Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Cannot ping windows minion because keys are under both Accepted and Denied. #63016

Closed
kTipSSIoYv opened this issue Nov 4, 2022 · 5 comments
Labels
Bug broken, incorrect, or confusing behavior needs-triage Salt-Cloud Windows

Comments

@kTipSSIoYv
Copy link

kTipSSIoYv commented Nov 4, 2022

Description
Windows minion deployed through cloud profile ends up in both Denied keys and Accepted keys. As a result Salt Master can't ping the newly deployed VM.

This is not a issue with Linux VM's. The keys are only under Accepted keys.

root@salt:~# salt 'wintest27' test.ping
wintest27:
    Minion did not return. [No response]
    The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later, run the following command:

    salt-run jobs.lookup_jid 20221104130045794113
ERROR: Minions returned with non-zero exit code

Steps to Reproduce the behavior

Deploy a Windows VM using the following profile.

salt-cloud -p azure-win2012 wintest27

After deployment the test.ping fails and check the salt-key -L. The new VM is under both Accepted keys and Denied keys.

root@salt:~# salt-key -L
Accepted Keys:
app01
app02
wintest25
wintest26
wintest27
Denied Keys:
wintest25
wintest26
wintest27
Unaccepted Keys:
Rejected Keys:

Here is the cloud profile I'm using to deploy the VM.

cat /etc/salt/cloud.profiles.d/azure.conf:

azure-win2012:
  provider: my-azure-config
  image: MicrosoftWindowsServer|WindowsServer|2019-datacenter-gensecond|latest
  size: Standard_B2ms
  location: 'westeurope'
  win_username: azureuser
  win_password: 'Verybadpass'
  use_winrm: True
  winrm_verify_ssl: False
  winrm_port: 5986
  smb_port: 445
  win_installer: /srv/salt/win/files/Salt-Minion-3004.2-1-Py3-AMD64-Setup.exe
  userdata_file: https://raw.githubusercontent.com/xxxx/windows_firewall.ps1
  userdata_template: False
  allocate_public_ip: True
  #securitygroup: saltstack-nsg

Expected behavior
The key needs to be either in Accepted or denied. Not in both state.

Versions Report

salt --versions-report

root@salt:~# salt --versions-report
Salt Version:
Salt: 3005.1

Dependency Versions:
cffi: 1.15.1
cherrypy: Not Installed
dateutil: 2.8.1
docker-py: Not Installed
gitdb: 4.0.9
gitpython: 3.1.24
Jinja2: 3.0.3
libgit2: 1.1.0
M2Crypto: 0.38.0
Mako: Not Installed
msgpack: 1.0.3
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.11.0
pygit2: 1.6.1
Python: 3.10.6 (main, Aug 10 2022, 11:40:04) [GCC 11.3.0]
python-gnupg: 0.4.8
PyYAML: 5.4.1
PyZMQ: 22.3.0
smmap: 5.0.0
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.3.4

System Versions:
dist: ubuntu 22.04 Jammy Jellyfish
locale: utf-8
machine: x86_64
release: 5.15.0-1022-aws
system: Linux
version: Ubuntu 22.04 Jammy Jellyfish

Additional Details
In order to ping the newly created VM, You'll need a new key. The existing keys under Accepted and Denied doesn't let you ping at all.

root@salt:~# salt-key -d wintest27
The following keys are going to be deleted:
Accepted Keys:
wintest27
Denied Keys:
wintest27
Proceed? [N/y] y
Key for minion wintest27 deleted.
Key for minion wintest27 deleted.

root@salt:~# salt-key  -L
Accepted Keys:
app01
app02
Denied Keys:
Unaccepted Keys:
wintest27
Rejected Keys:

root@salt:~# salt-key  -a wintest27
The following keys are going to be accepted:
Unaccepted Keys:
wintest27
Proceed? [n/Y] y
Key for minion wintest27 accepted.

root@salt:~# salt 'wintest27'  test.ping
wintest27:
    True
@kTipSSIoYv kTipSSIoYv added Bug broken, incorrect, or confusing behavior needs-triage labels Nov 4, 2022
@welcome
Copy link

welcome bot commented Nov 4, 2022

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@OrangeDog
Copy link
Contributor

Possible duplicate: #62968

@kTipSSIoYv
Copy link
Author

kTipSSIoYv commented Nov 5, 2022

Not sure if this issue is related to #63024

Grains doesn't work on windows minions

@kTipSSIoYv
Copy link
Author

Please check the following comment
#63024 (comment)

@twangboy
Copy link
Contributor

This is a duplicate of #62968

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug broken, incorrect, or confusing behavior needs-triage Salt-Cloud Windows
Projects
None yet
Development

No branches or pull requests

3 participants