Salt-Minion can't talk to Salt-Master
-
firewall-cmd --permanent --zone=FedoraServer --add-port=4505-4506/tcpShould be what you're looking for.
-
Then you need to reload the firewall and test.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
firewall-cmd --permanent --zone=FedoraServer --add-port=4505-4506/tcpShould be what you're looking for.
Did that and says it is already enabled.
-
Is the salt master service looking at the correct zone? Is that the right way to think of it?
-
And you've reloaded the firewall with
firewall-cmd --reload? -
Well going into the salt master config file you'd have to look and see if it's set correctly.
https://docs.saltstack.com/en/latest/ref/configuration/master.html
-
Just for laughs check the status of setenforce.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Was it SELinux?
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
-
@dafyre said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Was it SELinux?
I think that was part of it. The other part as not to specify a port to the server in the minions config file.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
How do I do that? Help the newb here please.
-
I don't recall ever needed to configure SELinux.
-
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
How do I do that? Help the newb here please.
You'll need to use
semanageto allow this. -
Here is a decent man page and examples.
Since you're allowing ports through you'd want to do that.
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
How do I do that? Help the newb here please.
You'll need to use
semanageto allow this.semanage port -a -t http_port_t -p tcp 4505-4506What would
http_port_ttranslate to? Everything else I understand except that. -
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@black3dynamite said in Salt-Minion can't talk to Salt-Master:
Will you show the command for adding the firewall rules for 4505-5606?
The reason I'm asking is because if you include --zone=FedoraServer but your active firewall zone is public then that could be the issue.I've tried a number of commands
firewall-cmd --permanent --zone=trusted --add-port=4505-4506/tcp
firewall-cmd --permanent --zone=default --add-port=4505-4506/tcp
firewall-cmd --permanent --add-port=4505-4506/tcpIn that order, but not all at the same time. I reloaded the firewall and retested between each line.
None of those is expected to work. The default zone is FedoraServer
-
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
@NerdyDad said in Salt-Minion can't talk to Salt-Master:
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
And you've reloaded the firewall with
firewall-cmd --reload?Still not working
@DustinB3403 said in Salt-Minion can't talk to Salt-Master:
Just for laughs check the status of setenforce.
Enforcing
Try setting setenforce to permissive or disabled for now and test.
Finally, got the minion to talk to the master. Thanks
Cool so now you need create an exclusion in setenforce.
How do I do that? Help the newb here please.
You'll need to use
semanageto allow this.Or just
setenforce
