SALT not updating everything on minons

[Grant]

i have on master and three minions. i didn't know anything was wrong with salt until i notice that only one of the three minions was getting the updated intel.dat file from the master. the other two are not getting the update?

i can do the "sudo salt '*' test.ping" and all minions respond. also when i call highstate it look fairly normal except it never sees the changes to intel.dat

on the two that are NOT getting the updated intel.dat i do see two warnings in the output if that helps although at first glance it seems unrelated.

[WARNING ] Neither 'source' nor 'contents' nor 'contents_pillar' nor 'contents_grains' was defined, yet 'replace' was set to 'True'. As there is no source to replace the file with, 'replace' has been set to 'False' to avoid reading the file unnecessarily

[Grant]

i believe it might have to do with my top.sls? i notice the last output from highstate on the ones NOT WORKING show...

ID: backendcron
Function: file.managed
Name: /etc/cron.d/salt-update
Result: True
Comment: File /etc/cron.d/salt-update is in the correct state
Started: 18:35:40.128486
Duration: 69.047 ms
Changes:

on the one that IS working it shows...

ID: cron-update-salt-checkin
Function: file.managed
Name: /etc/cron.d/salt-update
Result: True
Comment: File /etc/cron.d/salt-update is in the correct state
Started: 18:34:25.659246
Duration: 28.333 ms
Changes:

My top sls is like this. is this correct? im thinking it might be calling my sensors as backends? or i could just be completely off. the one that is working is the sensor with the lower case 'c'.

#########################
## ##
## Salt top.sls ##
## ##
#########################

base:

# This is all servers so that your user accounts and the proper sudo modifications so you don't need a password.
'*':
- users
- sudo

# This is your sensors. It is a good idea to have a standard naming convention so here are a few examples:
#
# 'sensor*':
# - sensor
#
# or you can do this:
# 'server1,server2':
# - match: list
# - sensor
#
# or this:
# 'server* or sensor*
# - match: compound
# - sensor

# My sensor class:
'A*':
- sensor

# My Onion Backend:
'C*':
- backend

'Cxxxx':
- backend

'cxxxxxx.yyyy.com':
- sensor

'Cxxxxxx.yyyy.com':
- sensor

'Cxxxxxx.yyyy.com':
- sensor

[Doug Burks]

Please try commenting out this part:

# My sensor class:
'A*':
- sensor

# My Onion Backend:
'C*':
- backend

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

[Grant]

also this might be related to some another issue i had when i first installed salt. just in case it is....

https://groups.google.com/forum/#!searchin/security-onion/salt$20grant/security-onion/yYMmlFeIsSk/KtIHr6pA3-4J

[Grant]

Ok so i commented that out of my top.sls on my master and got some curious results.

The sensor that WAS working continues to work and calls a total of 19 states (what i normaly see)

on the two that are NOT working, NOW it only runs 4 states? not all 19?

[Doug Burks]

Just to confirm, what does top.sls look like now?

After modifying it, did you then run "sudo salt-call state.highstate"
on the master server, followed by "sudo salt-call state.highstate" on
the minions?

Have you tried restarting the salt services on each box?
sudo service salt-master restart
sudo service salt-minion restart

[Grant Sims]

my top.sls looks like this...

#   'A*':

#      - sensor

# My Onion Backend:

#   'C*':

#      - backend

   'Cxxxx':

      - backend

   'cxxxx.yyyy.com':

      - sensor

   'Cxxxxx.yyyy.com':

      - sensor

   'Cxxxxx.yyyy.com':

      - sensor

----------------------------------------------------------------------------------------------------------------------------------------------

After modifying it, did you then run "sudo salt-call state.highstate"
on the master server, followed by "sudo salt-call state.highstate" on
the minions?

     - yes the master and the one minion that has been working the entire time seem to run the state.highstate just fine with a total states run: 19

     - the other two show total states run: 4 

       the states they run seem only to be about my user account. ex "user X is present and up to date", "directory /home/X.ssh is in the correct state", " file /home/X/.ssh/authorized_keys is in the correct state", "File ect/sudoers is in correct state"

Have you tried restarting the salt services on each box?
sudo service salt-master restart
sudo service salt-minion restart

   - yes i did. this did not change any behavior 

--
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/Dayqe9Cynhw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.

[Doug Burks]

I'm guessing this is due to your previous domain name issue. Please
run the following command on each sensor and ensure that the output
matches the sensor's entry in top.sls:
python -c 'import socket; print socket.getfqdn()'

[Grant Sims]

That seemed to fix it! some things to note

• out of the 1 master/server and 3 minions only one returned a FQDN, the rest returned only the hostname
  
• I reflected those changes to my top.sls on my master and once i did everything worked! (in my top sls i have my master/server and 2 other minions listed with just a hostname and the other minion with its FQDN)

what was the need for those 'A*' and 'C*' that i was seeing in my top.sls to begin with? was that supposed to be commented out to begin with? just find that strange.

[Doug Burks]

On Wed, Jul 8, 2015 at 3:48 PM, Grant Sims <sims....@gmail.com> wrote:
> what was the need for those 'A*' and 'C*' that i was seeing in my top.sls to
> begin with? was that supposed to be commented out to begin with? just find
> that strange.

Those are just examples which we should probably comment out by
default. I've created Issue 771 for this:
https://github.com/Security-Onion-Solutions/security-onion/issues/771