Proper reading of the documentation and understanding of how salt-ssh operates with rosters will avoid some of those listed, but I describe them below anyway.
Fault 1: Permission denied: '/etc/salt/pki/master/ssh'
Try running salt-ssh on the local machine as root
Fault 2: Tabs in roster file
Although roster file does not have a file extension indicating it is Yaml, it is parsed as Yaml by Salt
Remove any tabs
Fault 3: missing /etc/salt/pki/master/ssh/salt-ssh.rsa
Until you have run salt-ssh as root,
the necessary files in /etc/salt/pki/master/ssh will not be generated
Run as root on local machine to initialise
Fault 4: remote host has not got salt-ssh.rsa.pub in its authorized_keys
/usr/bin/ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub someuser@box
Fault 5: /usr/bin/ssh-copy-id: ERROR: No identities found
You are probably trying to copy the salt-ssh private key (denied) rather than the public key (likely 644 permission)
Fault 6: IOErrors reported for remote host for directories in following list:
- /etc/salt
- /var/cache/salt
- /var/log/salt
When the connection at the remote end is instructed to use sudo (as shown above) then those 3 directories will be initiated properly on the remote host
Fault 7: [CRITICAL] Unable to import msgpack or msgpack_pure python modules
This error message is often associated with IOError described in Fault 6. Once the remote directories are created and there are no more reports of IOError, then this import message should also disappear
Fault 8: unprivileged user on remote does not have enough sudo powers
%saltpepper ALL=NOPASSWD:ALL
And then add the unprivileged user to group saltpepper (or whatever you preferred group for controlling sudo is)
Example of invoking file.find on remote host via salt-ssh
( This article is not a general guide to Saltstack. Please comment or pingback by all means, but only comments directly related to salt-ssh will be read or published. )
No comments:
Post a Comment