Centos salt-minion не может подключиться к salt-master в debian — попытка входа не удалась

У меня есть два узла:

  1. Debian 11 salt-master (3002.6+dfsg1-4+deb11u1) на ip 10.0.0.254
  2. Свежая и чистая установка CentOS 7 — только что обновил и установил salt-minion-3004.2-1 (также пробовал с salt-minion-3002.9-1). Основная проблема заключается в том, чтобы подключить salt-minion к salt-master ПОСЛЕ принятия ключа. Просто CentOS, другие миньоны Debian прекрасно работают. Конфигурация миньона проста:
master: 10.0.0.254
startup_states: 'highstate'
log_level_logfile: info

И основной конфиг:

interface: 10.0.0.254
auto_accept: true
file_roots:
  base:
    - /srv/salt/
    - /srv/formulas/
pillar_roots:
  base:
    - /srv/pillar
log_level: info
log_level_logfile: info

Логи миньона выглядят так (в режиме отладки):

2022-12-08 17:34:55,308 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'base64_encode' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'base64_decode' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'md5' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'sha1' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'sha256' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'sha512' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'hmac' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'hmac_compute' as a jinja filter
2022-12-08 17:34:55,309 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'random_hash' as a jinja filter
2022-12-08 17:34:55,310 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'rand_str' as a jinja filter
2022-12-08 17:34:55,310 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'file_hashsum' as a jinja filter
2022-12-08 17:34:55,358 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'http_query' as a jinja filter
2022-12-08 17:34:55,362 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'strftime' as a jinja filter
2022-12-08 17:34:55,362 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'date_format' as a jinja filter
2022-12-08 17:34:55,365 [salt.utils.decorators.jinja:84  ][DEBUG   ][13797] Marking 'raise' as a jinja global
2022-12-08 17:34:55,365 [salt.utils.decorators.jinja:58  ][DEBUG   ][13797] Marking 'match' as a jinja test
2022-12-08 17:34:55,365 [salt.utils.decorators.jinja:58  ][DEBUG   ][13797] Marking 'equalto' as a jinja test
2022-12-08 17:34:55,365 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'skip' as a jinja filter
2022-12-08 17:34:55,365 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'sequence' as a jinja filter
2022-12-08 17:34:55,365 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'to_bool' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'indent' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'tojson' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'quote' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'regex_escape' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'regex_search' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'regex_match' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'regex_replace' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'uuid' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'unique' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'min' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'max' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'avg' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'union' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'intersect' as a jinja filter
2022-12-08 17:34:55,366 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'difference' as a jinja filter
2022-12-08 17:34:55,367 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'symmetric_difference' as a jinja filter
2022-12-08 17:34:55,367 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'method_call' as a jinja filter
2022-12-08 17:34:55,367 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'yaml_dquote' as a jinja filter
2022-12-08 17:34:55,367 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'yaml_squote' as a jinja filter
2022-12-08 17:34:55,367 [salt.utils.decorators.jinja:32  ][DEBUG   ][13797] Marking 'yaml_encode' as a jinja filter
2022-12-08 17:34:55,372 [salt.utils.process:324 ][DEBUG   ][13797] Created pidfile: /var/run/salt-minion.pid
2022-12-08 17:34:55,372 [salt.cli.daemons :91  ][INFO    ][13797] Starting up the Salt Minion
2022-12-08 17:34:55,373 [salt.utils.event :1017][DEBUG   ][13797] AsyncEventPublisher PUB socket URI: /var/run/salt/minion/minion_event_c6728c0b0d_pub.ipc
2022-12-08 17:34:55,373 [salt.utils.event :1018][DEBUG   ][13797] AsyncEventPublisher PULL socket URI: /var/run/salt/minion/minion_event_c6728c0b0d_pull.ipc
2022-12-08 17:34:55,373 [salt.utils.event :1050][INFO    ][13797] Starting pull socket on /var/run/salt/minion/minion_event_c6728c0b0d_pull.ipc
2022-12-08 17:34:55,374 [salt.utils.event :313 ][DEBUG   ][13797] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_c6728c0b0d_pub.ipc
2022-12-08 17:34:55,374 [salt.utils.event :314 ][DEBUG   ][13797] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_c6728c0b0d_pull.ipc
2022-12-08 17:34:55,375 [salt.loader      :778 ][DEBUG   ][13797] Grains refresh requested. Refreshing grains.
2022-12-08 17:34:55,375 [salt.config      :1898][DEBUG   ][13797] Reading configuration from /etc/salt/minion
2022-12-08 17:34:55,530 [salt.modules.network:2119][DEBUG   ][13797] Elapsed time getting FQDNs: 0.10647821426391602 seconds
2022-12-08 17:34:55,925 [salt.utils.lazy  :102 ][DEBUG   ][13797] LazyLoaded zfs.is_supported
2022-12-08 17:34:55,938 [salt.minion      :1272][INFO    ][13797] Creating minion process manager
2022-12-08 17:34:55,938 [salt.utils.process:640 ][DEBUG   ][13797] Process Manager starting!
2022-12-08 17:34:55,939 [salt.utils.process:640 ][DEBUG   ][13797] Process Manager starting!
2022-12-08 17:34:55,980 [salt.minion      :798 ][DEBUG   ][13797] Connecting to master. Attempt 1 of 1
2022-12-08 17:34:55,980 [salt.minion      :239 ][DEBUG   ][13797] Master URI: tcp://10.0.0.254:4506
2022-12-08 17:34:56,000 [salt.crypt       :503 ][DEBUG   ][13797] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'centos.test.tld', 'tcp://10.0.0.254:4506')
2022-12-08 17:34:56,001 [salt.transport.zeromq:558 ][DEBUG   ][13797] Generated random reconnect delay between '1000ms' and '11000ms' (1993)
2022-12-08 17:34:56,001 [salt.transport.zeromq:561 ][DEBUG   ][13797] Setting zmq_reconnect_ivl to '1993ms'
2022-12-08 17:34:56,001 [salt.transport.zeromq:567 ][DEBUG   ][13797] Setting zmq_reconnect_ivl_max to '11000ms'
2022-12-08 17:34:56,001 [salt.transport.zeromq:168 ][DEBUG   ][13797] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'centos.test.tld', 'tcp://10.0.0.254:4506', 'clear')
2022-12-08 17:34:56,001 [salt.transport.zeromq:267 ][DEBUG   ][13797] Connecting the Minion to the Master URI (for the return server): tcp://10.0.0.254:4506
2022-12-08 17:34:56,002 [salt.transport.zeromq:1366][DEBUG   ][13797] Trying to connect to: tcp://10.0.0.254:4506
2022-12-08 17:34:56,002 [salt.crypt       :219 ][DEBUG   ][13797] salt.crypt.get_rsa_pub_key: Loading public key
2022-12-08 17:34:56,011 [salt.crypt       :781 ][ERROR   ][13797] Sign-in attempt failed: {'enc': 'pub', 'pub_key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqAFGPkNIAGa8+JdKnu5\nB6UZUNfX8yh2qYa6HPQzIbBMPC5Z+6vUJAeQiXX/vi/PWV4WhWw891KKE53HBcDl\nn355J9PjcplZeaRXg/qPyUr7vH9AF4pUGXSJKUywZh6YyBUFKfiF/MDsuzxA26IP\ndLdejRtmn63rgMkuEAEz+u/Ke3GjMoOElWBRsiu6CW3C43STZsJbZ1QUTh+ROVe9\nhM5sEnu8Zzr7zV5qQ8qJooYl2W5wpH/O+p/tbohxNRbSLFdfnEUk8dcIFNNX4ile\n1o1JEEUGFfeOhfz2ePp6rW4YboIi8cd+oFOqFdXy7xOVHOST8wKtI8Px1TCfSzgC\nLQIDAQAB\n-----END PUBLIC KEY-----', 'publish_port': 4505, 'aes': b'=D\xee\xbc\xfb\xb1R\xd17\rA\xc1\x9do\xcf\xba\xc3I\x06\xe5n!\xd5\xbb\xc2\xdcUk\x1by\xf0>R\x18\xf8\x84\xd6\xa5\xb5\r.\x0f{P\xab\x18\xdd\xb1\xaa\xe6\xda9\x8f\x81\x03|N\xa3@\x1b\xca\x0cC\xff\xc6\xe3L\x19\x9d\x9646\x06=5\xfe{\xac><\x81=h\xea\xa2\xc4\x89\xebVH\x1d\xf6\xcb\xbf^\xbd\x11\r^\xdb\xf9q\xa9VT\'K\x9f\xb3\x1c|z>\xb6x\x91\x19i\x89:\xca}\x96!\x94P\x94\x9d\xcap\x979]\x87g\xed\xc9yw\x97T<\x95\x0e\xb1l\x89K\xb2\x10\x95\xc9\x8e\xbb\x19\x18\x04\xf8lXBF\xa5\x94\xad\x85\x01\x8f\x15\xbbA,fU\x8ds\xadM\xe8\xa3\xfe\x92\xe3@*c\xd3\r\'\xb9\\\xad)\xed\x03\xe5\xab\x83\xa7\xf0"=\x1d\xf8u\xf5K\xb7\x9e\xbf\xd3K\x93\x9e\x15\xd3\xcbL\xd1\xdd\x06\xc1\x1d\xea"\xe9\x87,\xf5$\xb0\x81\xb9k(\x8e]\xb9\xd4\x02\x92O\xfbm\x81\x89\xc9y \x07+\x86p\xb6"2', 'sig': b'\x04\xe1-T\x17S\xdd+\xc3\x14\xe9\x1e\xac \x85\xeb\x1a\x8c\x99\xe8\xd9\xe3,2\x12\x89\x1a\x1f\xed$Y\x14Cs\xa6\xbf\xf3\x08\xa6\xcf\xe9b\xa5\xd9v\x9a\x0e\x1e]{\x01\xb6\xc4\x95t\x16;\xf6\t<\x81\x03\xae\xd8\x0b\x14"\x8d\x02\xc6>F\xb9!\xbd\xf2NK\xc1\xa3\x99=\x8a\xaf\xe7\x7f\xbeLZ:\xbf&l\x99d\x8c\x86ih\x89%\xe1C\x886\t\xc9r:\xb1\xb6\x15\\\x1a\xacQ\xccV/\xcd\x87w\xd1\xaf\xf6\xdf\xec\x81/\xa2C"\x87\x97\xads\xf2\xb0\xcc$6\x9d\'\x0b\x1c\n\xdau\x95\x1ei\x93$+)\x1d\x18\xc3\x8eX\xa8Y\xd5\xb1\xd0ad\xc0[\xf8\x98\x90\xd1w\x13\x9fh\xbe\x80h\x9cF3L\xe3\xd8\x8d.\xe8\x9f\xe4I=\xc2\x96r\x19O\xca\x18bq\x9dWNf\xac\xee\xbf!\xeeO|BP\x0b[\x91p\xb7\xed^\'\x81_\x1a\xfdE\x97\x8b\xcdr6\x8ekR\x1d\xea\xcf\xd7\x16 \xbe-\x80,\x1d/\xd9\x0e\x01bmVPR'}
2022-12-08 17:34:56,011 [salt.transport.zeromq:294 ][DEBUG   ][13797] Closing AsyncZeroMQReqChannel instance
2022-12-08 17:34:56,014 [salt.minion      :1143][ERROR   ][13797] Error while bringing up minion for multi-master. Is master at 10.0.0.254 responding?

И на мастере:

2022-12-08 17:34:00,476 [salt.transport.mixins.auth:197 ][INFO    ][556280] Authentication request from centos.test.tld
2022-12-08 17:34:00,476 [salt.transport.mixins.auth:434 ][INFO    ][556280] Authentication accepted from centos.test.tld

Пробовал с миньоном 3002 и 3004, результат тот же Мне нужны некоторые идеи, как запустить миньон Centos вместе с мастером Debian.


62
1

Ответ:

Решено

Из примечаний к выпуску 3004.1:

Миньоны 3004.1 не могут общаться с мастерами старше 3004.1. Вы должны улучшить своих мастеров, прежде чем улучшать миньонов.

То же самое относится к любым миньонам новее 3004.1.