Error adding a new minion

651 views
Skip to first unread message

Heinz Meier

unread,
Apr 17, 2022, 7:05:45 AM4/17/22
to salt-...@googlegroups.com
Hi,

I just created a new machine. When I start the salt-minion I get the error:
2022-04-17 13:00:48,858 [tornado.application:640 ][ERROR   ][6382] Exception in callback functools.partial(<function wrap.<locals>.null_wrapper at 0x7f2435a5cae8>, <salt.ext.tornad
o.concurrent.Future object at 0x7f2435a5d048>)
Traceback (most recent call last):
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/ioloop.py", line 606, in _run_callback
   ret = callback()
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/stack_context.py", line 278, in null_wrapper
   return fn(*args, **kwargs)
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/ioloop.py", line 628, in _discard_future_result
   future.result()
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
   raise_exc_info(self._exc_info)
 File "<string>", line 4, in raise_exc_info
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/gen.py", line 1064, in run
   yielded = self.gen.throw(*exc_info)
 File "/usr/lib/python3.6/site-packages/salt/crypt.py", line 654, in _authenticate
   creds = yield self.sign_in(channel=channel)
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/gen.py", line 1056, in run
   value = future.result()
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
   raise_exc_info(self._exc_info)
 File "<string>", line 4, in raise_exc_info
 File "/usr/lib/python3.6/site-packages/salt/ext/tornado/gen.py", line 1070, in run
   yielded = self.gen.send(value)
 File "/usr/lib/python3.6/site-packages/salt/crypt.py", line 780, in sign_in
   ret = self.handle_signin_response(sign_in_payload, payload)
 File "/usr/lib/python3.6/site-packages/salt/crypt.py", line 792, in handle_signin_response
   clear_signature = payload["sig"]
KeyError: 'sig'
2022-04-17 13:01:48,818 [salt.minion      :1095][ERROR   ][6382] Minion unable to successfully connect to a Salt Master.


But the new minion is visible on the salt master. When I add the key on the master and restart the minion, the error is:
2022-04-17 13:03:46,462 [salt.crypt       :788 ][ERROR   ][6493] Sign-in attempt failed: {'enc': 'pub', 'pub_key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANB(...)blDQ\n
gQIDAQAB\n-----END PUBLIC KEY-----\n', 'publish_port': 4505, 'aes': b'\x03T(...)\xf6"}
2022-04-17 13:03:46,463 [salt.minion      :1149][ERROR   ][6493] Error while bringing up minion for multi-master. Is master at salt responding?


Any ideas?

Max Arnold

unread,
Apr 17, 2022, 9:21:47 AM4/17/22
to salt-...@googlegroups.com
I'd bet that your minion version is higher than the master one. The minion got upgraded to the latest version with a CVE fix that expects the new signature field, and your master doesn't send it. The official policy recommends having master version >= minion version.

If that is the case, please upgrade your master because it is vulnerable https://saltproject.io/security_announcements/salt-security-advisory-release/

My personal recommendation is to always pin a minion version down to a minor one in a bootstrap script for new VMs, then do explicit upgrades: https://salt.tips/upgrading-salt-to-python-3/#10-key-principles


вс, 17 апр. 2022 г. в 18:05, Heinz Meier <heinz6...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/CAFFTi_LJgzYs2XcS%3D2GU0OZ1JZ7dZSNBs8CywQPoJFdb_1jv4w%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages