ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Port from SW - Salt master rsa key issue

    Scheduled Pinned Locked Moved IT Discussion
    saltsalt mastersalt minionrsa
    60 Posts 6 Posters 11.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @dgingerich
      last edited by

      @dgingerich Hrm. . .

      If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?

      scottalanmillerS D 2 Replies Last reply Reply Quote 0
      • D
        dgingerich @scottalanmiller
        last edited by

        @scottalanmiller said in Port from SW - Salt master rsa key issue:

        @dgingerich said in Port from SW - Salt master rsa key issue:

        @scottalanmiller It's a matter of the person putting the keys into the repository config.

        We use GitLab, it's basically instant.

        yeah, well, I'm not one of the ones making decisions on this project. I'm just setting up the QA stack. If I could, I would set it up entirely manually. It would take me less time. However, they want it exactly like prod except for the server numbers, and prod is too big to do manually.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @DustinB3403
          last edited by

          @DustinB3403 said in Port from SW - Salt master rsa key issue:

          @dgingerich Hrm. . .

          If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?

          Given that it worked and the key regen broke it, it's safe to assume it's a key issue.

          DustinB3403D 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @dgingerich
            last edited by

            @dgingerich said in Port from SW - Salt master rsa key issue:

            @scottalanmiller said in Port from SW - Salt master rsa key issue:

            @dgingerich said in Port from SW - Salt master rsa key issue:

            @scottalanmiller It's a matter of the person putting the keys into the repository config.

            We use GitLab, it's basically instant.

            yeah, well, I'm not one of the ones making decisions on this project. I'm just setting up the QA stack. If I could, I would set it up entirely manually. It would take me less time. However, they want it exactly like prod except for the server numbers, and prod is too big to do manually.

            That's our prod 🙂

            1 Reply Last reply Reply Quote 0
            • D
              dgingerich @DustinB3403
              last edited by

              @DustinB3403 said in Port from SW - Salt master rsa key issue:

              @dgingerich Hrm. . .

              If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?

              I haven't had the opportunity to do anything with the firewall to this point. By default, it is wide open.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403 @scottalanmiller
                last edited by

                @scottalanmiller said in Port from SW - Salt master rsa key issue:

                @DustinB3403 said in Port from SW - Salt master rsa key issue:

                @dgingerich Hrm. . .

                If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?

                Given that it worked and the key regen broke it, it's safe to assume it's a key issue.

                I was under the assumption he replaced all of the keys.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @dgingerich
                  last edited by

                  @dgingerich said in Port from SW - Salt master rsa key issue:

                  @DustinB3403 said in Port from SW - Salt master rsa key issue:

                  @dgingerich Hrm. . .

                  If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?

                  I haven't had the opportunity to do anything with the firewall to this point. By default, it is wide open.

                  Ah, good ol' ubuntu.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @DustinB3403
                    last edited by

                    @DustinB3403 said in Port from SW - Salt master rsa key issue:

                    @scottalanmiller said in Port from SW - Salt master rsa key issue:

                    @DustinB3403 said in Port from SW - Salt master rsa key issue:

                    @dgingerich Hrm. . .

                    If you're just entering through the process I don't think it would be the RSA keys then . . . maybe there is a firewall enabled on your Masters/Minions?

                    Given that it worked and the key regen broke it, it's safe to assume it's a key issue.

                    I was under the assumption he replaced all of the keys.

                    Right, that is the break.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      One of our big Salt users is @QuixoticJeremy and he is at the MangoMeetup event today.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        I'm trying to research this, but this is definitely not a common issue.

                        DanpD 1 Reply Last reply Reply Quote 0
                        • DanpD
                          Danp @scottalanmiller
                          last edited by

                          @scottalanmiller said in Port from SW - Salt master rsa key issue:

                          I'm trying to research this, but this is definitely not a common issue.

                          Perhaps he should contact vendor support?

                          🙂

                          1 Reply Last reply Reply Quote 0
                          • D
                            dgingerich
                            last edited by

                            I am spinning up an additional system to try the "install salt, connect them, confirm communication, generate rsa keys, confirm disconnect" method. After that, I'll try generating the rsa keys before installing salt and see if that makes any difference. (I hate spinning up most systems, as they cost my company money to just start them up. I start up one, test on it, and delete it a day later, it still costs my company $36.50. So, this test will cost us $73.)

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              What is the contents of your PKI folder, like this...

                              # ll /etc/salt/pki/master/
                              total 28
                              -r-------- 1 root root 1674 Dec 16  2016 master.pem
                              -rw-r--r-- 1 root root  450 Dec 16  2016 master.pub
                              drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions
                              drwxr-xr-x 2 root root 4096 Dec 16  2016 minions_autosign
                              drwxr-xr-x 2 root root 4096 Mar 19 16:26 minions_denied
                              drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions_pre
                              drwxr-xr-x 2 root root 4096 Dec 16  2016 minions_rejected
                              
                              
                              D 1 Reply Last reply Reply Quote 0
                              • D
                                dgingerich @scottalanmiller
                                last edited by dgingerich

                                @scottalanmiller said in Port from SW - Salt master rsa key issue:

                                What is the contents of your PKI folder, like this...

                                # ll /etc/salt/pki/master/
                                total 28
                                -r-------- 1 root root 1674 Dec 16  2016 master.pem
                                -rw-r--r-- 1 root root  450 Dec 16  2016 master.pub
                                drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions
                                drwxr-xr-x 2 root root 4096 Dec 16  2016 minions_autosign
                                drwxr-xr-x 2 root root 4096 Mar 19 16:26 minions_denied
                                drwxr-xr-x 2 root root 4096 Jun 14 21:00 minions_pre
                                drwxr-xr-x 2 root root 4096 Dec 16  2016 minions_rejected
                                
                                

                                Yes, the contents of my pki folder look just like that, except with different dates.

                                root@QAICS-MAN-01:/etc/salt/pki/master# ls -l
                                total 28
                                -r-------- 1 root root 1674 Jun 23 18:17 master.pem
                                -rw-r--r-- 1 root root 450 Jun 23 18:17 master.pub
                                drwxr-xr-x 2 root root 4096 Jun 23 18:35 minions
                                drwxr-xr-x 2 root root 4096 Jun 23 18:17 minions_autosign
                                drwxr-xr-x 2 root root 4096 Jun 23 18:17 minions_denied
                                drwxr-xr-x 2 root root 4096 Jun 23 18:35 minions_pre
                                drwxr-xr-x 2 root root 4096 Jun 23 18:17 minions_rejected
                                root@QAICS-MAN-01:/etc/salt/pki/master#

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  What are the date times for the first two?

                                  D 1 Reply Last reply Reply Quote 0
                                  • D
                                    dgingerich @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Port from SW - Salt master rsa key issue:

                                    What are the date times for the first two?

                                    update previous post with that info

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dgingerich
                                      last edited by

                                      Of course, trying the same sequence, I cannot reproduce the results. Looks like I'm going to have to rebuild the masters.

                                      Maybe copying the rsa key files to the new systems will be possible.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @dgingerich
                                        last edited by

                                        @dgingerich said in Port from SW - Salt master rsa key issue:

                                        Of course, trying the same sequence, I cannot reproduce the results. Looks like I'm going to have to rebuild the masters.

                                        Maybe copying the rsa key files to the new systems will be possible.

                                        Possible. Or it might be worth accepting the pain of changing the keys on GIT.

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          dgingerich
                                          last edited by

                                          rebuilding the systems did not work. getting the same issue with brand new master under the same name.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @dgingerich
                                            last edited by

                                            @dgingerich said in Port from SW - Salt master rsa key issue:

                                            rebuilding the systems did not work. getting the same issue with brand new master under the same name.

                                            You didn't do anything with the keys, you left the new system with its automatically created keys? The minions will not be able to rejoin with the same name, you'll need to remove them and add them again.

                                            D 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post