Salt Stack communication issues



  • In an attempt to learn more about Salt, I am setting up 1 master server, and 1 minion server. However, after many failed attempts, I cannot seem to get these 2 machines to communicate properly. Here's what I've done so far.

    For the master server:

    1. Installed Fedora 26 server minimal install.
    2. Set static IP 192.168.1.60
    3. Set hostname to salt.
    4. Performed the install instructions, exactly according to this: https://mangolassi.it/topic/11812/installing-salt-master

    For the minion server:

    1. Installed Fedora 26 server minimal install.
    2. Set static IP to 192.168.1.61
    3. Set hostname to minion-1
    4. Performed the install instructions exactly according to this: https://mangolassi.it/topic/11813/installing-a-salt-minion-on-centos-7

    I can ping the master server from the minion by pinging the hostname salt. I get a response from the master. However, if I debug on the minion by running:

    salt-minion -l debug
    

    I get the following output:

    
    [[email protected] ~]# systemctl start salt-minion.service
    [[email protected] ~]# salt-minion -l debug
    [DEBUG   ] Reading configuration from /etc/salt/minion
    [DEBUG   ] Using cached minion ID from /etc/salt/minion_id: minion-1
    [DEBUG   ] Configuration file path: /etc/salt/minion
    [WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
    [INFO    ] Setting up the Salt Minion "minion-1"
    [DEBUG   ] Created pidfile: /var/run/salt-minion.pid
    [INFO    ] Starting up the Salt Minion
    [DEBUG   ] AsyncEventPublisher PUB socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pub.ipc
    [DEBUG   ] AsyncEventPublisher PULL socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pull.ipc
    [INFO    ] Starting pull socket on /var/run/salt/minion/minion_event_08ccbf9282_pull.ipc
    [DEBUG   ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pub.ipc
    [DEBUG   ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_08ccbf9282_pull.ipc
    [DEBUG   ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_08ccbf9282_pub.ipc
    [DEBUG   ] Reading configuration from /etc/salt/minion
    [DEBUG   ] Please install 'virt-what' to improve results of the 'virtual' grain.
    [INFO    ] Creating minion process manager
    [DEBUG   ] Process Manager starting!
    [DEBUG   ] Process Manager starting!
    [DEBUG   ] Connecting to master. Attempt 1 of 1
    [DEBUG   ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'minion-1', 'tcp://192.168.1.60:4506')
    [DEBUG   ] Generated random reconnect delay between '1000ms' and '11000ms' (8709)
    [DEBUG   ] Setting zmq_reconnect_ivl to '8709ms'
    [DEBUG   ] Setting zmq_reconnect_ivl_max to '11000ms'
    [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'minion-1', 'tcp://192.168.1.60:4506', 'clear')
    [DEBUG   ] SaltReqTimeoutError, retrying. (1/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (2/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (3/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (4/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (5/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (6/7)
    [DEBUG   ] SaltReqTimeoutError, retrying. (7/7)
    [ERROR   ] Error while bringing up minion for multi-master. Is master at salt responding?
    

    I've done this before using CentOS7, but with Fedora, I am having issues. Not sure if it related to the OS or not.

    Any ideas?



  • I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?



  • @reid-cooper said in Salt Stack communication issues:

    I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?

    I did. I can also ping salt from the minion and get a response from the master.



  • @fuznutz04 said in Salt Stack communication issues:

    @reid-cooper said in Salt Stack communication issues:

    I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?

    I did. I can also ping salt from the minion and get a response from the master.

    Nothing shows up using this command on the master: salt-key -L


  • Service Provider

    Did you open the right ports on the master?

    Did you verify that master's process is running?



  • @black3dynamite said in Salt Stack communication issues:

    @fuznutz04 said in Salt Stack communication issues:

    @reid-cooper said in Salt Stack communication issues:

    I don't see anywhere where you put salt into the /etc/hosts file of the minion, or put it into DNS. Is that maybe the issue?

    I did. I can also ping salt from the minion and get a response from the master.

    Nothing shows up using this command on the master: salt-key -L

    negative. Just this:

    
    [[email protected] ~]# salt-key -L
    Accepted Keys:
    Denied Keys:
    Unaccepted Keys:
    salt
    Rejected Keys:
    

    The unaccepted key salt of course is the master itself.



  • @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    


  • @scottalanmiller said in Salt Stack communication issues:

    Did you verify that master's process is running?

    Yes.

    [[email protected] ~]# systemctl status salt-master
    ● salt-master.service - The Salt Master Server
       Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled; vendor preset: disabled
       Active: active (running) since Fri 2017-11-17 10:21:19 EST; 28min ago
     Main PID: 778 (salt-master)
        Tasks: 30 (limit: 19660)
       CGroup: /system.slice/salt-master.service
               ├─778 /usr/bin/python /usr/bin/salt-master
               ├─909 /usr/bin/python /usr/bin/salt-master
               ├─930 /usr/bin/python /usr/bin/salt-master
               ├─931 /usr/bin/python /usr/bin/salt-master
               ├─932 /usr/bin/python /usr/bin/salt-master
               ├─933 /usr/bin/python /usr/bin/salt-master
               ├─934 /usr/bin/python /usr/bin/salt-master
               ├─935 /usr/bin/python /usr/bin/salt-master
               ├─936 /usr/bin/python /usr/bin/salt-master
               ├─937 /usr/bin/python /usr/bin/salt-master
               ├─938 /usr/bin/python /usr/bin/salt-master
               └─939 /usr/bin/python /usr/bin/salt-master
    
    Nov 17 10:21:09 salt systemd[1]: Starting The Salt Master Server...
    Nov 17 10:21:19 salt systemd[1]: Started The Salt Master Server.
    
    

  • Service Provider

    @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    

    And public is definitely the right zone?



  • @scottalanmiller said in Salt Stack communication issues:

    @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    

    And public is definitely the right zone?

    FacePalm. There was only 1 zone listed on the firewall, and it was called FedoraServer. Opening the ports in this zone of course solved the issue.


  • Service Provider

    @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    @fuznutz04 said in Salt Stack communication issues:

    @scottalanmiller said in Salt Stack communication issues:

    Did you open the right ports on the master?

    Did you verify that master's process is running?

    I opened ports 4505 and 4506/tcp by issuing:

    firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
    firewall-cmd --reload
    

    And public is definitely the right zone?

    FacePalm. There was only 1 zone listed on the firewall, and it was called FedoraServer. Opening the ports in this zone of course solved the issue.

    I was wondering as FedoraServer is the default.

    🙂



  • @fuznutz04 You ran into this "problem" because you used the netinstall iso.
    With the DVD iso FedoraServer is the default.



  • Learn something new every day. I'm so used to CentOS, so I'm not used to the differences with Fedora.

    Thanks!


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.