Using onedir as remote Python env for salt-ssh

150 views
Skip to first unread message

Emond Papegaaij

unread,
Sep 7, 2022, 3:21:38 AM9/7/22
to Salt-users
Hi all,

TLDR; Is there any way to use a salt onedir as python enviroment on the target node of salt-ssh rather than a system wide python install?

We are working on the migration to the 3005 onedir packaging for our appliance. This setup is a big win for us, as it removes the need for a python environment on the OS. We are running on AlmaLinux 8, which always has a platform-python installed, which is a stripped down version of python 3.6. Prior to onedir, we had to manage an additional full blown python 3.6 with several python modules next to this platform-python. With onedir, we can drop this python install and use salt-pip to install the modules we need directly into the salt onedir.

However, we also need to be able to make occasional salt-ssh calls between two or more installs of our appliance. These installs are identical, thus also have a salt onedir with the required python modules. It would be great if we could use this python environment on the target node to run the salt-ssh code. At the moment, the only way I could get salt-ssh working, is by installing an additional full blown python 3.9 with all the required modules on the target node. This seems rather superfluous, as all this is already installed in the salt onedir.

Best regards,
Emond Papegaaij

jeremy....@gmail.com

unread,
Sep 9, 2022, 10:38:38 AM9/9/22
to Salt-users
Do a build from source for best results, and use the python you like.

Emond Papegaaij

unread,
Sep 9, 2022, 11:19:07 AM9/9/22
to Salt-users
Hi Jeremy,

I don't think you understood my question correctly. salt-ssh automatically detects the python binary to use on the target node from one of these: PYTHON_CMDS="python3 python27 python2.7 python26 python2.6 python2 python". Onedir includes its own python as part of /opt/saltstack/salt/run/run. However, this binary is not a true python. I've tried writing a simple wrapper script to loop the python3 command to this binary, but that doesn't work. salt-ssh calls python with -c to pass the script inline and the run-binary does not support this. I'm looking for a way to use this run-binary as the python environment on the target node to prevent having to install a full python 3.9 on the target node.

Best regards,
Emond

Phipps, Thomas

unread,
Sep 9, 2022, 11:51:04 AM9/9/22
to salt-...@googlegroups.com
there is no way for salt-ssh to use onedir yet. however you might want to look at heist.

heist will create an ssh tunnel to the target. setup a onedir or singlebin minion. connect that minion into the master so it will operate like a normal minion. then when you kill the heist process the cleanup will remove the temporary minion from the target. since it works much more like standard minions it will be a lot cleaner than salt-ssh currently is.

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/34f21e08-24b5-499a-aec5-a4a1eecceccdn%40googlegroups.com.

Emond Papegaaij

unread,
Sep 9, 2022, 12:04:51 PM9/9/22
to Salt-users
On Friday, 9 September 2022 at 17:51:04 UTC+2 whyt...@phipps.ninja wrote:
there is no way for salt-ssh to use onedir yet. however you might want to look at heist.

That's unfortunate. Is this on the roadmap?

heist will create an ssh tunnel to the target. setup a onedir or singlebin minion. connect that minion into the master so it will operate like a normal minion. then when you kill the heist process the cleanup will remove the temporary minion from the target. since it works much more like standard minions it will be a lot cleaner than salt-ssh currently is.

Thanks for the tip. However, at this moment I'm a bit reluctant to change how we interact with remote hosts. salt-ssh works for us, and we can use it via the salt-api. We use salt to manage the configuration of our appliance, from the host itself. When running in a cluster, every appliance has a full salt install, with master, minion and api running. The salt-ssh calls are made to synchronize the configuration. Maybe in the future, we will switch to a 'normal' salt setup with a single master and zmq to communicate with the minions. However, this does require us to deal with things like choosing which appliance runs the master (and switching this) and changing network configuration of the machines without losing connection.

Best regards,
Emond

Jeremy McMillan

unread,
Sep 12, 2022, 12:18:10 AM9/12/22
to salt-...@googlegroups.com
You're correct, and I misunderstood what you were trying to do.

This will likely require fixing salt-ssh to make it -onedir aware somehow. This is a solution design discussion kind of question.

--
You received this message because you are subscribed to a topic in the Google Groups "Salt-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/salt-users/rrnMxCPDkYM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to salt-users+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages