salt-api can not get token

12 views
Skip to first unread message

zs g

unread,
Oct 13, 2025, 8:55:39 PMOct 13
to Salt-users
i config like https://docs.saltproject.io/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html

[root@hutops-tx-sh-01 ~]# more /etc/salt/master.d/api.conf
rest_cherrypy:
  port: 8013
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/certs/localhost.key

add user saltdev passwd saltdev


then test it, but  401 Unauthorized
 curl -sSk https://172.17.0.6:8013/login     -H 'Accept: application/x-yaml'     -d username=saltdev     -d password=saltdev     -d eauth=pam
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
    <title>401 Unauthorized</title>
    <style type="text/css">
    #powered_by {
        margin-top: 20px;
        border-top: 2px solid black;
        font-style: italic;
    }

    #traceback {
        color: red;
    }
    </style>
</head>
    <body>
        <h2>401 Unauthorized</h2>
        <p>Could not authenticate using provided credentials</p>
        <pre id="traceback">Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/_cprequest.py", line 659, in respond
    self._do_respond(path_info)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/_cprequest.py", line 718, in _do_respond
    response.body = self.handler()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/lib/encoding.py", line 223, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_cherrypy/app.py", line 860, in hypermedia_handler
    ret = cherrypy.serving.request._hypermedia_inner_handler(*args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/_cpdispatch.py", line 54, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_cherrypy/app.py", line 1897, in POST
    raise cherrypy.HTTPError(
cherrypy._cperror.HTTPError: (401, 'Could not authenticate using provided credentials')
</pre>
    <div id="powered_by">
      <span>
        Powered by <a href="http://www.cherrypy.dev">CherryPy 18.10.0</a>
      </span>
    </div>
    </body>
</html>



[root@hutops-tx-sh-01 ~]# journalctl -u salt-api -n 10
-- Logs begin at 五 2024-04-05 19:40:14 CST, end at 二 2025-10-14 08:55:03 CST. --
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: File "/opt/saltstack/salt/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 226, in __init__
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: self.context.load_cert_chain(certificate, private_key)
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: PermissionError: [Errno 13] Permission denied
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: [ERROR   ] [14/Oct/2025:08:55:03] ENGINE Shutting down due to error in start listener:
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: Traceback (most recent call last):
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/process/wspbus.py", line 267, in start
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: self.publish('start')
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/process/wspbus.py", line 247, in publish
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: raise exc
10月 14 08:55:03 hutops-tx-sh-01 salt-api[14060]: cherrypy.process.wspbus.ChannelFailures: PermissionError(13, 'Permission denied')

zs g

unread,
Oct 13, 2025, 9:15:41 PMOct 13
to Salt-users
cherrypy.process.wspbus.ChannelFailures: PermissionError(13, 'Permission denied') already solved.

the salt-master error
[root@hutops-tx-sh-01 ~]# journalctl -u salt-master -n 5
-- Logs begin at 五 2024-04-05 19:40:14 CST, end at 二 2025-10-14 09:13:01 CST. --
10月 14 09:04:49 hutops-tx-sh-01 salt-master[18882]: [WARNING ] Authentication failure of type "eauth" occurred.
10月 14 09:04:49 hutops-tx-sh-01 salt-master[18882]: [WARNING ] Authentication failure of type "eauth" occurred.
10月 14 09:12:32 hutops-tx-sh-01 salt-master[18882]: [WARNING ] The eauth system "auto" is not enabled
10月 14 09:12:32 hutops-tx-sh-01 salt-master[18882]: [WARNING ] Authentication failure of type "eauth" occurred.
10月 14 09:12:32 hutops-tx-sh-01 salt-master[18882]: [WARNING ] Authentication failure of type "eauth" occurred.

zs g

unread,
Oct 13, 2025, 9:29:09 PMOct 13
to Salt-users
[root@hutops-tx-sh-01 ~]# salt -a pam --username=saltdev --password=saltdev \* test.ping
Authentication error occurred.

在2025年10月14日星期二 UTC+8 08:55:39<zs g> 写道:

Phipps, Thomas

unread,
Oct 14, 2025, 1:01:24 AMOct 14
to salt-...@googlegroups.com
looking through all the things you posted. a few notes.

the only config you show is cherrypy. 

you don't show an eauth setup.so i will assume you do not have one. see the following for how to setup eauth.  https://docs.saltproject.io/en/3006/topics/eauth/index.html
eauth is used for authentication. 

next your salt-api can not read your ssl cert. because of a permission error. you most likely need to run salt-master as root for pam to work anyway. right now it defaults to the salt user.change the user setting to root. 



--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/salt-users/ef3156c8-6cb2-4351-82cf-ea95e78b42cfn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages