_pygit2.GitError: user rejected certificate when Salt is trying to connect

124 views
Skip to first unread message

Dennis Gerolymatos

unread,
Jul 1, 2021, 8:25:44 PM7/1/21
to Salt-users
Hi there,

First time using Salt and first post - so apologies for the newbie question.

I'm trying to integrate SaltStack with GitLab to use as a fileserver backend following this document: https://docs.saltproject.io/en/latest/topics/tutorials/gitfs.html

I'm getting an error in /var/log/salt/master:

_pygit2.GitError: user rejected certificate for git.xxx.local
2021-06-29 15:22:23,131 [salt.utils.gitfs :1893][ERROR   ][1011] Error occurred fetching gitfs remote 'https://git.xxx.local/root/ssc.git': user rejected certificate for git.xxx.local
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/salt/utils/gitfs.py", line 1864, in _fetch
    fetch_results = origin.fetch(**fetch_kwargs)
  File "/usr/lib/python3.7/site-packages/pygit2/remote.py", line 147, in fetch
    payload.check_error(err)
  File "/usr/lib/python3.7/site-packages/pygit2/callbacks.py", line 93, in check_error
    check_error(error_code)
  File "/usr/lib/python3.7/site-packages/pygit2/errors.py", line 65, in check_error
    raise GitError(message)
_pygit2.GitError: user rejected certificate for git.xxx.local

I created this new file /etc/salt/master.d/file.conf on the Salt master:

file_roots:
  base:
    - /srv/reactor
    - /srv/salt

fileserver_backend:
  - sseapi
  - gitfs
  - roots

gitfs_remotes:

gitfs_user:
  - root

gitfs_password:
  - root_password


Question: is this a GitLab issue where the root user needs some special configuration, or is this a Salt issue?

Both Salt and GitLab have my Org's CA-signed certificates. Not using self-signed anywhere, but this error does not seem to be "invalid cert" related, but rather "user rejected certificate" (whatever that means).

Tom Barnes

unread,
Apr 11, 2023, 12:30:06 PM4/11/23
to Salt-users
did you figure out where this is coming from?   i'm getting something similar when running salt via a container.  trying to setup gifts and i have:

fileserver_backend:
  - gitfs
  - roots

gitfs_global_lock: False
gitfs_provider: pygit2
file_roots:
  base:
    - /srv/salt

gitfs_remotes:
    - user: svc-salt
    - password: secret
 
when the container starts up, i get the errror:
2023-04-11T16:27:39.509666344+00:00 stderr F [ERROR   ] Error occurred fetching gitfs remote 'https://servername.fqdn/proj/salt.git': user rejected certificate for servername.fqdn
Reply all
Reply to author
Forward
0 new messages