-
Notifications
You must be signed in to change notification settings - Fork 300
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
config_ini duplicating lines due to tab instead of space (e.g. Subsystem) #162
Comments
@OrangeDog Possibly something in the latest merge: 3e01ad8#diff-9f4ce7590a183f3029c8f1febe1e4205L1? Can you confirm if you're using that or not? And the version of Salt being used. |
Sorry, I was looking at the wrong file. |
I've compared the map before and after and I don't detect anything that significant that changed there as such: "generate_ed25519_keys": false,
"generate_rsa_keys": false,
"generate_rsa_size": 4096,
+ "host_key_algos": "ecdsa,ed25519,rsa",
"known_hosts": {
"aliases": [
"cname-to-minion.example.org", That's an expected change since it was introduced recently in 4b84dea. So we're looking at something in the formula itself. CC: @alxwr. |
Not seeing any doubling up of |
I have none. sshd_config:
DenyUsers: localadmin
PermitRootLogin: 'no' It added the extra |
Historically, List of the most recent commits involving
Do you mind showing us the how the duplicate lines appear in the file? |
OS is Ubuntu 18.04.2 I'm guessing it's because the existing line uses tabs (that the gist doesn't preserve), while the formula added one with spaces. |
Sounds like you've identified the problem there. |
That file has always used tabs on that line, because that's what Ubuntu ships for the default config. |
Strange, there's no reason why 3e01ad8 should have had any effect on that. If anything, did you upgrade Salt in the meantime (to |
OK, got a moment to run some tests and there are some interesting findings. This goes further than SetupUsing the basic pillar supplied above: sshd_config:
DenyUsers: localadmin
PermitRootLogin: 'no' Running each time directly with: # salt -Cv 'minion' state.sls_id sshd_config-with-ini openssh.config_ini The Ubuntu-based minion in question started out with no existing Separate error in first runSince the file doesn't exist, ended up with an error: ID: sshd_config-with-ini
Function: ini.options_present
Name: /etc/ssh/sshd_config
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1933, in call
**cdata['kwargs'])
File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1939, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/salt/states/ini_manage.py", line 66, in options_present
cur_ini = __salt__['ini.get_ini'](name, separator)
File "/usr/lib/python2.7/dist-packages/salt/modules/ini_manage.py", line 242, in get_ini
inifile = _Ini.get_ini_file(file_name, separator=separator)
File "/usr/lib/python2.7/dist-packages/salt/modules/ini_manage.py", line 462, in get_ini_file
inifile.refresh()
File "/usr/lib/python2.7/dist-packages/salt/modules/ini_manage.py", line 425, in refresh
"Exception: {1}".format(self.name, exc)
CommandExecutionError: Unable to open file '/etc/ssh/sshd_config'. Exception: [Errno 2] No such file or directory: u'/etc/ssh/sshd_config'
Normal behaviourRunning the state populates the file as expected. Subsequent runs identify no change is required, returning with File contains: Subsystem sftp /usr/lib/openssh/sftp-server
PermitRootLogin no
DenyUsers localadmin Separating by tabs insteadSimply replaced each space with a tab and then ran the state again. File contains (before): Subsystem sftp /usr/lib/openssh/sftp-server
PermitRootLogin no
DenyUsers localadmin Based on the latest commit (3e01ad8) Changes:
----------
DenyUsers:
----------
after:
localadmin
before:
None
PermitRootLogin:
----------
after:
no
before:
None
Subsystem:
----------
after:
sftp /usr/lib/openssh/sftp-server
before:
None File contains (after): Subsystem sftp /usr/lib/openssh/sftp-server
PermitRootLogin no
DenyUsers localadmin
Subsystem sftp /usr/lib/openssh/sftp-server
PermitRootLogin no
DenyUsers localadmin
Based on the previous commit (463ad69) Changes:
----------
DenyUsers:
----------
after:
localadmin
before:
None
PermitRootLogin:
----------
after:
no
before:
None File contains (after): Subsystem sftp /usr/lib/openssh/sftp-server
PermitRootLogin no
DenyUsers localadmin
PermitRootLogin no
DenyUsers localadmin
Testing further with values from
|
As a passing note, it would be great to have tests for this in the future. |
I could change the title, but it's still the case it only just started happening to Subsystem. |
* Fix saltstack-formulas#162 * Check for any number of tabs after the keyword * If found, replace them by a single space to match the `separator` used in the `ini_options.present` state
I've tested and proposed a global fix in #163, so we don't rely on some "magical" way of getting |
Otherwise saltstack-formulas#162 can still happen
## [0.43.2](v0.43.1...v0.43.2) (2020-06-04) ### Bug Fixes * **config_ini:** ensure the tab replacement happens before the edit ([b26b99d](b26b99d)), closes [#162](#162) * **libtofs:** “files_switch” mess up the variable exported by “map.jinja” [skip ci] ([053b787](053b787)) ### Continuous Integration * **gemfile:** remove unused `rspec-retry` gem [skip ci] ([5be1c1f](5be1c1f)) * **gemfile.lock:** add to repo with updated `Gemfile` [skip ci] ([e53bcc1](e53bcc1)) * **kitchen+travis:** remove `master-py2-arch-base-latest` [skip ci] ([0977485](0977485)) * **travis:** add notifications => zulip [skip ci] ([597aeb5](597aeb5)) * **workflows/commitlint:** add to repo [skip ci] ([fa6c65b](fa6c65b))
After the latest update 3e01ad8 the config_ini state added an extra
Subsystem sftp /usr/lib/openssh/sftp-server
to all my hosts, resulting in invalid config and sshd failing to start.I had to manually remove the earlier line (that had the comment
# override default of no subsystems
) to fix it.The text was updated successfully, but these errors were encountered: