sudo_user

[Josh]

Hi

I enabled the option "sudo_user: root" in the /etc/salt/minion.

I found some exceptions after calling cmd.run(see below)

The exceptions were not shown before "sudo_user: root" set.

Is there any suggestion?

Thanks

[root@tool publish]# salt 1.23  cmd.run '/test/start.sh'

[DEBUG   ] Configuration file path: /etc/salt/master

[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.

[DEBUG   ] Reading configuration from /etc/salt/master

[DEBUG   ] Missing configuration file: /root/.saltrc

[DEBUG   ] MasterEvent PUB socket URI: /var/run/salt/master/master_event_pub.ipc

[DEBUG   ] MasterEvent PULL socket URI: /var/run/salt/master/master_event_pull.ipc

[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/master', 'tool_master', 'tcp://127.0.0.1:4506', 'clear')

[DEBUG   ] Initializing new IPCClient for path: /var/run/salt/master/master_event_pub.ipc

[DEBUG   ] LazyLoaded local_cache.get_load

[DEBUG   ] Reading minion list from /var/cache/salt/master/jobs/f9/6aff584724cbdf91ae8bf9af8f46a8/.minions.p

[DEBUG   ] get_iter_returns for jid 20160824150705773451 sent to set(['1.23']) will timeout at 15:08:05.787917

[DEBUG   ] jid 20160824150705773451 return from 1.23

[DEBUG   ] LazyLoaded nested.output

1.23:

    The minion function caused an exception: Traceback (most recent call last):

      File "/usr/lib/python2.7/site-packages/salt/minion.py", line 1037, in _thread_return

        **kwargs)

      File "/usr/lib/python2.7/site-packages/salt/modules/sudo.py", line 91, in salt_call

        cmd_meta = json.loads(cmd_ret['stdout'])['local']

      File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads

        return _default_decoder.decode(s)

      File "/usr/lib64/python2.7/json/decoder.py", line 365, in decode

        obj, end = self.raw_decode(s, idx=_w(s, 0).end())

      File "/usr/lib64/python2.7/json/decoder.py", line 383, in raw_decode

        raise ValueError("No JSON object could be decoded")

    ValueError: No JSON object could be decoded

[DEBUG   ] jid 20160824150705773451 found all minions set(['1.23'])

[James Young]

Hey Josh,

Do you also have 'user' set? If so, what are the permissions for that user in sudoers? 

Also, you must chown the salt directories if you run as another user: chown -R <your user here> /etc/salt /var/cache/salt /var/log/salt /var/run/salt

[Josh]

Hi James

I did not have 'user' set.

Only "sudo_user: root" been set and exception shown.

Do you have step by step examples about sudo?

Thanks for your reply

ps

I also tried to do what you said.

Set options on target server and trigger cmd.run on salt master

Then an error shown

-----change options-----

1.useradd saltuser

2.chown -R saltuser:saltuser /etc/salt /var/cache/salt /var/log/salt /var/run/salt

3./etc/sudoers

  saltuser  ALL=(ALL)       ALL

4./etc/salt/minion

  user: saltuser

  sudo_user: root

-----error-----

1.23:

    Minion did not return. [No response]

-----

James Young於 2016年8月24日星期三 UTC+8下午9時16分31秒寫道：

[James Young]

Hi, 

You're pretty close with your setup I think, try to change your sudoers value to the following: 

saltuser ALL = (ALL)     NOPASSWD:ALL

I believe the error you getting is due to the fact that your saltuser requires a password to su to root. Try this then run your minion in debug mode by doing 

salt-minion -l debug

If you get errors, paste them bck here. 

Regards,

James

Also

On Wednesday, August 24, 2016 at 2:18:10 AM UTC-5, Josh wrote:

[Josh]

Hi James

Sorry for late response.

It's worked

Thanks

James Young於 2016年8月25日星期四 UTC+8下午9時22分00秒寫道：