[BUG] Unable to sign_in to master: Invalid master key

[steverweber]

Master: 3004.1
Minion: 3007.0
the keys are the "same" however the payload pub_key has has a newline char at the end causing fail...

related code:

/salt/crypt.py
            with salt.utils.files.fopen(m_pub_fn) as fp_:
                local_master_pub = clean_key(fp_.read())
            if payload["pub_key"] != local_master_pub:

Adding  clean_key(payload["pub_key"]) works around it.
            with salt.utils.files.fopen(m_pub_fn) as fp_:
                local_master_pub = clean_key(fp_.read())
            payload["pub_key"] = clean_key(payload["pub_key"])
            if payload["pub_key"] != local_master_pub:

other kinda related bug is if you have pki files in two places havent tested latest master code.. I think the salt-master should perhaps fail in this case. Seen strangeness where the master.pub key would flip flop because i had different ones in the paths.

/etc/salt/pki/master
/var/lib/salt/pki/master

[steverweber]

related #66219

[steverweber]

a hacky fix on the master end is to remove the EOL char from the file... here is what worked for me... but not a solution...

# on salt master remove the EOL char from master.pub
cp -p /var/lib/salt/pki/master/master.pub /var/lib/salt/pki/master/master.pub_backup
<<eof python3 > /var/lib/salt/pki/master/master.pub_noeol
print(''.join(open('/var/lib/salt/pki/master/master.pub_backup').readlines()).strip(), end='')
eof
cp -p /var/lib/salt/pki/master/master.pub_noeol /var/lib/salt/pki/master/master.pub
systemctl restart salt-master.service

[whytewolf]

for the record. even though this wasn't your problem. a master at a lower version than minion is not supported.

it may work, but it is not something we have ever or will ever support.

[steverweber]

agreed after updating the salt master all is well.
There is plenty of warnings on the minion to update the master.