Flush mine during upgrade

[eg-ayoub]

MK8S-217 The mine can be flushed and updated during a metalk8s upgrade to avoid errors where the mine cache gets corrupted.
this is done by a function in upgrade.sh that runs as soon as possible after the bootstrap upgrade to flush the mine

[bert-e]

Hello eg-ayoub,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Request integration branches

Waiting for integration branch creation to be requested by the user.

To request integration branches, please comment on this pull request with the following command:

/create_integration_branches

Alternatively, the /approve and /create_pull_requests commands will automatically
create the integration branches.

[claude]

LGTM

Review by Claude Code

[claude]

• mine.flush / mine.update may be called before the salt-master daemon is ready to accept connections (container running ≠ service ready), causing the upgrade to abort under set -e
  - Wrap both calls with the existing retry helper, matching the pattern used in salt_minion_list
  
  Review by Claude Code

[claude]

• CHANGELOG.md:8 — Grammar error: "fails prints" should be "prints"
• scripts/upgrade.sh.in:226 — Step label says "on bootstrap" but function targets all minions via salt '*'

Review by Claude Code

[claude]

run_quiet disables set -e, so if mine.flush fails, execution continues to mine.update. Since the whole point is to delete the corrupt cache first, a failed flush means mine.update hits the same corrupt file — exactly the bug this function exists to fix. Check the return code of mine.flush before proceeding.

```suggestion
"${SALT_MASTER_CALL[@]}" salt '*' mine.flush || return 1

[claude]

• flush_and_refresh_mine does not check the return code of mine.flush before running mine.update. Under run_quiet (set +e), a failed flush lets mine.update hit the same corrupt cache — defeating the fix.
  • Add || return 1 after mine.flush so the step fails fast.
• dex_server_policy in ca.sls (line 75) still references dex key/cert paths unconditionally, while the new guard only covers dex_ca_b64.
  • Consider wrapping dex_server_policy in the same pillar.addons.dex.enabled conditional.

Review by Claude Code

[claude]

LGTM

Review by Claude Code

[eg-ayoub]

/approve

[bert-e]

Integration data created

I have created the integration data for the additional destination branches.

• this pull request will merge bugfix/salt-mine-breaks-on-update into
  development/133.0
• w/134.0/bugfix/salt-mine-breaks-on-update will be merged into development/134.0

The following branches will NOT be impacted:

• development/123.0
• development/124.0
• development/124.1
• development/125.0
• development/126.0
• development/127.0
• development/128.0
• development/129.0
• development/130.0
• development/131.0
• development/132.0
• development/2.0
• development/2.1
• development/2.10
• development/2.11
• development/2.2
• development/2.3
• development/2.4
• development/2.5
• development/2.6
• development/2.7
• development/2.8
• development/2.9

You can set option create_pull_requests if you need me to create
integration pull requests in addition to integration branches, with:

@bert-e create_pull_requests

The following options are set: approve

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

Peer approvals must include at least 1 approval from the following list:

• @eg-ayoub

• @m4nch0t

• @g-carre

• @ChengYanJin

• @vdaviot

• @thomasdanan

• @ezekiel-alexrod

• @TeddyAndrieux

• @anthony-treuillier-scality

• @JBWatenbergScality

The following options are set: approve

[claude]

LGTM

Review by Claude Code