I hacked together this wrapper:
https://github.com/guettli/wrap_and_log_calls
Now I run salt-ssh
again and searched for non zero "ret:" lines.
I found:
Parent: python2.7 /var/tmp/.root_dcdf8c_salt/salt-call --retcode-passthrough --local --metadata --out json -l quiet -c /var/tmp/.root_dcdf8c_salt -- state.pkg /var/tmp/.root_dcdf8c_salt/salt
_state.tgz test=None pkg_sum=7683cfdcaf0ef6b6c907889fab738da83b6f897fe02387251db02a25f541e4ca hash_type=sha256
Parent: /usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-confdef install openssl-foo-bar-user.cert
Parent: python /usr/bin/dpkg --force-confold --force-confdef --status-fd 70 --no-triggers --unpack --auto-deconfigure /var/cache/apt/archives/openssl-foo-bar-user.cert_1-2_all.deb
stdout:
(Reading database ... 365773 files and directories currently installed.)
Preparing to unpack .../openssl-foo-bar-user.cert_1-2_all.deb ...
Unpacking openssl-foo-bar-user.cert (1-2) ...
stderr:
dpkg: error processing archive /var/cache/apt/archives/openssl-foo-bar-user.cert_1-2_all.deb (--unpack):
trying to overwrite '/etc/ssl/server/foo-bar_user.pem', which is also in package server-certificates-user 2-2.1
dpkg-deb (subprocess): decompressing archive member: lzma write error: Broken pipe
dpkg-deb: error: <decompress> subprocess returned error exit status 2
Errors were encountered while processing:
/var/cache/apt/archives/openssl-foo-bar-user.cert_1-2_all.deb
Now I know the problem is with the custom (non pulic) dpkg openssl-foo-bar-user.cert
It would be very kind, if salt-stack could tell me the real reason immediately the next time. It is not difficult, just don't hide stdout/stderr :-)