New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IOError: [Errno 13] Permission denied: '/var/cache/salt/master/.dfn' when using python salt.wheel module #27796
Comments
@onsmribah, thanks for the report. |
I am seeing the same, but running salt-key |
The file /var/cache/salt/master/.dfn is there when calling salt-key, it will fail. If you wit a bit, the file goes away and then salt-key works. |
I can reproduce this almost instantly now: git clone git@github.com:dmacvicar/salt-opensuse-playground.git
git checkout salty
vagrant up
vagrant ssh master
sudo -s
salt-key -R
salt-key -D Proceed? [N/y] y
Traceback (most recent call last):
File "/usr/bin/salt-key", line 10, in <module>
salt_key()
File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 285, in salt_key
client.run()
File "/usr/lib/python2.7/site-packages/salt/cli/key.py", line 32, in run
key.run()
File "/usr/lib/python2.7/site-packages/salt/key.py", line 427, in run
self.delete_all()
File "/usr/lib/python2.7/site-packages/salt/key.py", line 226, in delete_all
self.delete('*')
File "/usr/lib/python2.7/site-packages/salt/key.py", line 209, in delete
self.key.delete_key(match_dict=matches)
File "/usr/lib/python2.7/site-packages/salt/key.py", line 829, in delete_key
salt.crypt.dropfile(self.opts['cachedir'], self.opts['user'])
File "/usr/lib/python2.7/site-packages/salt/crypt.py", line 59, in dropfile
with salt.utils.fopen(dfn, 'wb+') as fp_:
File "/usr/lib/python2.7/site-packages/salt/utils/__init__.py", line 1204, in fopen
fhandle = open(*args, **kwargs)
IOError: [Errno 13] Permission denied: '/var/cache/salt/master/.dfn' |
So both reject_key and delete_key perform a request to rotate the key, which calls
Line 53 in 6f95752
/var/cache/salt/master/.dfn with owner salt and permissions 400 .
It tries to create the file with If you call The creation of the file has a comment: # set a mask (to avoid a race condition on file creation) and store original.
mask = os.umask(191)
I could contribute a fix around these ideas, but I need some information about the intention of the design. @thatch45 ? |
Excellent work. Thanks, @dmacvicar. |
add_key/reject_key: do not crash w/Permission denied: '/var/cache/salt/master/.dfn' (#27796)
Hi,
I am using salt.wheel python module to manage minion keys. But when it throws the error below when trying to delete a minion key. However, running salt-key -d <minion_id> works fine.
Am using an unprivileged user to run salt-master and i also changed the ownership of the following dirs :
/var/cache/salt
/var/log/salt
/etc/salt/pki
salt version :
The text was updated successfully, but these errors were encountered: