Page MenuHomeDevCentral
Create Task
Maniphest T2318

Restart Salt minion service after configuration change
Open, NormalPublic
Actions

Description

Vault configuration isn't accessible to the current minion process when we provision certificate information.

Salt doesn't seem to offer a way to reload configuration, but we can restart the process

roles/core/salt/init.sls
#   -------------------------------------------------------------
#   Vault
#
#   For shellserver, set in roles/shellserver/vault unit instead.
#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

{% if not salt["node.has_role"]("shellserver") %}
{{ dirs.etc }}/salt/minion.d/vault.conf:
  file.managed:
    - source: salt://roles/core/salt/files/vault.conf
    - template: jinja
    - context:
        certificate: {{ certificates.dir }}/nasqueron-vault-ca.crt
{% endif %}

Event Timeline

dereckson triaged this task as Normal priority.Wed, Apr 22, 11:14
dereckson created this task.
dereckson moved this task from Backlog to Bug and issues on the Salt board.
dereckson added a subscriber: yousra.
yousra added a comment.Wed, Apr 22, 11:19

The error occured is :

ysul:
    Data failed to compile:
----------
    Detected conflicting IDs, SLS IDs need to be globally unique.
    The conflicting ID is '/opt' and is found in SLS 'base:roles/devserver/.userland-software' and SLS 'base:roles/shellserver/userland-software/base'
----------
    Rendering SLS 'base:roles/devserver/.userland-software.notifications' failed: Problem running salt function in Jinja template: Failed to read secret! SSLError: HTTPSConnectionPool(host='172.27.27.7', port=8200): Max retries exceeded with url: /v1/ops/secrets//nasqueron/notifications/notifications-cli/ysul (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1016)'))); line 40
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator