Tested this by setting up a local Vagrant instance using the following
procedure:
1. Made a fresh minion/master install (using salt-bootstrap) of version
2014.1.10.
2. Adding a `test.ping` ACL rule for the `vagrant` user.
3. Asserting that I couldn't execute `salt '*' test.ping'` as `vagrant`
user.
4. Applying `chmod 755 /var/cache/salt /var/cache/salt/master/jobs
/var/run/salt /var/run/salt/master`.
5. Verifying that `salt '*' test.ping'` now works.
Fixes#16318.
I did not dare to shuffle things around in the huge _virtual() method.
Instead, logging gets postponed, and upon detection of 'virtual:openvzve',
failures for lspci and dmidecode get discarded
I did not dare to shuffle things around in the huge _virtual() method.
Instead, logging gets postponed, and upon detection of 'virtual:openvzve',
failures for lspci and dmidecode get discarded
based on the application kind
the raet role is the same as the minion id in salt
so minion with id 'alpha' has a raet role of 'alpha'
the minion primary estate name is produced by appending '_' and the application kind
the application kinds are ['master', 'minion', 'syndic', 'call']
If the application kind is 'minion' then
Then the primary minion estate name is 'alpha_minion'
The lanename for the manor lane is also 'alpha_minion'
On a master the estate name is master role with the application kind appended
so if the master id = 'master' = raet role and the application kind is 'minion'
then the primary estate name is
'master_master'
The lanename for the manor lane on a master is special
this is because salt cloud uses of the raet_channel do not yet have opts associated with them
so there is no way to extract the id or the application kind.
As a result the lanename for the master manor lane is always 'master'
This imposes a constraint that there only be one master on a given directory structure that
is the sock_dir must be unique per master else there will be collisions with the manor lane
of multiple master on the same host.
The estate name must be globally unique for a given raet Road
This convention allows multiple Estares to share the same role as long as they are
of unique application kinds.
The primary use case is to support salt_caller as an independent estate and not use the
minion primary estate to communicate with the master
