Port from SW - Salt master rsa key issue
-
How is the GIT taking that long? What are you using for GIT? I use a normal user account for GIT on my masters and I can set it up in seconds.
-
@scottalanmiller It's a matter of the person putting the keys into the repository config.
-
@dgingerich said in Port from SW - Salt master rsa key issue:
@scottalanmiller It's a matter of the person putting the keys into the repository config.
We use GitLab, it's basically instant.
-
@DustinB3403 said in Port from SW - Salt master rsa key issue:
I'm no salt expert (I've only played with it a few times) but just wanted to ask and confirm something about your RSA keys.
Are you entering a password when you generate the pairs or no?
No, I did not. I used "ssh-keygen -t rsa -C [email protected]" (sensitive data redacted) as advised in a google search on the matter and chose to leave the password empty.
-
@dgingerich Hrm. . .
If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?
-
@scottalanmiller said in Port from SW - Salt master rsa key issue:
@dgingerich said in Port from SW - Salt master rsa key issue:
@scottalanmiller It's a matter of the person putting the keys into the repository config.
We use GitLab, it's basically instant.
yeah, well, I'm not one of the ones making decisions on this project. I'm just setting up the QA stack. If I could, I would set it up entirely manually. It would take me less time. However, they want it exactly like prod except for the server numbers, and prod is too big to do manually.
-
@DustinB3403 said in Port from SW - Salt master rsa key issue:
@dgingerich Hrm. . .
If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?
Given that it worked and the key regen broke it, it's safe to assume it's a key issue.
-
@dgingerich said in Port from SW - Salt master rsa key issue:
@scottalanmiller said in Port from SW - Salt master rsa key issue:
@dgingerich said in Port from SW - Salt master rsa key issue:
@scottalanmiller It's a matter of the person putting the keys into the repository config.
We use GitLab, it's basically instant.
yeah, well, I'm not one of the ones making decisions on this project. I'm just setting up the QA stack. If I could, I would set it up entirely manually. It would take me less time. However, they want it exactly like prod except for the server numbers, and prod is too big to do manually.
That's our prod
-
@DustinB3403 said in Port from SW - Salt master rsa key issue:
@dgingerich Hrm. . .
If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?
I haven't had the opportunity to do anything with the firewall to this point. By default, it is wide open.
-
@scottalanmiller said in Port from SW - Salt master rsa key issue:
@DustinB3403 said in Port from SW - Salt master rsa key issue:
@dgingerich Hrm. . .
If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?
Given that it worked and the key regen broke it, it's safe to assume it's a key issue.
I was under the assumption he replaced all of the keys.
-
@dgingerich said in Port from SW - Salt master rsa key issue:
@DustinB3403 said in Port from SW - Salt master rsa key issue:
@dgingerich Hrm. . .
If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?
I haven't had the opportunity to do anything with the firewall to this point. By default, it is wide open.
Ah, good ol' ubuntu.
-
@DustinB3403 said in Port from SW - Salt master rsa key issue:
@scottalanmiller said in Port from SW - Salt master rsa key issue:
@DustinB3403 said in Port from SW - Salt master rsa key issue:
@dgingerich Hrm. . .
If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?
Given that it worked and the key regen broke it, it's safe to assume it's a key issue.
I was under the assumption he replaced all of the keys.
Right, that is the break.
-
One of our big Salt users is @QuixoticJeremy and he is at the MangoMeetup event today.
-
I'm trying to research this, but this is definitely not a common issue.
-
@scottalanmiller said in Port from SW - Salt master rsa key issue:
I'm trying to research this, but this is definitely not a common issue.
Perhaps he should contact vendor support?
-
I am spinning up an additional system to try the "install salt, connect them, confirm communication, generate rsa keys, confirm disconnect" method. After that, I'll try generating the rsa keys before installing salt and see if that makes any difference. (I hate spinning up most systems, as they cost my company money to just start them up. I start up one, test on it, and delete it a day later, it still costs my company $36.50. So, this test will cost us $73.)
-
What is the contents of your PKI folder, like this...
# ll /etc/salt/pki/master/ total 28 -r-------- 1 root root 1674 Dec 16 2016 master.pem -rw-r--r-- 1 root root 450 Dec 16 2016 master.pub drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions drwxr-xr-x 2 root root 4096 Dec 16 2016 minions_autosign drwxr-xr-x 2 root root 4096 Mar 19 16:26 minions_denied drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions_pre drwxr-xr-x 2 root root 4096 Dec 16 2016 minions_rejected
-
@scottalanmiller said in Port from SW - Salt master rsa key issue:
What is the contents of your PKI folder, like this...
# ll /etc/salt/pki/master/ total 28 -r-------- 1 root root 1674 Dec 16 2016 master.pem -rw-r--r-- 1 root root 450 Dec 16 2016 master.pub drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions drwxr-xr-x 2 root root 4096 Dec 16 2016 minions_autosign drwxr-xr-x 2 root root 4096 Mar 19 16:26 minions_denied drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions_pre drwxr-xr-x 2 root root 4096 Dec 16 2016 minions_rejected
Yes, the contents of my pki folder look just like that, except with different dates.
root@QAICS-MAN-01:/etc/salt/pki/master# ls -l
total 28
-r-------- 1 root root 1674 Jun 23 18:17 master.pem
-rw-r--r-- 1 root root 450 Jun 23 18:17 master.pub
drwxr-xr-x 2 root root 4096 Jun 23 18:35 minions
drwxr-xr-x 2 root root 4096 Jun 23 18:17 minions_autosign
drwxr-xr-x 2 root root 4096 Jun 23 18:17 minions_denied
drwxr-xr-x 2 root root 4096 Jun 23 18:35 minions_pre
drwxr-xr-x 2 root root 4096 Jun 23 18:17 minions_rejected
root@QAICS-MAN-01:/etc/salt/pki/master# -
What are the date times for the first two?
-
@scottalanmiller said in Port from SW - Salt master rsa key issue:
What are the date times for the first two?
update previous post with that info