salt: [BUG] [DOCS] repo.saltstack.com incorrect links since SEP22 and needs more review of possible other dead/incorrect links

Description repo.saltstack misses multiple older releases, for example http://repo.saltstack.com/apt/debian/9/amd64/archive/ This causes bootstrap issues, etc (master running on 2019.2.0, for ex) This also originally appears as incorrect GPG keys and confuses troubleshooting

Setup Bootstrap CentOS7 or Debian9 (other repos might be also affected) with salt-bootstrap script, with for example these settings: -F -P -I stable 2019.2.0

Steps to Reproduce the behavior Results CentOS

error: /tmp/salt-gpg-nMpYnO0T.pub: key 1 not an armored public key.
--
* ERROR: Failed to run install_centos_stable_deps()!!!
Process Process-5:
Traceback (most recent call last):
File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python2.7/site-packages/salt/cloud/__init__.py", line 1288, in create
output = self.clouds[func](vm_)
File "/usr/lib/python2.7/site-packages/salt/cloud/clouds/opennebula.py", line 1155, in create
ret = __utils__['cloud.bootstrap'](vm_, __opts__)
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 644, in bootstrap
deployed = deploy_script(**deploy_kwargs)
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 1762, in deploy_script
if root_cmd(deploy_command, tty, sudo, **ssh_kwargs) != 0:
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 2372, in root_cmd
retcode = _exec_ssh_cmd(cmd, allow_failure=allow_failure, **kwargs)
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 2047, in _exec_ssh_cmd
cmd, proc.exitstatus

Debian

Warning: apt-key output should not be parsed (stdout is not a terminal)
--
gpg: no valid OpenPGP data found.
* ERROR: Failed to run install_debian_deps()!!!
Process Process-5:
Traceback (most recent call last):
File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python2.7/site-packages/salt/cloud/__init__.py", line 1288, in create
output = self.clouds[func](vm_)
File "/usr/lib/python2.7/site-packages/salt/cloud/clouds/opennebula.py", line 1155, in create
ret = __utils__['cloud.bootstrap'](vm_, __opts__)
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 644, in bootstrap
deployed = deploy_script(**deploy_kwargs)
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 1762, in deploy_script
if root_cmd(deploy_command, tty, sudo, **ssh_kwargs) != 0:
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 2372, in root_cmd
retcode = _exec_ssh_cmd(cmd, allow_failure=allow_failure, **kwargs)
File "/usr/lib/python2.7/site-packages/salt/utils/cloud.py", line 2047, in _exec_ssh_cmd
cmd, proc.exitstatus

Expected behavior Archived versions either available or point to latest.

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Salt Version:
           Salt: 2019.2.0
 
Dependency Versions:
           cffi: 1.13.2
       cherrypy: Not Installed
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: 0.6.4
      gitpython: 1.0.1
          ioflo: 1.3.8
         Jinja2: 2.7.2
        libgit2: 0.26.3
        libnacl: 1.6.1
       M2Crypto: 0.31.0
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: 2.19
       pycrypto: 2.6.1
   pycryptodome: 3.7.3
         pygit2: 0.26.4
         Python: 2.7.5 (default, Apr  9 2019, 14:30:50)
   python-gnupg: 0.4.3
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: 0.9.0
        timelib: 0.2.4
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: centos 7.6.1810 Core
         locale: UTF-8
        machine: x86_64
        release: 4.4.164-1.el7.elrepo.x86_64
         system: Linux
        version: CentOS Linux 7.6.1810 Core

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18 (13 by maintainers)

Most upvoted comments

OK, then fix the docs, please: At least on the Windows download page, it points to https://repo.saltstack.com/windows/archive/, which is empty.

And NO, there’s nothing we MUST do. However, I understand it’s recommended to patch 😉

+2
dhs-rec on Jun 19, 2020

Thank you, @sagetherage. While you’re at it, there’s another one which requires a documentation update: #56199.

+1
dhs-rec on Jun 23, 2020

Yes I know, I’ve had all of the same problems. I’ve repeatedly asked to have a single repo with all the currently-supported versions in it, but saltstack apparently don’t want to.

All that has happened is unsupported releases have been moved. They have not been removed. There was a proposal announced, the community approved it, it was announced again, and there is a highlighted warning banner on the download site.

For anyone who didn’t patch the CVE: it is almost certain you have already been compromised if you had a publicly-accessible salt master. If you didn’t the risk is lower, but any unprivileged user in your network could take control of the entire system.

+1
OrangeDog on Jun 19, 2020

@RedXIV2 STOP USING 2019.2.3 It has a critical vulnerability with multiple active attacks.

+1
OrangeDog on Jun 18, 2020
Read more comments on GitHub
← salt: [BUG] Big payload cuts master from minion
salt: [BUG] Empty formula makes `salt-call` to hang forever. →