, in wrap
    s = self.context.wrap_socket(
  File "/usr/local/lib/python3.9/ssl.py", line 501, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/local/lib/python3.9/ssl.py", line 1074, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.9/ssl.py", line 1343, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:1134)

Despite of this, the server is up:

Complector
$ sockstat | grep 70925
salt     python3.9  70925 10  tcp4   *:8300                *:*
dereckson updated this revision to Diff 8429.Jan 14 2024, 01:29

Fix spaces. Add kludge to remove contextvars from egg info about Salt.

Harbormaster completed remote builds in B5180: Diff 8429.Jan 14 2024, 01:29
dereckson updated this revision to Diff 8430.Jan 14 2024, 01:30

hunt-insecable-spaces sponsored by I can't use a MacBook Pro (tm)

Harbormaster completed remote builds in B5181: Diff 8430.Jan 14 2024, 01:30
dereckson updated this revision to Diff 8431.Jan 14 2024, 01:44

+service

Harbormaster completed remote builds in B5182: Diff 8431.Jan 14 2024, 01:44
dereckson updated this revision to Diff 8432.Jan 14 2024, 01:46

Declare Salt API in services table so Jenkins can know what URL to use without hardcoding it

Harbormaster completed remote builds in B5183: Diff 8432.Jan 14 2024, 01:46
dereckson updated this revision to Diff 8433.Jan 14 2024, 01:51

Reorder pillar/services/table.sls

Harbormaster completed remote builds in B5184: Diff 8433.Jan 14 2024, 01:51
dereckson accepted this revision.Jan 14 2024, 01:52
This revision is now accepted and ready to land.Jan 14 2024, 01:52
Closed by commit rOPS6c4328e270b9: Deploy REST API for Salt using rest_cherrypy (authored by dereckson). · Explain WhyJan 14 2024, 01:53
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPS6c4328e270b9: Deploy REST API for Salt using rest_cherrypy.

Revision Contents
Changeset List

PathSize
pillar/
services/
2 lines
roles/
salt-primary/
api/
30 lines
files/
22 lines
16 lines
44 lines
29 lines
api/
10 lines
1 line

Diff 8434

View Options

pillar/services/table.sls

Loading...
View Options

roles/salt-primary/api/certificates.sls

Loading...
View Options

roles/salt-primary/api/files/api.conf

Loading...
View Options

roles/salt-primary/api/files/salt_api.rc

Loading...
View Options

roles/salt-primary/api/init.sls

Loading...
View Options

roles/salt-primary/api/rest_cherrypy.sls

Loading...
View Options

roles/salt-primary/api/service.sls

Loading...
View Options

roles/salt-primary/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator