Is there any way to have a salt-master manage systems in a different DNS domain?
26 views
Skip to first unread message
Paul-Andre Panon
Aug 16, 2022, 1:50:54 PM8/16/22
to Salt-users
I have a salt master and a bunch of minions in domain1, and I would also like to manage some systems as minion that are in domain2, when the systems in domain2 register with their FQDN, they seem to register OK, because salt-key -L shows the system's FQDN in the accepted keys list. The salt master can resolve and ping that FQDN in domain2, but trying to run a salt command such as
salt state.apply minion.domain2
results in
No minions matched the target. No command was sent, no jid was assigned.
ERROR: No return received
Am I trying to do something that just isn't possible? Has anybody done something similar successfully?
Do I need to register with a non-FQDN instead and create CNAME aliases in domain1 to point to domain2? I've googled but I haven't found anything like that yet.
Thanks,
Paul-Andre Panon
salt state.apply minion.domain2
results in
No minions matched the target. No command was sent, no jid was assigned.
ERROR: No return received
Am I trying to do something that just isn't possible? Has anybody done something similar successfully?
Do I need to register with a non-FQDN instead and create CNAME aliases in domain1 to point to domain2? I've googled but I haven't found anything like that yet.
Thanks,
Paul-Andre Panon
Lufan Chen
Aug 16, 2022, 2:26:01 PM8/16/22
to salt-...@googlegroups.com
As long as you open salt master ports to minions it will manage minions in any DNS domains as long as master can resolve minion's domain names.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/1934030f-419e-4ff2-b956-d13ae21ef2ean%40googlegroups.com.
 | Lufan Chen Sr Monitoring Automation Engineer Zoom Video Communications
|
Vaarlion
Aug 17, 2022, 2:07:06 AM8/17/22
to Salt-users
HI :)
a couple thing seam wrong here, but mostly what you understand of the tech
> they seem to register OK, because salt-key -L shows the system's FQDN in the accepted keys list
Can you give me example as this sentence confuse me.
Do you have the right name ?
The way master minion communication work isn't at all based on fqdn or dns.
What happens is that the minion open a communication with the master, and give him it's ID. You can configure the master IP in the minion, and the ID to but it default to FQDN which is ok in most case
Note that the minion ID could be anything, the master have no need to use dns to talk back to the minion
> salt state.apply minion.domain2
This command is up side down, it shoud be `salt minion.domain2 state.apply` is it wrong on the mail only ? or did you type it wrong on the terminal ?
As long as what you use in the matching par of the salt command can be found in the salt-key -L list, it will send a job.
after that, if the minion can't talk to the master, you will just never get a reply.
Maybe try to talk to all minion with a `salt '*' test.ping` and check that everyone reply ?
a couple thing seam wrong here, but mostly what you understand of the tech
> they seem to register OK, because salt-key -L shows the system's FQDN in the accepted keys list
Can you give me example as this sentence confuse me.
Do you have the right name ?
The way master minion communication work isn't at all based on fqdn or dns.
What happens is that the minion open a communication with the master, and give him it's ID. You can configure the master IP in the minion, and the ID to but it default to FQDN which is ok in most case
Note that the minion ID could be anything, the master have no need to use dns to talk back to the minion
> salt state.apply minion.domain2
This command is up side down, it shoud be `salt minion.domain2 state.apply` is it wrong on the mail only ? or did you type it wrong on the terminal ?
As long as what you use in the matching par of the salt command can be found in the salt-key -L list, it will send a job.
after that, if the minion can't talk to the master, you will just never get a reply.
Maybe try to talk to all minion with a `salt '*' test.ping` and check that everyone reply ?
Paul-Andre Panon
Aug 26, 2022, 1:55:35 PM8/26/22
to Salt-users
Thanks for your corrections and suggestions. I probably just incorrectly typed from memory the salt command in the email. There were a number of connectivity issues between the sites that were corrected in the next couple of days and the salt commands started working again, as did the Uyuni failing data updates that are based on salt which prompted my investigation.
Cheers,
Paul-Andre Panon
Reply all
Reply to author
Forward
0 new messages