-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow publish.publish wrapper from salt-ssh to contact minions connected to the master instead of only salt-ssh Minions #40943
Comments
This should be the expected behavior, the x509.certified_managed requires making calls back to the salt master to trigger commands on the signing machine. Because salt-ssh runs without a zeromq back to the salt master and no event stream, it would not be possible to use this feature. Thanks, |
We would have to provide a publish module in salt.client.ssh.wrappers, and I am not sure that this would even be possible to make a module like that work. |
Actually, hrm it looks like we have a publish.publish wrapper already |
Ahh, I see the error. So, with salt-ssh it expects everything to be salt-ssh, if minion2 was in your roster config, this might work. |
I have updated the title and tagged this as a feature request. This would be the change that needs to be made for this to work. https://github.com/saltstack/salt/blob/develop/salt/client/ssh/wrapper/publish.py#L88 Thanks, |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
Still useful |
Thank you for updating this issue. It is no longer marked as stale. |
Throwing my hat into this issue. I've run into the exact same issue as the initial issue posted. Well similar issue. I have my salt-ssh initiating host acting as the CA, but other than that the configuration is the same.
It might be derailing the root issue, but it looks like I'm unable to correctly reference the salt-ssh host as the host that the minion should publish the create_certificate request to. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
still useful |
Thank you for updating this issue. It is no longer marked as stale. |
(Referring to If |
Description of Issue/Question
Setup
With a salt-vagrant-demo setup, I use this simple configuration:
caserver.sls
caclient.sls
roster file should be properly configured.
Steps to Reproduce Issue
Apply caserver.sls to minion2.
salt 'minion2' state.apply caserver
Then apply caclient.sls to minion1 with salt-ssh:
salt-ssh -i 'minion1' state.apply caclient
I get the following error:
If I apply the caclient.sls state to minion1 with salt it works (
salt 'minion1' state.apply caclient
).I can reproduce the error with salt if I disallow call to
x509.sign_remote_certificate
by commenting contents of/etc/salt/master.d/peer.conf
, so I guess that salt-ssh is unable to properly callpublish.publish
.Is it the expected behavior?
Versions Report
The text was updated successfully, but these errors were encountered: