Salt Stack communication issues



  • In an attempt to learn more about Salt, I am setting up 1 master server, and 1 minion server. However, after many failed attempts, I cannot seem to get these 2 machines to communicate properly. Here's what I've done so far.

    For the master server:

    1. Installed Fedora 26 server minimal install.
    2. Set static IP 192.168.1.60
    3. Set hostname to salt.
    4. Performed the install instructions, exactly according to this: https://mangolassi.it/topic/11812/installing-salt-master

    For the minion server:

    1. Installed Fedora 26 server minimal install.
    2. Set static IP to 192.168.1.61
    3. Set hostname to minion-1
    4. Performed the install instructions exactly according to this: https://mangolassi.it/topic/11813/installing-a-salt-minion-on-centos-7

    I can ping the master server from the minion by pinging the hostname salt. I get a response from the master. However, if I debug on the minion by running:

    salt-minion -l debug
    

    I get the following output:

    
    [[email protected] ~]# systemctl start salt-minion.service
    [[email protected] ~]# salt-minion -l debug
    [DEBUG   ] Reading configuration from /etc/salt/minion
    [DEBUG   ] Using cached minion ID from /etc/salt/minion_id: minion-1
    [DEBUG   ] Configuration file path: /etc/salt/minion
    [WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
    [INFO    ] Setting up the Salt Minion "minion-1"
    [DEBUG   ] Created pidfile: /var/run/salt-minion.pid
    [INFO    ] Starting up the Salt Minion
    [DEBUG   ] AsyncEventPublisher PUB socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pub.ipc
    [DEBUG   ] AsyncEventPublisher PULL socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pull.ipc
    [INFO    ] Starting pull socket on /var/run/salt/minion/minion_event_08ccbf9282_pull.ipc
    [DEBUG   ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pub.ipc
    [DEBUG   ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pull.ipc
    [DEBUG   ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_08ccbf9282_pub.ipc
    [DEBUG   ] Reading configuration from /etc/salt/minion
    [DEBUG   ] Please install 'virt-what' to improve results of the 'virtual' grain.
    [INFO    ] Creating minion process manager
    [DEBUG   ] Process Manager starting!
    [DEBUG   ] Process Manager starting!
    [DEBUG   ] Connecting to master. Attempt 1 of 1
    [DEBUG   ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'minion-1', 'tcp://192.168.1.60:4506')
    [DEBUG   ] Generated random reconnect delay between '1000ms' and '11000ms' (8709)
    [DEBUG   ] Setting zmq_reconnect_ivl to '8709ms'
    [DEBUG   ] Setting zmq_reconnect_ivl_max to '11000ms'
    [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'minion-1', 'tcp://192.168.1.60:4506', 'clear')
    [DEBUG   ] SaltReqTimeoutError, retrying. (1/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (2/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (3/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (4/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (5/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (6/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (7/7)
    [ERROR   ] Error while bringing up minion for multi-master. Is master at salt responding?
    

    I've done this before using CentOS7, but with Fedora, I am having issues. Not sure if it related to the OS or not.

    Any ideas?



  • I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?



  • @reid-cooper said in Salt Stack communication issues:

    I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?

    I did. I can also ping salt from the minion and get a response from the master.



  • @fuznutz04 said in Salt Stack communication issues:

    @reid-cooper said in Salt Stack communication issues:

    I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?

    I did. I can also ping salt from the minion and get a response from the master.

    Nothing shows up using this command on the master: salt-key -L



  • Did you open the right ports on the master?

    Did you verify that master's process is running?



  • @black3dynamite said in Salt Stack communication issues:

    @fuznutz04 said in Salt Stack communication issues:

    @reid-cooper said in Salt Stack communication issues:

    I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?

    I did. I can also ping salt from the minion and get a response from the master.

    Nothing shows up using this command on the master: salt-key -L

    negative. Just this:

    
    [[email protected] ~]# salt-key -L
    Accepted Keys:
    Denied Keys:
    Unaccepted Keys:
    salt
    Rejected Keys:
    

    The unaccepted key salt of course is the master itself.



  • @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    


  • @scottalanmiller said in Salt Stack communication issues:

    Did you verify that master's process is running?

    Yes.

    [[email protected] ~]# systemctl status salt-master
    ● salt-master.service - The Salt Master Server
       Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled
       Active: active (running) since Fri 2017-11-17 10:21:19 EST; 28min ago
     Main PID: 778 (salt-master)
        Tasks: 30 (limit: 19660)
       CGroup: /system.slice/salt-master.service
               ├─778 /usr/bin/python /usr/bin/salt-master
               ├─909 /usr/bin/python /usr/bin/salt-master
               ├─930 /usr/bin/python /usr/bin/salt-master
               ├─931 /usr/bin/python /usr/bin/salt-master
               ├─932 /usr/bin/python /usr/bin/salt-master
               ├─933 /usr/bin/python /usr/bin/salt-master
               ├─934 /usr/bin/python /usr/bin/salt-master
               ├─935 /usr/bin/python /usr/bin/salt-master
               ├─936 /usr/bin/python /usr/bin/salt-master
               ├─937 /usr/bin/python /usr/bin/salt-master
               ├─938 /usr/bin/python /usr/bin/salt-master
               └─939 /usr/bin/python /usr/bin/salt-master
    
    Nov 17 10:21:09 salt systemd[1]: Starting The Salt Master Server...
    Nov 17 10:21:19 salt systemd[1]: Started The Salt Master Server.
    
    


  • @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    

    And public is definitely the right zone?



  • @scottalanmiller said in Salt Stack communication issues:

    @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    

    And public is definitely the right zone?

    FacePalm. There was only 1 zone listed on the firewall, and it was called FedoraServer. Opening the ports in this zone of course solved the issue.



  • @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    

    And public is definitely the right zone?

    FacePalm. There was only 1 zone listed on the firewall, and it was called FedoraServer. Opening the ports in this zone of course solved the issue.

    I was wondering as FedoraServer is the default.

    🙂



  • @fuznutz04 You ran into this "problem" because you used the netinstall iso.
    With the DVD iso FedoraServer is the default.



  • Learn something new every day. I'm so used to CentOS, so I'm not used to the differences with Fedora.

    Thanks!