Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Salt-cloud whenever re-generates keys #33633

Closed
DimentR opened this issue May 31, 2016 · 3 comments
Closed

Salt-cloud whenever re-generates keys #33633

DimentR opened this issue May 31, 2016 · 3 comments
Assignees
@gtmanfred
Labels
Bug broken, incorrect, or confusing behavior P4 Priority 4 RIoT Relates to integration with cloud providers, hypervisors, API-based services, etc. Salt-Cloud severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Milestone
C 8

Comments

@DimentR
Copy link

DimentR commented May 31, 2016
edited
Loading

Description of Issue/Question

Salt-cloud should not re-generate minion keys? right?
When I re-run of 'salt-cloud -m /etc/salt/cloud.map' change minion keys on the master
I use Ubuntu and LXC.

Setup

My salt-cloud map:

podo-lxc-ubuntu:
    - miniontwo:
        minion:
            grains:
                roles: appserver
                omlet: omlet3
        network_profile:
            eth0:
                ipv4: 10.0.3.188/24
                ipv4.gateway: 10.0.3.1

Profiles:

podo-lxc-ubuntu:
    provider: podo
    image: ubuntu
    minion:
        master: 192.168.10.17
    network_profile:
        eth0:
            link: lxcbr0
            type: veth
            flags: up
            ipv4.gateway: 10.0.3.1
    backing: dir
    sudo: True

Providers:

podo:
    driver: lxc
    target: podo14

Steps to Reproduce Issue

  1. Run 'salt-cloud -m /etc/salt/cloud.map'
    Container miniontwo created and bootstrapped.
  2. See pub keys /etc/salt/pki/master/minions/miniontwo and /etc/salt/pki/minion/minion.pub (on minion)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTxFKU2U5MLmfc3BjqPS
iELwSgilQ/kBhGbWrGxGpvTfD+kCjdSKlfAJ5ROHjBqW3HDOww0lCa0uxI0NAAI4
gGoebETk9ZQ/PKZGRjL0AUdGe5q2rq3Vzj3NRKN4S+rw+hDl8GniUa2N/ugggEeG
blfvpz/N9zI4zICbmhRxOAF4DY8VnJJog/JaaIgEHNkaHKnm3Dh8lLrWlRUkb9YV
52pP8Bl66Tdkh5rKXanREWQtA9wSLt/0sfSgQumjI1Asya03CG8C6BT1B+y10ZT2
A7e12nk+MpBeD6+SiY1ApQYWD8hvcNxIlAv8ZOudpXYjPqU12h89I9c0uF7f+BvW
EQIDAQAB
-----END PUBLIC KEY-----

identical.

  1. Run 'salt-cloud -m /etc/salt/cloud.map' again.
              ----------
          comment:
              Container 'miniontwo' successfully initialized
  1. See pub key on minion /etc/salt/pki/minion/minion.pub

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTxFKU2U5MLmfc3BjqPS
iELwSgilQ/kBhGbWrGxGpvTfD+kCjdSKlfAJ5ROHjBqW3HDOww0lCa0uxI0NAAI4
gGoebETk9ZQ/PKZGRjL0AUdGe5q2rq3Vzj3NRKN4S+rw+hDl8GniUa2N/ugggEeG
blfvpz/N9zI4zICbmhRxOAF4DY8VnJJog/JaaIgEHNkaHKnm3Dh8lLrWlRUkb9YV
52pP8Bl66Tdkh5rKXanREWQtA9wSLt/0sfSgQumjI1Asya03CG8C6BT1B+y10ZT2
A7e12nk+MpBeD6+SiY1ApQYWD8hvcNxIlAv8ZOudpXYjPqU12h89I9c0uF7f+BvW
EQIDAQAB
-----END PUBLIC KEY-----

Same.

  1. See minion pub key on master /etc/salt/pki/master/minions/miniontwo

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5yhext7oy4MxfQrOjoX
Oh2bx/Yorl1Ddn1LsQXDIRVCsFsMCwa3pgke1SBpHRiavkYqrtXnE3nWMbgXBepX
oSQnHMZ+ElcJbs+Kh+SrMgDg3qxEsUfHFyaty0AnEXb/Lj6tQwMVKxYraiHonSq+
Ui+BEV8jqgcmklTBw/VoHZqPt1u/OMS8qKPHzWegVD80KL2kVz2cqGUmnsu7VsUM
2p5PFBDx+eo92kZAH+S315lm1Xf5H4biRtExv8ixsE7Fzx1PAyY8t4Rar1CcojkO
nitrrTexV0+rqNNTojrwzBcsBC2D5eyS67ebFzRxRnjcVB+6iyau4deLgazcWl9C
5QIDAQAB
-----END PUBLIC KEY-----

It is new key!

Master

salt miniontwo test.ping
miniontwo:
True

Minion

salt-call test.ping
[WARNING ] Although 'dmidecode' was found in path, the current user cannot execute it. Grains output might not be accurate.
[CRITICAL] The Salt Master has rejected this minion's public key!
To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.
Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.

If the restart salt-minion, minion does not start.

Versions Report

Master

Salt Version:
Salt: 2016.3.0

Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 1.5
gitdb: 0.5.4
gitpython: 0.3.2 RC1
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: 0.21.1
Mako: 0.9.1
msgpack-pure: Not Installed
msgpack-python: 0.3.0
mysql-python: 1.2.3
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
Python: 2.7.6 (default, Mar 22 2014, 22:59:56)
python-gnupg: Not Installed
PyYAML: 3.10
PyZMQ: 14.0.1
RAET: Not Installed
smmap: 0.8.2
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.4

System Versions:
dist: Ubuntu 14.04 trusty
machine: x86_64
release: 3.16.0-30-generic
system: Linux
version: Ubuntu 14.04 trusty

Salt-minion on host podo14

Salt Version:
Salt: 2016.3.0

Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 1.5
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: Not Installed
Mako: 0.9.1
msgpack-pure: Not Installed
msgpack-python: 0.3.0
mysql-python: 1.2.3
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
Python: 2.7.6 (default, Jun 22 2015, 17:58:13)
python-gnupg: Not Installed
PyYAML: 3.10
PyZMQ: 14.0.1
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.0.4

System Versions:
dist: Ubuntu 14.04 trusty
machine: x86_64
release: 3.13.0-86-generic
system: Linux
version: Ubuntu 14.04 trusty

The same behavior and on 2015.8.8.2
@techhat
Copy link
Contributor

techhat commented May 31, 2016

Agreed, it should not create a new key, especially with a map. It should ignore the node entirely.

@techhat
Copy link
Contributor

techhat commented May 31, 2016

@gtmanfred, could you please take a look?

@Ch3LL Ch3LL added Bug broken, incorrect, or confusing behavior Salt-Cloud P4 Priority 4 labels Jun 1, 2016
@Ch3LL Ch3LL added this to the Approved milestone Jun 1, 2016
@Ch3LL Ch3LL added severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around RIoT Relates to integration with cloud providers, hypervisors, API-based services, etc. labels Jun 1, 2016
@meggiebot meggiebot modified the milestones: C 8, Approved Jun 6, 2016
@gtmanfred gtmanfred self-assigned this Jun 6, 2016
@gtmanfred
Copy link
Contributor

gtmanfred commented Jun 23, 2016
edited
Loading

I think this is happening because the list_nodes doesn't actually return anything, so salt doesn't know that the lxc container already exists.

mylxc:
    ----------
    lxc:
        ----------

yup, this is the problem

gtmanfred pushed a commit to gtmanfred/salt that referenced this issue Jun 23, 2016
return list of nodes for lxc driver when called directly
82183f1 
This is required so that salt-cloud sees a dictionary list of lxc
containers that exist so that they do not attempt to recreate the
container.

The downside to this is that if the container is stopped, it is not
started.

Fixes saltstack#33633
@gtmanfred gtmanfred mentioned this issue Jun 23, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gtmanfred gtmanfred

Labels
Bug broken, incorrect, or confusing behavior P4 Priority 4 RIoT Relates to integration with cloud providers, hypervisors, API-based services, etc. Salt-Cloud severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Projects
None yet
Milestone
C 8
Development

No branches or pull requests
5 participants
@techhat @gtmanfred @DimentR @Ch3LL @meggiebot