Open Hour 2022-SEPT-1

September 1, 2022 - Alyssa Rock

Agenda

  • General updates and announcements
  • VMware Explore
  • Tiamat and OneDir switch
  • Changes to repo.saltproject.io
  • From the community forums
  • Q&A plus discussion

Open Hour YouTube playlist | Contact us! saltproject@vmware.com

General updates and announcements

  • Open Hours are usually held every 1st and 3rd Thursday from 10a.m. to 11a.m. Pacific.
  • Our next Salt Community Open Hour will be September 15.
  • Join a Salt Project working group! https://saltproject.io/home/working-groups/

Events

VMware Explore

  • VMware Explore was held this week in San Francisco.
  • Thank you for all who attended!
  • The conference included:
    • Salt breakout sessions with Wayne Werner and Dave Boucha where we introduced many new people to Salt and Idem.
    • “Getting To Know Salt” with Thomas Hatch and Wayne Werner.
    • “Solving the SRE Crisis with Idem” with Thomas Hatch and Dave Boucha.

Tiamat and OneDir switch

  • Many of you have questions about the upcoming switch from Tiamat to OneDir.
  • We will have a detailed discussion about this topic in our next Open Hour on September 15.
  • We will do our best to answer all your questions.

Changes to repo.saltproject.io

  • As part of the Salt 3005 release, we released a new Salt install guide.
  • The 3005 install directions are now exclusively on the new Salt install guide. They are NOT on repo.saltproject.io, which is where the install directions used to be.
  • Don’t worry: repo will still hose the Salt packages and that is not going to change.
  • For now, the 3003 and 3004 install directions are still on repo. (3003 will not be migrated because Phase 1 support for 3003 will end on September 30, 2022.)
  • However, soon the 3004 install directions will migrate to the new install guide. After that migration, the home page on repo.saltproject.io will change.
  • The new home page incorporated feedback from several regular Salt users and experts to ensure it meets user needs. Hopefully, the new home page will be an improvement and should help you quickly navigate to the install directions for your desired operating system. To preview the proposed changes to the home page, go to: Salt Project Repository.

From the community forums

  • Today’s issue: don’t put secrets in the state tree fileserver.
  • We had a user who was trying to figure out how to clear the fileserver cache. They were trying to keep files out of the fileserver cache because they were putting their secrets in the state file tree. That’s not a good approach. A user that is sophisticated enough to read the cache can likely query the minion to begin with, so the minion’s secrets are already exposed. Any minion can read any file in the state tree, because it means anyone can get anything from the state tree.
  • The solution is that if you need secrets, use pillar instead.
  • Also don’t use environments to try to separate secrets from your minions either. It doesn’t really work the way you might expect since they are on the same master and they can query other environments just as easily. The state file tree can’t keep other parts from querying it.
  • An additional issue: We had a user report a bug with the bootstrap script where you can’t pin a version using OneDir. We’re working on resolving that issue. For now, if you’re installing OneDir with the bootstrap script, the workaround is to just leave off 3005 from the command for now.

Q&A plus discussion

  • Q: Can I get some attention for my open pull requests? Some of them might require some discussion. Any feedback to share?
    • A: We probably would like to look at those in more depth before giving an answer one way or another, but we can promise to look at it soon.
    • There was a good discussion about possible approaches that you can watch on the Open Hour video for more information.
  • Q: Can I get some attention for my PR: 62559?
    • We’ll make sure this gets some attention.