ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Salt-Minion can't talk to Salt-Master

    IT Discussion
    salt-minion salt-master salt minion salt stack salt saltstack
    7
    41
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @NerdyDad
      last edited by

      @NerdyDad said in Salt-Minion can't talk to Salt-Master:

      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

      @NerdyDad said in Salt-Minion can't talk to Salt-Master:

      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

      And you've reloaded the firewall with firewall-cmd --reload?

      Still not working

      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

      Just for laughs check the status of setenforce.

      Enforcing

      Try setting setenforce to permissive or disabled for now and test.

      Finally, got the minion to talk to the master. Thanks

      Cool so now you need create an exclusion in setenforce.

      NerdyDadN 1 Reply Last reply Reply Quote 0
      • NerdyDadN
        NerdyDad @dafyre
        last edited by

        @dafyre said in Salt-Minion can't talk to Salt-Master:

        @NerdyDad said in Salt-Minion can't talk to Salt-Master:

        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

        @NerdyDad said in Salt-Minion can't talk to Salt-Master:

        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

        And you've reloaded the firewall with firewall-cmd --reload?

        Still not working

        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

        Just for laughs check the status of setenforce.

        Enforcing

        Try setting setenforce to permissive or disabled for now and test.

        Finally, got the minion to talk to the master. Thanks

        Was it SELinux?

        I think that was part of it. The other part as not to specify a port to the server in the minions config file.

        1 Reply Last reply Reply Quote 0
        • NerdyDadN
          NerdyDad @DustinB3403
          last edited by

          @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

          @NerdyDad said in Salt-Minion can't talk to Salt-Master:

          @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

          @NerdyDad said in Salt-Minion can't talk to Salt-Master:

          @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

          And you've reloaded the firewall with firewall-cmd --reload?

          Still not working

          @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

          Just for laughs check the status of setenforce.

          Enforcing

          Try setting setenforce to permissive or disabled for now and test.

          Finally, got the minion to talk to the master. Thanks

          Cool so now you need create an exclusion in setenforce.

          How do I do that? Help the newb here please.

          DustinB3403D 1 Reply Last reply Reply Quote 0
          • black3dynamiteB
            black3dynamite
            last edited by

            I don't recall ever needed to configure SELinux.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403 @NerdyDad
              last edited by

              @NerdyDad said in Salt-Minion can't talk to Salt-Master:

              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

              @NerdyDad said in Salt-Minion can't talk to Salt-Master:

              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

              @NerdyDad said in Salt-Minion can't talk to Salt-Master:

              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

              And you've reloaded the firewall with firewall-cmd --reload?

              Still not working

              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

              Just for laughs check the status of setenforce.

              Enforcing

              Try setting setenforce to permissive or disabled for now and test.

              Finally, got the minion to talk to the master. Thanks

              Cool so now you need create an exclusion in setenforce.

              How do I do that? Help the newb here please.

              You'll need to use semanage to allow this.

              NerdyDadN scottalanmillerS 2 Replies Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403
                last edited by

                Here is a decent man page and examples.

                Since you're allowing ports through you'd want to do that.

                1 Reply Last reply Reply Quote 0
                • NerdyDadN
                  NerdyDad @DustinB3403
                  last edited by

                  @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                  @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                  @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                  @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                  @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                  @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                  @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                  And you've reloaded the firewall with firewall-cmd --reload?

                  Still not working

                  @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                  Just for laughs check the status of setenforce.

                  Enforcing

                  Try setting setenforce to permissive or disabled for now and test.

                  Finally, got the minion to talk to the master. Thanks

                  Cool so now you need create an exclusion in setenforce.

                  How do I do that? Help the newb here please.

                  You'll need to use semanage to allow this.

                  semanage port -a -t http_port_t -p tcp 4505-4506

                  What would http_port_t translate to? Everything else I understand except that.

                  DustinB3403D 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @NerdyDad
                    last edited by

                    @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                    @black3dynamite said in Salt-Minion can't talk to Salt-Master:

                    Will you show the command for adding the firewall rules for 4505-5606?
                    The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue.

                    I've tried a number of commands

                    firewall-cmd --permanent --zone=trusted --add-port=4505-4506/tcp
                    firewall-cmd --permanent --zone=default --add-port=4505-4506/tcp
                    firewall-cmd --permanent --add-port=4505-4506/tcp

                    In that order, but not all at the same time. I reloaded the firewall and retested between each line.

                    None of those is expected to work. The default zone is FedoraServer

                    NerdyDadN 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @DustinB3403
                      last edited by

                      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                      @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                      @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                      @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                      And you've reloaded the firewall with firewall-cmd --reload?

                      Still not working

                      @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                      Just for laughs check the status of setenforce.

                      Enforcing

                      Try setting setenforce to permissive or disabled for now and test.

                      Finally, got the minion to talk to the master. Thanks

                      Cool so now you need create an exclusion in setenforce.

                      How do I do that? Help the newb here please.

                      You'll need to use semanage to allow this.

                      Or just setenforce

                      DustinB3403D 1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @NerdyDad
                        last edited by

                        @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                        @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                        @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                        @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                        And you've reloaded the firewall with firewall-cmd --reload?

                        Still not working

                        @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                        Just for laughs check the status of setenforce.

                        Enforcing

                        Try setting setenforce to permissive or disabled for now and test.

                        Finally, got the minion to talk to the master. Thanks

                        Cool so now you need create an exclusion in setenforce.

                        How do I do that? Help the newb here please.

                        You'll need to use semanage to allow this.

                        semanage port -a -t http_port_t -p tcp 4505-4506

                        What would http_port_t translate to? Everything else I understand except that.

                        -t specifies a type of service http_port_t is all "type 80 traffic"

                        1 Reply Last reply Reply Quote 0
                        • NerdyDadN
                          NerdyDad @scottalanmiller
                          last edited by

                          @scottalanmiller said in Salt-Minion can't talk to Salt-Master:

                          @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                          @black3dynamite said in Salt-Minion can't talk to Salt-Master:

                          Will you show the command for adding the firewall rules for 4505-5606?
                          The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue.

                          I've tried a number of commands

                          firewall-cmd --permanent --zone=trusted --add-port=4505-4506/tcp
                          firewall-cmd --permanent --zone=default --add-port=4505-4506/tcp
                          firewall-cmd --permanent --add-port=4505-4506/tcp

                          In that order, but not all at the same time. I reloaded the firewall and retested between each line.

                          None of those is expected to work. The default zone is FedoraServer

                          Followup question. Is this a security risk? Do they need to be removed? Or they just won't work?

                          DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • DustinB3403D
                            DustinB3403 @NerdyDad
                            last edited by

                            @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                            @scottalanmiller said in Salt-Minion can't talk to Salt-Master:

                            @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                            @black3dynamite said in Salt-Minion can't talk to Salt-Master:

                            Will you show the command for adding the firewall rules for 4505-5606?
                            The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue.

                            I've tried a number of commands

                            firewall-cmd --permanent --zone=trusted --add-port=4505-4506/tcp
                            firewall-cmd --permanent --zone=default --add-port=4505-4506/tcp
                            firewall-cmd --permanent --add-port=4505-4506/tcp

                            In that order, but not all at the same time. I reloaded the firewall and retested between each line.

                            None of those is expected to work. The default zone is FedoraServer

                            Followup question. Is this a security risk? Do they need to be removed? Or they just won't work?

                            It's bloating the firewall with rules you don't need.

                            1 Reply Last reply Reply Quote 0
                            • DustinB3403D
                              DustinB3403 @scottalanmiller
                              last edited by

                              @scottalanmiller said in Salt-Minion can't talk to Salt-Master:

                              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                              @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                              @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                              @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                              And you've reloaded the firewall with firewall-cmd --reload?

                              Still not working

                              @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                              Just for laughs check the status of setenforce.

                              Enforcing

                              Try setting setenforce to permissive or disabled for now and test.

                              Finally, got the minion to talk to the master. Thanks

                              Cool so now you need create an exclusion in setenforce.

                              How do I do that? Help the newb here please.

                              You'll need to use semanage to allow this.

                              Or just setenforce

                              yea. . but semanage is so much easier.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @NerdyDad
                                last edited by

                                @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                                @scottalanmiller said in Salt-Minion can't talk to Salt-Master:

                                @NerdyDad said in Salt-Minion can't talk to Salt-Master:

                                @black3dynamite said in Salt-Minion can't talk to Salt-Master:

                                Will you show the command for adding the firewall rules for 4505-5606?
                                The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue.

                                I've tried a number of commands

                                firewall-cmd --permanent --zone=trusted --add-port=4505-4506/tcp
                                firewall-cmd --permanent --zone=default --add-port=4505-4506/tcp
                                firewall-cmd --permanent --add-port=4505-4506/tcp

                                In that order, but not all at the same time. I reloaded the firewall and retested between each line.

                                None of those is expected to work. The default zone is FedoraServer

                                Followup question. Is this a security risk? Do they need to be removed? Or they just won't work?

                                No, they are just ignored.

                                1 Reply Last reply Reply Quote 0
                                • black3dynamiteB
                                  black3dynamite
                                  last edited by

                                  setenforce is not a permanent solution. Has soon as you reboot, the setting will revert back to enforcing.

                                  DustinB3403D 1 Reply Last reply Reply Quote 1
                                  • DustinB3403D
                                    DustinB3403 @black3dynamite
                                    last edited by

                                    @black3dynamite said in Salt-Minion can't talk to Salt-Master:

                                    setenforce is not a permanent solution. Has soon as you reboot, the setting will revert back to enforcing. Unless you disable it permanently, which isn't recommended.

                                    FTFY

                                    1 Reply Last reply Reply Quote 0
                                    • NerdyDadN
                                      NerdyDad
                                      last edited by

                                      Just did the following commands

                                      semanage port -a -t http_port_t -p tcp 4505-4506

                                      then

                                      setenforce enforcing

                                      So far, still good.

                                      DustinB3403D 1 Reply Last reply Reply Quote 0
                                      • DustinB3403D
                                        DustinB3403 @NerdyDad
                                        last edited by

                                        @NerdyDad try restarting and seeing if the issue persists.

                                        NerdyDadN 1 Reply Last reply Reply Quote 0
                                        • NerdyDadN
                                          NerdyDad @DustinB3403
                                          last edited by

                                          @DustinB3403 said in Salt-Minion can't talk to Salt-Master:

                                          @NerdyDad try restarting and seeing if the issue persists.

                                          Oh, no issues. They're still communicating.

                                          1 Reply Last reply Reply Quote 1
                                          • JaredBuschJ
                                            JaredBusch
                                            last edited by JaredBusch

                                            Dont specify a zone when you run a firewall-cmd and it automatically uses the whatever the current zone is.

                                            By the way because your zone is Fedora Server, you installed a full server instance and not a minimal instance.

                                            Unless that changed in 29 for minimal.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post