Page MenuHomePhabricator
Create Task
Maniphest T124646

Salt minions randomly crashing when the deployment server grain gets changed
Closed, DeclinedPublic
Actions

Description

When I switched over the deployment server, puppet ran

grain-ensure set trebuchet_master mira.codfw.wmnet

this worked fine on ~ 60% of the hosts, while on the others (independently of the OS version) this crashed the salt-minion.

This seems to be caused by some race condition; in the minion logs I find:

2016-01-25 10:10:58,656 [salt.log.setup   ][ERROR   ] An un-handled exception was caught by salt's global exception handler:
TypeError: string indices must be integers, not str
Traceback (most recent call last):
  File "/usr/bin/salt-minion", line 14, in <module>
    salt_minion()
  File "/usr/lib/python2.7/dist-packages/salt/scripts.py", line 57, in salt_minion
    minion.start()
  File "/usr/lib/python2.7/dist-packages/salt/__init__.py", line 264, in start
    self.minion.tune_in()
  File "/usr/lib/python2.7/dist-packages/salt/minion.py", line 558, in tune_in
    minion['minion'].pillar_refresh()
  File "/usr/lib/python2.7/dist-packages/salt/minion.py", line 1407, in pillar_refresh
    self.opts['environment'],
  File "/usr/lib/python2.7/dist-packages/salt/pillar/__init__.py", line 91, in compile_pillar
    ret_pillar = self.sreq.crypted_transfer_decode_dictentry(load, dictkey='pillar', tries=3, timeout=7200)
  File "/usr/lib/python2.7/dist-packages/salt/transport/__init__.py", line 243, in crypted_transfer_decode_dictentry
    aes = key.private_decrypt(ret['key'], 4)
TypeError: string indices must be integers, not str

which honestly doesn't leave me any clue.

This seems serious enough to be investigated further though.

Related Objects
Search...

Event Timeline

Joe created this task.Jan 25 2016, 11:15 AM
Joe raised the priority of this task from to High.
Joe updated the task description. (Show Details)
Joe added projects: SRE, Salt.
Joe subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 25 2016, 11:15 AM
ArielGlenn claimed this task.Jan 25 2016, 11:17 AM
ArielGlenn set Security to None.
ArielGlenn added a comment.Jan 25 2016, 2:06 PM

Tenatively this looks like an issue with the singleton cache of master aes keys at the minion end, a part of the code in transport that needs to be updated. Still investigating.

ArielGlenn added a comment.Jan 25 2016, 2:43 PM

To keep minions from dying we should do this:

in transport/__init__.py, in crypted_transfer_decode_dictentry()

instead of

aes = key.private_decrypt(ret['key'], 4)
pcrypt = salt.crypt.Crypticle(self.opts, aes)
return pcrypt.loads(ret[dictkey])

we should have

try:
    aes = key.private_decrypt(ret['key'], 4)
except (TypeError, KeyError):
    return None
else:
    pcrypt = salt.crypt.Crypticle(self.opts, aes)
    return pcrypt.loads(ret[dictkey])
ArielGlenn added a comment.Jan 26 2016, 10:06 AM

Forgot to mention, this is actually an issue with the pillar refresh after the grain is set.

ArielGlenn moved this task from Backlog to active on the Salt board.Jan 26 2016, 10:17 AM
ArielGlenn added a comment.Feb 1 2016, 11:53 AM

I've updated my docker salt testbed to work with latest docker api and latest wmf packages: https://github.com/apergos/docker-saltcluster

I'll be doing small scale testing to see if I can replicate this problem there; if not, I'll roll out the above change and log errors in hopes of catching the cause. The fix above will at least keep the minions from dying.

ArielGlenn added a comment.Feb 28 2016, 9:55 PM

No joy so I'll add the above change to our salt packages with logging and update them all.

ArielGlenn moved this task from active to Blocked/Stalled on the Salt board.Feb 29 2016, 12:16 PM
ArielGlenn added a subtask: T128366: build and deploy salt packages with mininon crash fix and runner publish timeout fix.
ArielGlenn mentioned this in T122544: salt-minion processes terminate on deployment sync.Feb 29 2016, 12:18 PM
ArielGlenn merged a task: T122544: salt-minion processes terminate on deployment sync.
ArielGlenn added subscribers: ArielGlenn, Dzahn, StudiesWorld.
ArielGlenn moved this task from Blocked/Stalled to active on the Salt board.Mar 9 2016, 11:18 PM
ArielGlenn moved this task from active to testing needed on the Salt board.
MoritzMuehlenhoff closed subtask T128366: build and deploy salt packages with mininon crash fix and runner publish timeout fix as Declined.Sep 15 2017, 11:03 AM
MoritzMuehlenhoff closed this task as Declined.Sep 15 2017, 11:07 AM
MoritzMuehlenhoff subscribed.

Salt is being removed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL