Salt Minion Problems
-
@WrCombs said in Salt Minion Problems:
@scottalanmiller which is why i think it gave me an error. however i have followed the steps, and im still getting the same error message on step 3 when i put the hostname in
here is where i am now
-
@WrCombs said in Salt Minion Problems:
@scottalanmiller which is why i think it gave me an error. however i have followed the steps, and im still getting the same error message on step 3 when i put the hostname in
That's because the correct key has not yet appeared:
# salt-key --list-all Accepted Keys: Denied Keys: Unaccepted Keys: ip-65-75-137-152.local Rejected Keys: -
@WrCombs wait.
let me retry that with the correct name -
@WrCombs said in Salt Minion Problems:
@WrCombs wait.
let me retry that with the correct nameWon't work, the minion has not sent its key yet.
-
@WrCombs same error occurss
-
@Romo neither is mine now
-
@scottalanmiller shouldn't the salt-master have already sent its own key? In my vm the first key I accepted was the key my master.
This could mean there is something else that's wrong don't you think?
-
@Romo said in Salt Minion Problems:
@scottalanmiller shouldn't the salt-master have already sent its own key? In my vm the first key I accepted was the key my master.
This could mean there is something else that's wrong don't you think?
Which part? The master? That seems fine.
-
@scottalanmiller Yes, on my install the master shows fine on @WrCombs the master doesnt appear.
-
Don't rename the hosts, that's going to lead to more problems.
-
I'm rebooting to test something. For some reason, the Salt Master never showed up in the key list either. This implies something is certainly wrong.
-
@scottalanmiller said in Salt Minion Problems:
I'm rebooting to test something. For some reason, the Salt Master never showed up in the key list either. This implies something is certainly wrong.
Exactly thats what I ment
@scottalanmiller said in Salt Minion Problems:
@Romo said in Salt Minion Problems:
@scottalanmiller shouldn't the salt-master have already sent its own key? In my vm the first key I accepted was the key my master.
This could mean there is something else that's wrong don't you think?
Which part? The master? That seems fine.
-
@WrCombs By the way, do you remember if you did open the ports in the master?
-
All set on my install, I hadn't reloaded the firewall rules so that's why my minion could reach the master.
-
@Romo said in Salt Minion Problems:
@WrCombs By the way, do you remember if you did open the ports in the master?
He did, I looked.
-
Here is his firewall...
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: 4505-4506/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: -
Here is the error message on the Salt Master's minion process:
Jan 31 20:32:37 salt salt-minion[901]: [ERROR ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate -
@scottalanmiller said in Salt Minion Problems:
The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
That happens to all minions when they are waiting for the master to approve their key.
-
@Romo said in Salt Minion Problems:
@scottalanmiller said in Salt Minion Problems:
The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
That happens to all minions when they are waiting for the master to approve their key.
Yeah, the master didn't have an /etc/hosts entry so it was pointing itself to a different Salt Master. So that was awfully confusing.
-
Ok, so after fixing the hostname on the master, fixing the /etc/hosts file and then checking the errors, we find that that weird ip local address there is NOT from the Minion, but from the Master itself. So the Minion has never checked in at all.
# salt-key --list-all Accepted Keys: Denied Keys: ip-65-75-137-152.local Unaccepted Keys: ip-65-75-137-152.local Rejected Keys: [root@lab-lnx-william-salt ~]# systemctl status salt-minion ā salt-minion.service - The Salt Minion Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled) Active: inactive (dead) since Tue 2017-01-31 20:39:37 UTC; 2min 43s ago Process: 902 ExecStart=/usr/bin/salt-minion (code=exited, status=0/SUCCESS) Main PID: 902 (code=exited, status=0/SUCCESS) Jan 31 20:39:22 lab-lnx-william-salt systemd[1]: Starting The Salt Minion... Jan 31 20:39:23 lab-lnx-william-salt systemd[1]: Started The Salt Minion. Jan 31 20:39:37 lab-lnx-william-salt salt-minion[902]: [CRITICAL] The Salt Master has rejected this minion's public key! Jan 31 20:39:37 lab-lnx-william-salt salt-minion[902]: To repair this issue, delete the public key for this minion on the Salt Master and restart this minion. Jan 31 20:39:37 lab-lnx-william-salt salt-minion[902]: Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
