use the minion configured publish_port, not what is provided in auth …

…payload it seems the minion publish_port is not actually used anywhere, opting instead for the pubish port provided in the payload from the master. This, among other things, makes it impossible for any configuration where it _needs_ to be different. It seems this is done so that the master can rehome the publish port, without a minion reconfiguration. To keep this behavior, we only override the publish_port on the minion if it is explicitly set to something that is not the default (4506). I encountered this when doing docker based testing where a minion needs to connect over an ephemeral port, not matching what the server is running. Fixes saltstack#47857
Ch3LL · Jul 16, 2018 · a0d723f · a0d723f
1 parent 943e21f
commit a0d723f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/salt/transport/tcp.py b/salt/transport/tcp.py
@@ -509,9 +509,16 @@ def connect(self):
             if not self.auth.authenticated:
                 yield self.auth.authenticate()
             if self.auth.authenticated:
+                # if this is changed from the default, we assume it was intentional
+                if int(self.opts.get('publish_port', 4506)) != 4506:
+                    self.publish_port = self.opts.get('publish_port')
+                # else take the relayed publish_port master reports
+                else:
+                    self.publish_port = self.auth.creds['publish_port']
+
                 self.message_client = SaltMessageClientPool(
                     self.opts,
-                    args=(self.opts, self.opts['master_ip'], int(self.auth.creds['publish_port']),),
+                    args=(self.opts, self.opts['master_ip'], int(self.publish_port),),
                     kwargs={'io_loop': self.io_loop,
                             'connect_callback': self.connect_callback,
                             'disconnect_callback': self.disconnect_callback,

diff --git a/salt/transport/zeromq.py b/salt/transport/zeromq.py
@@ -433,7 +433,14 @@ def __del__(self):
     def connect(self):
         if not self.auth.authenticated:
             yield self.auth.authenticate()
-        self.publish_port = self.auth.creds['publish_port']
+
+        # if this is changed from the default, we assume it was intentional
+        if int(self.opts.get('publish_port', 4506)) != 4506:
+            self.publish_port = self.opts.get('publish_port')
+        # else take the relayed publish_port master reports
+        else:
+            self.publish_port = self.auth.creds['publish_port']
+
         log.debug('Connecting the Minion to the Master publish port, using the URI: %s', self.master_pub)
         self._socket.connect(self.master_pub)