Per previous comment, I'd advice to downgrade to 3006 LTS for paas-docker servers too.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Aug 3 2024
We're downgrading to Salt 3006 on Linux servers to still be able to distribute credentials from 3006 server.
I've also discovered we can't deploy secrets to Salt 3007+ anymore from a Salt 3006 server:
Unit wanted to overwrite Eglide-specific Vault Salt configuration, I've opened T1998 for follow-up.
$ salt-call --local state.apply roles/core/salt test=True […] ---------- ID: /etc/apt/keyrings/salt-archive-keyring-2023.gpg Function: file.managed Result: True Comment: The file /etc/apt/keyrings/salt-archive-keyring-2023.gpg is in the correct state Started: 16:25:09.653065 Duration: 7.356 ms Changes: ---------- ID: /etc/apt/sources.list.d/salt.list Function: file.managed Result: True Comment: The file /etc/apt/sources.list.d/salt.list is in the correct state Started: 16:25:09.660512 Duration: 1.221 ms Changes: […]
$ salt dwellers state.apply hotfixes/salt dwellers: ---------- ID: T1991_egrep_patch Function: file.patch Name: /opt/saltstack/salt/lib/python3.10/site-packages/salt Result: True Comment: Patch successfully applied Started: 16:15:53.189797 Duration: 45.172 ms Changes: ---------- pid: 4123780 retcode: 0 stderr: stdout: patching file modules/csf.py patching file modules/selinux.py
From router-001 network looks good:
Stopped currently not needed salt and node-exporter on router-001 to see if that helps.
Could be at hypervisor level. SSH failed until 13:22 where it worked immediately.
As of 13:18 UTC, SSH access works.
Also, at the same time, DevCentral is slow for arc diff or to publish this task. This delay behavior is similar as when DNS resolution timeouts occur.
$ salt-minion --versions Salt Version: Salt: 3007.1
We can actually provide P352 as hotfix.
Ok, with wget/wget2 transition still problematic (unrelated to patch package).
patch is available on Eglide as part of build-essential, so presumed OK for Debian
Logic looks good to me. Tested working fine on Prometheus.
Live on Hervil.
I can query from Prometheus the metrics.
$ arc patch D3388 […]
certbot against Python 3.11 should be checked on dwellers and docker-002
I've applied P352 to replace egrep by grep -E on dwellers and docker-002.
I wanted to apply P354 to fix Salt SELinux issue with patch -p1 < ~/egrep.patch on docker-002.
Jul 31 2024
uncomment all default metrics
# HELP process_start_time_seconds Timestamp of service start # TYPE process_start_time_seconds gauge process_start_time_seconds 1722447303 # HELP dovecot_build Dovecot build information # TYPE dovecot_build info dovecot_build_info{version="2.3.21",revision="47349e2482"} 1 # EOF
Already reported upstream: https://github.com/saltstack/salt/issues/65608
$ cd /opt/salt/nasqueron-operations $ salt dwellers state.apply roles/webserver-core/nginx/config […] ---------- [3/295] ID: selinux_context_nginx_logs Function: selinux.fcontext_policy_present Name: /var/log/www Result: False Comment: An exception occurred in this state: Traceback (most recent call last): File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/state.py", line 2428, in call ret = self.states[cdata["full"]]( File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 160, in __call__ ret = self.loader.run(run_func, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1269, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1284, in _run_as return _func_or_method(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1317, in wrapper return f(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/selinux.py", line 326, in fcontext_policy_present current_state = __salt__["selinux.fcontext_get_policy"]( File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 160, in __call__ ret = self.loader.run(run_func, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1269, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1284, in _run_as return _func_or_method(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/selinux.py", line 507, in fcontext_get_policy "filespec": parts.group(1).strip(), AttributeError: 'NoneType' object has no attribute 'group' Started: 16:25:51.413301 Duration: 391.186 ms Changes: ---------- ID: selinux_context_nginx_logs_applied Function: selinux.fcontext_policy_applied Name: /var/log/www Result: True Comment: SElinux policies are already applied for filespec "/var/log/www" Started: 16:25:51.804764 Duration: 6.322 ms Changes: ---------- […]
31/07/2024 at 12h the devcentral.nasqueron.org certificate expired
Issue can be repro on Dwellers:
Jul 30 2024
Author seems to report issues with the exporter and uses mtail.
update depending of the hand made changes