Open Hour 2022-AUG-4

August 4, 2022 - Alyssa Rock

Agenda

General updates and announcements
VMware Explore
From the community forums
Tiamat changes
Q&A plus discussion

Open Hour YouTube playlist | Contact us! saltproject@vmware.com

General updates and announcements

Open Hours are usually held every 1st and 3rd Thursday from 10a.m. to 11a.m. Pacific.
Our next Salt Community Open Hour will be August 18.
Join a Salt Project working group! https://saltproject.io/home/working-groups/

Events

VMware Explore

VMware Explore will be held August 29th – September 1st in San Francisco, CA.
Go to VMware.com/vmwareexpolore to register.
The conference will feature:
- An open source track.
- Breakout sessions for Salt & Idem.
- “Getting To Know Salt” with Thomas Hatch and Wayne Werner.
- “Solving the SRE Crisis with Idem” with Thomas Hatch and Dave Boucha.

From the community forums

Today’s issue: how the scheduler adds items to the schedule and why it might fail. One of the user issues we sometimes see is a situation where the scheduler doesn’t add jobs to a minion. Usually, this scenario is caused when the minion is offline and/or the minion was never started. The minion has to be started to receive jobs. The event bus adds them to the minion’s queue by firing an event, so if the minion is not up, it will not be able to access the event bus and add jobs.
However, be aware that beginning in 3005, all the schedule functions will now have an offline mode. This mode doesn’t use the event bus and opens the file directly. You do have to use salt-call --local to use offline mode.
Two caveats to be aware of: The minion won’t run the event until it comes online. Also, if the minion is running, it’s best to use the event bus instead of using offline mode.

Tiamat changes

We made a few announcements over the last couple of weeks:
- We changed the name of the Tiamat packages to onedir.
- The 3005 release is the last release where we will provide both onedir packages and non-onedir (or “classic”) packages using the old packaging system.
What is onedir? Onedir stands for “one directory,” a self-contained directory that includes a version of Python that is tested and compatible with Salt, instead of system provided Python, and all the dependencies core Salt needs to run.
The name change to onedir doesn’t mean we aren’t using Tiamat. 3005 is still using Tiamat. We made that change to make it more clear and accurate. Onedir better explains the concept of what the packages are delivering as opposed to the tool delivering it.
The reason why we’re moving to onedir is because most of the issues experienced by our community seem to arise from people using their system version of Python, which often conflicts with Salt. With onedir, we can provide the version of Python and this is the version we know will work. The same is true for dependencies.
Some people might ask what happens if there is a security release for Python or for the dependencies? In the event that one of the Salt dependencies has a security release, we will provide new versions and provide new updated versions of the onedir, depending on the nature and severity of the CVE.
Re: no longer providing classic packages for 3006. All packages will be onedir packages starting in 3006. The framework we use to build the classic packages is very manual. Onedir is all automated, so we can release much faster. In the event that there are CVEs, the speed at which we’ll be able to provide new packages should hopefully be much quicker.

Q&A plus discussion

Q: Can you use the scheduler in a masterless system (salt-ssh)?
- A: Currently, no. Later versions of Heist will allow you to use the scheduler like a regular minion.
Q: In general, are people using scheduler or using states to add jobs to cron? Maybe elaborate on advantages and disadvantages?
- A: People do both. Cron isn’t on every system and Windows uses something completely different from cron. The scheduler gives you a way to normalize it across systems. The scheduler also makes it possible to do things like run once. The scheduler can also take cron inputs and ss inputs, so it allows more flexibility. You also get access to all the usual Salt functionality when using the scheduler, such as the returners.
Q: Using salt extensions won’t require you to install your own Tiamat/onedir packages, correct?
- A: In order to install software like Python libraries, you need to use the command salt-pip to install the extension and it will be available.
Q: What is the difference between /opt/saltstack/pypath and /opt/saltstack/salt/pypath?
- A: We’ll need more information about where those two different paths are coming from and where they are seeing them. We’ll follow up with Pedro to see if he knows more, then get back to the community.
Q: Can the scheduler handle UTC times? I’ve got minions around the globe and I need to schedule a coordinated event, so I’m trying to avoid needing to do the calculations.
- The ideal solution there is to have your servers always use UTC and then your problem goes away, but that’s not always possible. Could you possibly open an issue in with some more detail about what you’re trying to do?
Q: What are good ways to add Python libraries to onedir packages in a controlled way? Like “this specific version, with this checksum, and only that version”? Like you would with poetry/pipenv, or from an RPM/deb package? Also, what happens to things installed with salt-pip when packages get updated? For example, if I add the Slack library to onedir salt, what happens to it when onedir package gets updated?
- A: Use the pip.installed state and specify the version. If you want to install into the system Python, you’re actually going to have to change things. If it’s the system Python, the packages will still be there. For the ones where we install the package, we’ll make sure that upgrades are automated when you upgrade Salt.
- As long as the version of Python is the same between versions, the Slack library should still be in the onedir environment and still available. We’ll investigate automating a reinstallation when there is a new onedir upgrade and get back to the community.