Salt-Minion can't talk to Salt-Master
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output?FedoraServer
interfaces: enp3s0Did you create a custom zone called
FedoraServer? -
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output?FedoraServer
interfaces: enp3s0Did you create a custom zone called
FedoraServer?No, I have not created any zones yet. That came stock.
-
If your output of
firewall-cmd --get-active-zonesisFedoraServer interfaces: enp3s0then yes, add the rules to that zone. -
firewall-cmd --permanent --zone=FedoraServer --add-port=4505-4506/tcpShould be what you're looking for.
-
Then you need to reload the firewall and test.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
firewall-cmd --permanent --zone=FedoraServer --add-port=4505-4506/tcpShould be what you're looking for.
Did that and says it is already enabled.
-
Is the salt master service looking at the correct zone? Is that the right way to think of it?
-
And you've reloaded the firewall with
firewall-cmd --reload? -
Well going into the salt master config file you'd have to look and see if it's set correctly.
https://docs.saltstack.com/en/latest/ref/configuration/master.html
-
Just for laughs check the status of setenforce.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Was it SELinux?
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
-
@dafyre said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Was it SELinux?
I think that was part of it. The other part as not to specify a port to the server in the minions config file.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
How do I do that? Help the newb here please.
-
I don't recall ever needed to configure SELinux.
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
How do I do that? Help the newb here please.
You'll need to use
semanageto allow this. -
Here is a decent man page and examples.
Since you're allowing ports through you'd want to do that.
