A question about venv-salt-minion and systemd
Hi A little flummoxed about this. I've switched to using venv-salt-minion on clients, and it installs okay. However, we require /tmp to have the noexec flag. Salt doesn't like this very much. Our previous workaround was to create a file in /etc/systemd/system/salt-minion.service.d containing [Service] Environment="TMPDIR=/usr/tmp" This told salt-minion to use a different tmpdir that did have the exec flag and it was happy again. However, venv-salt-minion doesn't read that file, because it's a different service. I assumed I could just create /etc/systemd/system/venv-salt-minion.service.d instead, but the process is not reading this. If I edit the system file directly and add that file it works, but I would prefer to use a drop-in file for this. I'm not overly familiar with venv programs, and less so when combined with systemd. Can anyone please point me the right way to do this? Thanks S
Hi Simon. The solution seems fine, and it should work. I've tested it few days ago. Have you reloaded systemd after adding the file with `systemctl daemon- reload`? I'm also not sure about the quotes, it could be that mail client is distorting it (quotes are not really required there), but in my case I did it this way: /etc/systemd/system/venv-salt-minion.service.d/10-TMPDIR.conf: [Service] Environment=TMPDIR=/usr/tmp systemctl daemon-reload systemctl restart venv-salt-minion.service Victor On Fri, 2022-07-22 at 13:53 +0000, Simon Avery wrote:
Hi
A little flummoxed about this.
I’ve switched to using venv-salt-minion on clients, and it installs okay. However, we require /tmp to have the noexec flag. Salt doesn’t like this very much. Our previous workaround was to create a file in /etc/systemd/system/salt-minion.service.d containing
[Service] Environment=”TMPDIR=/usr/tmp” This told salt-minion to use a different tmpdir that did have the exec flag and it was happy again. However, venv-salt-minion doesn’t read that file, because it’s a different service. I assumed I could just create /etc/systemd/system/venv-salt-minion.service.d instead, but the process is not reading this.
If I edit the system file directly and add that file it works, but I would prefer to use a drop-in file for this.
I’m not overly familiar with venv programs, and less so when combined with systemd. Can anyone please point me the right way to do this?
Thanks
S
Hi Victor, Thank you for your speedy reply. I think you hit the nail on the head there - the quotes. I've removed those, done another daemon-reload and... It's working. Strange it was okay for normal salt-minion, but it's a simple fix and a good note to end the week. Thanks! S -----Original Message----- From: Victor Zhestkov via Uyuni Users <users@lists.uyuni-project.org> Sent: 22 July 2022 15:05 To: users@lists.uyuni-project.org; uyuni-users@opensuse.org Cc: Victor Zhestkov <vzhestkov@suse.com> Subject: [EXTERNAL EMAIL] Re: A question about venv-salt-minion and systemd Hi Simon. The solution seems fine, and it should work. I've tested it few days ago. Have you reloaded systemd after adding the file with `systemctl daemon- reload`? I'm also not sure about the quotes, it could be that mail client is distorting it (quotes are not really required there), but in my case I did it this way: /etc/systemd/system/venv-salt-minion.service.d/10-TMPDIR.conf: [Service] Environment=TMPDIR=/usr/tmp systemctl daemon-reload systemctl restart venv-salt-minion.service Victor On Fri, 2022-07-22 at 13:53 +0000, Simon Avery wrote:
Hi
A little flummoxed about this.
I’ve switched to using venv-salt-minion on clients, and it installs okay. However, we require /tmp to have the noexec flag. Salt doesn’t like this very much. Our previous workaround was to create a file in /etc/systemd/system/salt-minion.service.d containing
[Service] Environment=”TMPDIR=/usr/tmp” This told salt-minion to use a different tmpdir that did have the exec flag and it was happy again. However, venv-salt-minion doesn’t read that file, because it’s a different service. I assumed I could just create /etc/systemd/system/venv-salt-minion.service.d instead, but the process is not reading this.
If I edit the system file directly and add that file it works, but I would prefer to use a drop-in file for this.
I’m not overly familiar with venv programs, and less so when combined with systemd. Can anyone please point me the right way to do this?
Thanks
S
Hi Simon. I'm glad to hear it helps. Thanks for the confirmation. Victor On Fri, 2022-07-22 at 14:41 +0000, Simon Avery wrote:
Hi Victor,
Thank you for your speedy reply.
I think you hit the nail on the head there - the quotes.
I've removed those, done another daemon-reload and... It's working.
Strange it was okay for normal salt-minion, but it's a simple fix and a good note to end the week.
Thanks!
S
-----Original Message----- From: Victor Zhestkov via Uyuni Users <users@lists.uyuni-project.org> Sent: 22 July 2022 15:05 To: users@lists.uyuni-project.org; uyuni-users@opensuse.org Cc: Victor Zhestkov <vzhestkov@suse.com> Subject: [EXTERNAL EMAIL] Re: A question about venv-salt-minion and systemd
Hi Simon.
The solution seems fine, and it should work. I've tested it few days ago.
Have you reloaded systemd after adding the file with `systemctl daemon- reload`?
I'm also not sure about the quotes, it could be that mail client is distorting it (quotes are not really required there), but in my case I did it this way:
/etc/systemd/system/venv-salt-minion.service.d/10-TMPDIR.conf: [Service] Environment=TMPDIR=/usr/tmp
systemctl daemon-reload systemctl restart venv-salt-minion.service
Victor
On Fri, 2022-07-22 at 13:53 +0000, Simon Avery wrote:
Hi
A little flummoxed about this.
I’ve switched to using venv-salt-minion on clients, and it installs okay. However, we require /tmp to have the noexec flag. Salt doesn’t like this very much. Our previous workaround was to create a file in /etc/systemd/system/salt-minion.service.d containing
[Service] Environment=”TMPDIR=/usr/tmp” This told salt-minion to use a different tmpdir that did have the exec flag and it was happy again. However, venv-salt-minion doesn’t read that file, because it’s a different service. I assumed I could just create /etc/systemd/system/venv-salt-minion.service.d instead, but the process is not reading this.
If I edit the system file directly and add that file it works, but I would prefer to use a drop-in file for this.
I’m not overly familiar with venv programs, and less so when combined with systemd. Can anyone please point me the right way to do this?
Thanks
S
participants (2)
-
Simon Avery -
Victor Zhestkov