Saturday, October 3, 2015

Saltstack salt-ssh - getting started

When first experimenting with salt-ssh, you might be feeling your way around and encounter some of these issues.

Proper reading of the documentation and understanding of how salt-ssh operates with rosters will avoid some of those listed, but I describe them below anyway.

Fault 1: Permission denied: '/etc/salt/pki/master/ssh'

Try running salt-ssh on the local machine as root

Fault 2: Tabs in roster file

Although roster file does not have a file extension indicating it is Yaml, it is parsed as Yaml by Salt

Remove any tabs

Fault 3: missing /etc/salt/pki/master/ssh/salt-ssh.rsa

Until you have run salt-ssh as root,
the necessary files in /etc/salt/pki/master/ssh will not be generated

Run as root on local machine to initialise

Fault 4: remote host has not got in its authorized_keys

/usr/bin/ssh-copy-id -i /etc/salt/pki/master/ssh/ someuser@box

Fault 5: /usr/bin/ssh-copy-id: ERROR: No identities found

You are probably trying to copy the salt-ssh private key (denied) rather than the public key (likely 644 permission)

Fault 6: IOErrors reported for remote host for directories in following list:

  • /etc/salt
  • /var/cache/salt
  • /var/log/salt
roster file for the unprivileged user should be changed to sudo: True
When the connection at the remote end is instructed to use sudo (as shown above) then those 3 directories will be initiated properly on the remote host

Fault 7:  [CRITICAL] Unable to import msgpack or msgpack_pure python modules

This error message is often associated with IOError described in Fault 6. Once the remote directories are created and there are no more reports of IOError, then this import message should also disappear

Fault 8: unprivileged user on remote does not have enough sudo powers

%saltpepper   ALL=NOPASSWD:ALL

And then add the unprivileged user to group saltpepper (or whatever you preferred group for controlling sudo is)

Example of invoking file.find on remote host via salt-ssh

( This article is not a general guide to Saltstack. Please comment or pingback by all means, but only comments directly related to salt-ssh will be read or published. )

No comments: