[BUG] pkg.group_installed erroneously fails #68210
Description
Description
There is a deviation in what Salt considers a failure versus what DNF considers a failure in pkg.group_installed.
Interestingly, this does not happen in the pkg.group_install EXECUTION module, only in the pkg.group_installed STATE module.
When invoking on the CLI, it's fine if a package is specified in a package group but does not exist:
# dnf -y group install 'Performance Tools'
Last metadata expiration check: 1:10:36 ago on Wed 23 Jul 2025 05:42:24 PM UTC.
No match for group package "pcp-pmda-kvm"
Dependencies resolved.
===============================================================================================
Package Architecture Version Repository Size
===============================================================================================
Installing Groups:
Performance Tools
Transaction Summary
===============================================================================================
Complete!
# echo $?
0
As shown on line 2 (0-indexed), No match for group package "pcp-pmda-kvm".
Yet per line 15, the command still completes successfully.
Let's try it in Salt!
# salt 'testminion' pkg.groupinstall 'Performance Tools'
jid: 20250723191825420683
testminion:
----------
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 0
-------------------------------------------
# salt 'testminion' slsutil.renderer salt://groupinstall_test.sls
jid: 20250723203055818108
testminion:
----------
Test Groupinstall 1:
----------
pkg.group_installed:
|_
----------
name:
Performance Tools
|_
----------
failhard:
False
Test Groupinstall 2:
----------
pkg.group_installed:
|_
----------
name:
Performance Tools
|_
----------
skip:
- pcp-pmda-kvm
|_
----------
failhard:
False
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 0
-------------------------------------------
# salt 'testminion' state.apply groupinstall_test
jid: 20250723203115382854
testminion:
----------
ID: Test Groupinstall 1
Function: pkg.group_installed
Name: Performance Tools
Result: False
Comment: Failed to install the following packages: pcp-pmda-kvm
Started: 20:31:25.927416
Duration: 13543.013 ms
Changes:
----------
ID: Test Groupinstall 2
Function: pkg.group_installed
Name: Performance Tools
Result: True
Comment: Group 'Performance Tools' is already installed
Started: 20:31:39.511947
Duration: 3527.723 ms
Changes:
Summary for testminion
------------
Succeeded: 1
Failed: 1
------------
Total states run: 2
Total run time: 17.071 s
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 1
-------------------------------------------
ERROR: Minions returned with non-zero exit code
Erroneously reported as failure.
Further, note the behavior if package(s) are installed by the operation:
CLI
# dnf -y group install 'Performance Tools'
Last metadata expiration check: 2:33:09 ago on Wed Jul 23 18:10:13 2025.
No match for group package "pcp-pmda-kvm"
Dependencies resolved.
===============================================================================================
Package Architecture Version Repository Size
===============================================================================================
Installing group/module packages:
perf aarch64 6.12.0-55.20.1.el10_0 appstream 2.2 M
Installing dependencies:
bzip2 aarch64 1.0.8-25.el10 baseos 52 k
opencsd aarch64 1.4.1-4.el10 appstream 262 k
Installing Groups:
Performance Tools
Transaction Summary
===============================================================================================
Install 3 Packages
Total download size: 2.5 M
Installed size: 6.8 M
Downloading Packages:
(1/3): bzip2-1.0.8-25.el10.aarch64.rpm 303 kB/s | 52 kB 00:00
(2/3): opencsd-1.4.1-4.el10.aarch64.rpm 915 kB/s | 262 kB 00:00
(3/3): perf-6.12.0-55.20.1.el10_0.aarch64.rpm 2.7 MB/s | 2.2 MB 00:00
-----------------------------------------------------------------------------------------------
Total 2.1 MB/s | 2.5 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : bzip2-1.0.8-25.el10.aarch64 1/3
Installing : opencsd-1.4.1-4.el10.aarch64 2/3
Installing : perf-6.12.0-55.20.1.el10_0.aarch64 3/3
Running scriptlet: perf-6.12.0-55.20.1.el10_0.aarch64 3/3
Installed:
bzip2-1.0.8-25.el10.aarch64 opencsd-1.4.1-4.el10.aarch64 perf-6.12.0-55.20.1.el10_0.aarch64
Complete!
[20:43:32] root@ovpn1-nj1-a.lab.netfire.net:~ # echo $?
0
And note that these packages still get installed, yet the state returns as failed:
Salt
# salt 'testminion' pkg.groupinstall 'Performance Tools'
jid: 20250723204633804647
testminion:
----------
bzip2:
----------
new:
1.0.8-25.el10
old:
opencsd:
----------
new:
1.4.1-4.el10
old:
perf:
----------
new:
6.12.0-55.20.1.el10_0
old:
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 0
-------------------------------------------
# salt 'testminion' state.apply groupinstall_test
jid: 20250723204830821730
testminion:
----------
ID: Test Groupinstall 1
Function: pkg.group_installed
Name: Performance Tools
Result: False
Comment: Failed to install the following packages: pcp-pmda-kvm
Started: 20:48:39.377245
Duration: 22614.707 ms
Changes:
----------
bzip2:
----------
new:
1.0.8-25.el10
old:
opencsd:
----------
new:
1.4.1-4.el10
old:
perf:
----------
new:
6.12.0-55.20.1.el10_0
old:
----------
ID: Test Groupinstall 2
Function: pkg.group_installed
Name: Performance Tools
Result: True
Comment: Group 'Performance Tools' is already installed
Started: 20:49:07.834469
Duration: 3759.822 ms
Changes:
Summary for testminion
------------
Succeeded: 1 (changed=1)
Failed: 1
------------
Total states run: 2
Total run time: 26.375 s
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 1
-------------------------------------------
ERROR: Minions returned with non-zero exit code
Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
- on-prem machine
- VM (Virtualbox, KVM, etc. please specify) (KVM Master)
- VM running on a cloud service, please be explicit and add details
- container (Kubernetes, Docker, containerd, etc. please specify)
- or a combination, please be explicit
- jails if it is FreeBSD
- classic packaging
- onedir packaging
- used bootstrap to install
Steps to Reproduce the behavior
groupinstall_test.sls
Test Groupinstall 1:
pkg.group_installed:
- name: 'Performance Tools'
- failhard: False
Test Groupinstall 2:
pkg.group_installed:
- name: 'Performance Tools'
- skip:
- 'pcp-pmda-kvm'
- failhard: False
On any EL (AlmaLinux, Rocky Linux, RHEL) 9.x or EL 10.x minion.
Run e.g. dnf -y remove perf in-between to trigger a member package installation if necessary/desired.
Expected behavior
I expect Salt to not assume things failed when the operation it's performing does not report as failed.
Screenshots
N/A
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Salt Version:
Salt: 3007.6
Python Version:
Python: 3.10.17 (main, Jul 2 2025, 22:34:57) [GCC 11.2.0]
Dependency Versions:
cffi: 1.16.0
cherrypy: 18.8.0
cryptography: 42.0.5
dateutil: 2.8.2
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.6
libgit2: Not Installed
looseversion: 1.3.0
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.7
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 24.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: Not Installed
python-gnupg: 0.5.2
PyYAML: 6.0.1
PyZMQ: 25.1.2
relenv: 0.19.4
smmap: Not Installed
timelib: 0.3.0
Tornado: 6.4.2
ZMQ: 4.3.4
Salt Package Information:
Package Type: onedir
System Versions:
dist: almalinux 9.6 Sage Margay
locale: utf-8
machine: x86_64
release: 5.14.0-503.11.1.el9_5.x86_64
system: Linux
version: AlmaLinux 9.6 Sage MargayAdditional context
I feel like I've said this multiple times now, over the many years I've been involved with Salt:
Things like these can be avoided, greatly reduced, and/or properly caught and handled by using the existing APIs where available instead of ad-hoc execs everywhere. It reduces complexity, it provides a cleaner approach, it uses less system resources, and it properly contextualizes input and output.
The more you abstract by going python > shell/command > utility/service instead of going python > utility/service, the more error-prone it is - as clearly demonstrated - due to massive and frequently incorrect assumptions made, incomplete conditions/edge cases/corner cases, and unstable response/output parsing.
Using existing APIs on systems FURTHER allows for a smaller and simpler Saltstack codebase, reducing maintenance/janitorial cost, code rot, changes to accommodate new OS/distro releases, et. al.
I suspect you could greatly reduce your inflow of pkg.*-related bugs simply by using the following (as according to salt.modules.pkg):
aixpkg: N/A; not even supported anymore.aptpkg:python-aptmac_brew_pkg: Noneebuildpkg: N/A; not even supported anymorefreebsdpkg: N/A; not even supported anymoreopenbsdpkg: N/A; not even supported anymorepacmanpkg: N/A; not even supported anymorepkgin: N/A; not even supported anymorepkgng: N/A; not even supported anymorepkgutil: N/A; not even supported anymoresolarispkg: N/A; not even supported anymorewin_pkg: (Internally integrated)yumpkg:dnfzypperpkg: None
Being that 1.) you have a TON of pkg modules still documented despite dropping support for their platforms, and 2.) your two ARGUABLY LARGEST base of minions have native Python APIs, I continue to recommend you implement native package manager API integration. I'm sick of filing bugs, you're sick of getting them.