salt-syndic breaks salt-master in 18.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
salt (Ubuntu) |
New
|
High
|
Unassigned | ||
Bionic |
New
|
Undecided
|
Unassigned |
Bug Description
It's nice that salt-master is now (in 18.04) using a non-root account, but salt-syndic has yet to reflect this change. The salt-syndic service is currently set to run as root:root, which causes salt-syndic to make files unreadable by salt-master, which breaks many things.
Setting salt-syndic to run as salt:salt and flushing cache resolved this problem, except that it left salt-syndic unable to write to it's own log file.
Update...
After looking into this further, salt-syndic needs to access files that salt-minion owns, which is a process that much run as root. It takes a bit of screwing around with to get the permissions to work correct in this scenario.
I believe the best solution is to keep salt-master and salt-syndic running as root.
description: | updated |
Changed in salt (Ubuntu): | |
importance: | Undecided → Critical |
Changed in salt (Ubuntu): | |
importance: | Critical → High |
description: | updated |