Our custom utility /usr/local/sbin/grain-ensure fails to recognize boolean values properly. An example chain is:
salt::grain { 'deployment_server': grain => 'deployment_server', value => true, replace => true, }
Which makes puppet to forge an unless condition with:
/usr/local/sbin/grain-ensure contains deloyment_server true
true here is considered as being of type str. When grain-ensure look up the grain value via the salt python module, it is given a boolean true, that mismatch and thus the gran is always refreshed.
We need our script ./modules/salt/files/grain-ensure.py to normalize the values?
Example puppet run on deployment-tin.deployment-prep.eqiad.wmflabs show that all grains having a boolean values are constantly refreshed:
Debug: Exec[ensure_deployment_repo_group_wikidev](provider=posix): Executing check '/usr/local/sbin/grain-ensure contains deployment_repo_group wikidev' Debug: Executing '/usr/local/sbin/grain-ensure contains deployment_repo_group wikidev' Debug: Exec[ensure_php_hhvm](provider=posix): Executing check '/usr/local/sbin/grain-ensure contains php hhvm' Debug: Executing '/usr/local/sbin/grain-ensure contains php hhvm' Debug: Exec[ensure_labsproject_deployment-prep](provider=posix): Executing check '/usr/local/sbin/grain-ensure contains labsproject deployment-prep' Debug: Executing '/usr/local/sbin/grain-ensure contains labsproject deployment-prep' Debug: Exec[ensure_deployment_repo_user_trebuchet](provider=posix): Executing check '/usr/local/sbin/grain-ensure contains deployment_repo_user trebuchet' Debug: Executing '/usr/local/sbin/grain-ensure contains deployment_repo_user trebuchet' Debug: Executing '/bin/systemctl is-active salt-minion' Debug: Exec[ensure_trebuchet_master_deployment-mira.deployment-prep.eqiad.wmflabs](provider=posix): Executing check '/usr/local/sbin/grain-ensure contains trebuchet_master deployment-mira.deployment-prep.eqiad.wmflabs' Debug: Executing '/usr/local/sbin/grain-ensure contains trebuchet_master deployment-mira.deployment-prep.eqiad.wmflabs' Debug: Exec[ensure_deployment_server_true](provider=posix): Executing check '/usr/local/sbin/grain-ensure contains deployment_server true' Debug: Executing '/usr/local/sbin/grain-ensure contains deployment_server true' Debug: Exec[ensure_deployment_server_true](provider=posix): Executing '/usr/local/sbin/grain-ensure set deployment_server true' Debug: Executing '/usr/local/sbin/grain-ensure set deployment_server true'