Posts made by dgingerich

@scottalanmiller said in Port from SW - Salt master rsa key issue:

@dgingerich said in Port from SW - Salt master rsa key issue:

@scottalanmiller It's a matter of the person putting the keys into the repository config.

We use GitLab, it's basically instant.

yeah, well, I'm not one of the ones making decisions on this project. I'm just setting up the QA stack. If I could, I would set it up entirely manually. It would take me less time. However, they want it exactly like prod except for the server numbers, and prod is too big to do manually.

@DustinB3403

@DustinB3403 said in Port from SW - Salt master rsa key issue:

I'm no salt expert (I've only played with it a few times) but just wanted to ask and confirm something about your RSA keys.

Are you entering a password when you generate the pairs or no?

No, I did not. I used "ssh-keygen -t rsa -C [email protected]" (sensitive data redacted) as advised in a google search on the matter and chose to leave the password empty.

@scottalanmiller It's a matter of the person putting the keys into the repository config.

@scottalanmiller Yes, (a point where we think alike) I just spun up another ubuntu system for a minion to test the master. Same result. The minion submits the key, I accept the key on the master and immediately try test.ping, and nothing. salt-minion -l debug shows the exact same error about authentication. It has to be something on the masters. However, I don't want to have to rebuild the masters because the rsa keys I generated will have to be replaced on the git repository, resulting in a lost day.

Management is expecting this to be up by Monday, but they just finalized the service structure yesterday. I think they expect me to work over the weekend.

@scottalanmiller I have tried repeatedly to delete all keys and rejoin the minions. It doesn't work. The keys are seen and accepted, but then the minions refuse to authenticate. I have even deleted all keys, uninstalled salt from the minions, deleted all cached data, reinstalled salt minion, and resubmitted keys, and still, trying a ping to all minions right after accpeting the keys results in no connections. running salt-minion -l debug shows that the minions think the masters' keys don't authenticate. It is very frustrating.