[Bug 1197964] New: regression: salt-minion sign-in failure after update
http://bugzilla.opensuse.org/show_bug.cgi?id=1197964 Bug ID: 1197964 Summary: regression: salt-minion sign-in failure after update Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: x86-64 OS: openSUSE Leap 15.3 Status: NEW Severity: Normal Priority: P5 - None Component: Salt Assignee: salt-maintainers@suse.de Reporter: seroton10@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I use salt to manage a mixture of Leap and Tumbleweed hosts. Because salt-minions can connect to newer masters, but not the other way around, I use Tumbleweed to host my master. Since the recent upgrade to salt-minion-3002.2-150300.53.10.1.x86_64 on my Leap minions, they fail to connect to the master, with the following error (somewhat cut down, as indicated by ellipsis): Apr 02 13:22:51 dogprod salt-minion[9971]: [ERROR ] Error while bringing up minion for multi-master. Is master at master1 responding? Apr 02 13:23:01 dogprod salt-minion[9971]: [ERROR ] Sign-in attempt failed: {'enc': 'pub', 'pub_key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS6pLmz10lMkgNZVUauW\nMv3GvjpiR+pQQzgXP9qgTJHhb01Hw2MM0ociT2a+GjLFq6fF9PHQ9DHDUM0aw55+\n7LYIUbrdZJ1n8J02Sknd5pfZdDjOGzsI6t409loNX98FD9EI7m1jP4iCzeSFmjrG\nWU0ZGUw2Th58ZE7zn+CFiy7Sws/B/D2yIRoKB58v+Cri9pUJMmA7T/e2/JGEKPle\nz8ENYYmx21AlTgyLZibPc7T17LgiF7od+sTlSKYW9Y/q0pKR/ZUJb9I9YIdh/eDS\nYz2cz5h41F9qMfoZFYJ0Ao6DVbAw2KbNq9Hkwyq+qdLTwEAO7AX0mbJyNlOlRK4V\n5QIDAQAB\n-----END PUBLIC KEY-----\n', 'publish_port': 4505, 'token': b"\xd6\xc75.$\n\x02\xb8\x9b\t\x89[\xe8\xbag@\x9f\xdaW\xc6\x95\xe5iB\xfd\x06\x98fD\nd}...", 'aes': b'\xa1\xab\xceu\x1eg;g\xe3\xe0\xd8\xf4g\xc7\x93\xb2\xfd\xab\xa8`\x00\xb7\xee\xee\x0f(}V|6(\x9d)\x0e\xf3...', 'sig': b'!J\xd6\xa1\x9c\xe2\xa4\xd2p\x1a\x91\x02\xeek\xae-\x95\xa1\x8b...'} I have tried to clear all caches and start with freshly generated PKI material, but it doesn't help. The minion configuration is minimal: state_output: changes state_output_diff: True master: master1 The master configuration is similarly sparse, except it also defines some GitFS sources for states and pillar data. Reverting the Leap minions back to salt-minion-3002.2-150300.53.7.2.x86_64 fixes the issue. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1197964 http://bugzilla.opensuse.org/show_bug.cgi?id=1197964#c1 Pablo Su�rez Hern�ndez <pablo.suarezhernandez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |pablo.suarezhernandez@suse. | |com Resolution|--- |WONTFIX --- Comment #1 from Pablo Su�rez Hern�ndez <pablo.suarezhernandez@suse.com> --- Hi Olav, thanks for reporting this. This issue is caused because the latest update for Salt contains a security fix that forces you to update first your Salt master and then your minions: https://www.suse.com/support/kb/doc/?id=000020625 As you mentioned, you are using Tumbleweed in your Salt master and then use Leap for your minions. The issue you have is caused because the Salt update for Tumbleweed have not yet being released. So, in this case, you have an older Salt master which does not understand the extra security layer your updated minions are sending, therefore you got those errors during authentication. The security update for Tumbleweed was submitted already so I think it should be about to be released today or in the following days. As soon as you have your Salt master updated with the upcoming security update, then your updated Salt minions should be able to communicate with your master without any issues. Hth and sorry for the inconvenience! -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com