1
0

minion.rst 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. ===============================
  2. Troubleshooting the Salt Minion
  3. ===============================
  4. Running in the Foreground
  5. =========================
  6. A great deal of information is available via the debug logging system, if you
  7. are having issues with minions connecting or not starting run the minion in
  8. the foreground:
  9. .. code-block:: bash
  10. # salt-minion -l debug
  11. Anyone wanting to run Salt daemons via a process supervisor such as `monit`_,
  12. `runit`_, or `supervisord`_, should omit the ``-d`` argument to the daemons and
  13. run them in the foreground.
  14. .. _`monit`: https://mmonit.com/monit/
  15. .. _`runit`: http://smarden.org/runit/
  16. .. _`supervisord`: http://supervisord.org/
  17. What Ports does the Minion Need Open?
  18. =====================================
  19. No ports need to be opened on the minion, as it makes outbound connections to
  20. the master. If you've put both your Salt master and minion in debug mode and
  21. don't see an acknowledgment that your minion has connected, it could very well
  22. be a firewall interfering with the connection. See our :ref:`firewall
  23. configuration <firewall>` page for help opening the firewall
  24. on various platforms.
  25. If you have netcat installed, you can check port connectivity from the minion
  26. with the ``nc`` command:
  27. .. code-block:: bash
  28. $ nc -v -z salt.master.ip.addr 4505
  29. Connection to salt.master.ip.addr 4505 port [tcp/unknown] succeeded!
  30. $ nc -v -z salt.master.ip.addr 4506
  31. Connection to salt.master.ip.addr 4506 port [tcp/unknown] succeeded!
  32. The `Nmap`_ utility can also be used to check if these ports are open:
  33. .. code-block:: bash
  34. # nmap -sS -q -p 4505-4506 salt.master.ip.addr
  35. Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-29 19:44 CST
  36. Nmap scan report for salt.master.ip.addr (10.0.0.10)
  37. Host is up (0.0026s latency).
  38. PORT STATE SERVICE
  39. 4505/tcp open unknown
  40. 4506/tcp open unknown
  41. MAC Address: 00:11:22:AA:BB:CC (Intel)
  42. Nmap done: 1 IP address (1 host up) scanned in 1.64 seconds
  43. If you've opened the correct TCP ports and still aren't seeing connections,
  44. check that no additional access control system such as `SELinux`_ or
  45. `AppArmor`_ is blocking Salt. Tools like `tcptraceroute`_ can also be used
  46. to determine if an intermediate device or firewall is blocking the needed
  47. TCP ports.
  48. .. _`Nmap`: https://nmap.org/
  49. .. _`SELinux`: https://en.wikipedia.org/wiki/Security-Enhanced_Linux
  50. .. _`AppArmor`: https://gitlab.com/apparmor/apparmor/-/wikis/home
  51. .. _`tcptraceroute`: https://linux.die.net/man/1/tcptraceroute
  52. .. _troubleshooting-minion-salt-call:
  53. Using salt-call
  54. ===============
  55. The ``salt-call`` command was originally developed for aiding in the
  56. development of new Salt modules. Since then, many applications have been
  57. developed for running any Salt module locally on a minion. These range from the
  58. original intent of salt-call (development assistance), to gathering more
  59. verbose output from calls like :mod:`state.apply <salt.modules.state.apply_>`.
  60. When initially creating your state tree, it is generally recommended to invoke
  61. highstates by running :mod:`state.apply <salt.modules.state.apply_>` directly
  62. from the minion with ``salt-call``, rather than remotely from the master. This
  63. displays far more information about the execution than calling it remotely. For
  64. even more verbosity, increase the loglevel using the ``-l`` argument:
  65. .. code-block:: bash
  66. # salt-call -l debug state.apply
  67. The main difference between using ``salt`` and using ``salt-call`` is that
  68. ``salt-call`` is run from the minion, and it only runs the selected function on
  69. that minion. By contrast, ``salt`` is run from the master, and requires you to
  70. specify the minions on which to run the command using salt's :ref:`targeting
  71. system <targeting>`.
  72. Live Python Debug Output
  73. ========================
  74. If the minion seems to be unresponsive, a SIGUSR1 can be passed to the process
  75. to display what piece of code is executing. This debug information can be
  76. invaluable in tracking down bugs.
  77. To pass a SIGUSR1 to the minion, first make sure the minion is running in the
  78. foreground. Stop the service if it is running as a daemon, and start it in the
  79. foreground like so:
  80. .. code-block:: bash
  81. # salt-minion -l debug
  82. Then pass the signal to the minion when it seems to be unresponsive:
  83. .. code-block:: bash
  84. # killall -SIGUSR1 salt-minion
  85. When filing an issue or sending questions to the mailing list for a problem
  86. with an unresponsive daemon, be sure to include this information if possible.
  87. Multiprocessing in Execution Modules
  88. ====================================
  89. As is outlined in github issue #6300, Salt cannot use python's multiprocessing
  90. pipes and queues from execution modules. Multiprocessing from the execution
  91. modules is perfectly viable, it is just necessary to use Salt's event system
  92. to communicate back with the process.
  93. The reason for this difficulty is that python attempts to pickle all objects in
  94. memory when communicating, and it cannot pickle function objects. Since the
  95. Salt loader system creates and manages function objects this causes the pickle
  96. operation to fail.
  97. Salt Minion Doesn't Return Anything While Running Jobs Locally
  98. ==============================================================
  99. When a command being run via Salt takes a very long time to return
  100. (package installations, certain scripts, etc.) the minion may drop you back
  101. to the shell. In most situations the job is still running but Salt has
  102. exceeded the set timeout before returning. Querying the job queue will
  103. provide the data of the job but is inconvenient. This can be resolved by
  104. either manually using the ``-t`` option to set a longer timeout when running
  105. commands (by default it is 5 seconds) or by modifying the minion
  106. configuration file: ``/etc/salt/minion`` and setting the ``timeout`` value to
  107. change the default timeout for all commands, and then restarting the
  108. salt-minion service.
  109. .. note::
  110. Modifying the minion timeout value is not required when running commands
  111. from a Salt Master. It is only required when running commands locally on
  112. the minion.
  113. If a ``state.apply`` run takes too long, you can find a bottleneck by adding the
  114. :py:mod:`--out=profile <salt.output.profile>` option.