Comments (7)
Aditionally to the situation of the master being on 3007
and the minion on 3005
, the opposite is also a problem:
I have a master being on 3005.5
with the minion being upgraded to 3007.0
. The same problem is occuring that the key is not recognized anymore, and the recommended solution of deleting it and restarting the minion does not help either.
Error is consistently Unable to sign_in to master: Invalid master key
.
Having a closer look at the data passing through the function, it seems that the cleaned key for the master has an extra \n
linebreak added to the end which gets removed by the clean function. At this point, the comparision fails.
The minion key however does not have an added newline at the end of the file and does not suffer from this error.
Again, making the clean_key()
function a noop by returning the passsed key
variable unchanged resolves this problem but is only a workaround.
from salt.
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:
- Community Wiki
- Salt’s Contributor Guide
- Join our Community Slack
- IRC on LiberaChat
- Salt Project YouTube channel
- Salt Project Twitch channel
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!
from salt.
this looks related to #66126
from salt.
Thanks @whytewolf for the reply. This fix to 3007.x seems promising https://github.com/saltstack/salt/pull/66161/files - I'll test it shortly.
from salt.
Unfortunately, the above fix (#66161) won't address our case where the clean_key() on the master "messes up" the master's signature verification on older minions which don't have this function in their code base. As far as I can see, the only way to move forward is either to upgrade all the minions to the version that introduced this new code at the same time as upgrading the master(s) (which is not easily feasible for saltenv's with 100k+ nodes), or apply the patch suggested in the description of this bug case.
from salt.
Aditionally to the situation of the master being on
3007
and the minion on3005
, the opposite is also a problem:I have a master being on
3005.5
with the minion being upgraded to3007.0
. The same problem is occuring that the key is not recognized anymore, and the recommended solution of deleting it and restarting the minion does not help either. Error is consistentlyUnable to sign_in to master: Invalid master key
.Having a closer look at the data passing through the function, it seems that the cleaned key for the master has an extra
\n
linebreak added to the end which gets removed by the clean function. At this point, the comparision fails. The minion key however does not have an added newline at the end of the file and does not suffer from this error.Again, making the
clean_key()
function a noop by returning the passsedkey
variable unchanged resolves this problem but is only a workaround.
Yes, that's exactly what I have found as well. We have no need for use of the clean_key() function in our environment, it only "breaks" the signature validation.
from salt.
Aditionally to the situation of the master being on
3007
and the minion on3005
, the opposite is also a problem:I have a master being on
3005.5
with the minion being upgraded to3007.0
. The same problem is occuring that the key is not recognized anymore, and the recommended solution of deleting it and restarting the minion does not help either. Error is consistentlyUnable to sign_in to master: Invalid master key
.Having a closer look at the data passing through the function, it seems that the cleaned key for the master has an extra
\n
linebreak added to the end which gets removed by the clean function. At this point, the comparision fails. The minion key however does not have an added newline at the end of the file and does not suffer from this error.Again, making the
clean_key()
function a noop by returning the passsedkey
variable unchanged resolves this problem but is only a workaround.
the master being a lower version then the minion has never and will never be a supported setup.
see the first paragraph of https://docs.saltproject.io/salt/install-guide/en/latest/topics/upgrade.html
so while we are working on the fix for this in cases where the master is higher version. we will not do so for in cases where the minion is higher version. if the fix ends up working in such cases. great, but it is not a goal.
from salt.
Related Issues (20)
- [BUG] Using IPv6 in 3007.0 causes TCP PublishServer to crash HOT 1
- [BUG] Channels are closed while listened to in 3007.0 HOT 1
- [BUG] salt-ssh breaks on FreeBSD if IFCONFIG_FORMAT is set to return CIDR HOT 1
- [BUG] MySQL Version caching ignores connection_args breaking states the use multiple MySQL servers
- [DOCS] Link to Slack community only works if you have a saltstack.com email address HOT 2
- [BUG] [3007] Salt-master doesn't start when ssl is enabled HOT 2
- [BUG] FIPS mode uses non FIPS algorithms.
- [DOCS] state_top_saltenv documention is inaccurate in regard to when it applies
- [BUG] file_roots to relative path seems broken HOT 1
- [BUG] states from gitfs fail with AttributeError: '_pygit2.Blob' object has no attribute 'oid' with pygit2 1.15.0 HOT 3
- [BUG] [3007] Problem running salt function in Jinja template: Cannot run the event loop while another loop is running HOT 2
- [BUG] [3007.1] startup_states: highstate stop working HOT 2
- [BUG] [Regression] yaml output broken in 3006.8 HOT 3
- [BUG] Error trying to install packages with zypper in AutoYaST process HOT 2
- [BUG] Unless or Onlyif requisite isn't working anymore in 3007.1 with cmd.run and shell powershell. HOT 4
- [BUG] 3007.1 fail to write to vault when using self-signed certificates (verify config not honored) HOT 2
- [BUG] Salt-SSH: Accessing modules in Jinja templates via attributes disables wrappers HOT 2
- [BUG] DeprecationWarning: ssl.PROTOCOL_TLS is deprecated HOT 1
- [BUG] Regression in Salt 3007: Minion fails to start on Windows when using IPv6 HOT 2
- [BUG] salt v3007.1 onedir rpm package dependencies break the system HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from salt.