Salt-Minion can't talk to Salt-Master
-
I have 2 physically separate boxes on the same LAN, 1 Fedora 29 server and 1 Fedora 29 Gnome desktop.
Server updated and installed salt-master and changed its name to SaltMaster (creative, I know)
Desktop updated and installed salt-minion (Name was already set from a previous Windows install and Fedora just carried it over)
Services are running on both boxes, changed the config on the minion to the network name of the SaltMaster
Minion can ping the master box with DNS and IP address but doesn't see the service and the master box isn't registering any unaccepted keys. I have tried adding 4505-4506 TCP to the firewall, but still no change. Restarted the salt-master service and firewall service, rebooted the SaltMaster server, and restarted the salt-minion service.
Still no communications. Any ideas?
-
Will you show the command for adding the firewall rules for 4505-5606?
The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue. -
@black3dynamite said in Salt-Minion can't talk to Salt-Master:
Will you show the command for adding the firewall rules for 4505-5606?
The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue.I've tried a number of commands
firewall-cmd --permanent --zone=trusted --add-port=4505-4506/tcp
firewall-cmd --permanent --zone=default --add-port=4505-4506/tcp
firewall-cmd --permanent --add-port=4505-4506/tcpIn that order, but not all at the same time. I reloaded the firewall and retested between each line.
-
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output? -
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output?FedoraServer
interfaces: enp3s0 -
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output?So I gather that FedoraServer is the zone that I need to add the ports to in the firewall?
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output?FedoraServer
interfaces: enp3s0Did you create a custom zone called
FedoraServer? -
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad if you run
firewall-cmd --get-active-zoneswhat is the output?FedoraServer
interfaces: enp3s0Did you create a custom zone called
FedoraServer?No, I have not created any zones yet. That came stock.
-
If your output of
firewall-cmd --get-active-zonesisFedoraServer interfaces: enp3s0then yes, add the rules to that zone. -
firewall-cmd --permanent --zone=FedoraServer --add-port=4505-4506/tcpShould be what you're looking for.
-
Then you need to reload the firewall and test.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
firewall-cmd --permanent --zone=FedoraServer --add-port=4505-4506/tcpShould be what you're looking for.
Did that and says it is already enabled.
-
Is the salt master service looking at the correct zone? Is that the right way to think of it?
-
And you've reloaded the firewall with
firewall-cmd --reload? -
Well going into the salt master config file you'd have to look and see if it's set correctly.
https://docs.saltstack.com/en/latest/ref/configuration/master.html
-
Just for laughs check the status of setenforce.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Was it SELinux?
