When I run ##salt -C 'I@docker:swarm' state.sls salt##, follow error happed #67

Projoke · 2017-11-08T09:08:35Z

          ID: /etc/haproxy/ssl/10.0.1.90.crt
    Function: x509.certificate_managed
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1735, in call
                  **cdata['kwargs'])
                File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1653, in wrapper
                  return f(*args, **kwargs)
                File "/usr/lib/python2.7/dist-packages/salt/states/x509.py", line 475, in certificate_managed
                  ret['comment'] = __salt__['x509.create_certificate'](path=name, **kwargs)
                File "/usr/lib/python2.7/dist-packages/salt/modules/x509.py", line 1119, in create_certificate
                  pem_type='CERTIFICATE')
                File "/usr/lib/python2.7/dist-packages/salt/modules/x509.py", line 641, in write_pem
                  text = get_pem_entry(text, pem_type=pem_type)
                File "/usr/lib/python2.7/dist-packages/salt/modules/x509.py", line 380, in get_pem_entry
                  '{1}'.format(pem_type, text))
              SaltInvocationError: PEM does not contain a single entry of type CERTIFICATE:
              Signing policy salt_master_ca_cert_server does not exist.
     Started: 16:53:53.927848
    Duration: 715.996 ms
     Changes:   
----------
          ID: /etc/haproxy/ssl/10.0.1.90.crt_cert_permissions
    Function: file.managed
        Name: /etc/haproxy/ssl/10.0.1.90.crt
      Result: False
     Comment: One or more requisite failed: salt.minion.cert./etc/haproxy/ssl/10.0.1.90.crt
     Changes:   
----------
          ID: salt_minion_cert_proxy_all
    Function: cmd.wait
        Name: cat /etc/haproxy/ssl/10.0.1.90.key /etc/haproxy/ssl/10.0.1.90.crt /etc/haproxy/ssl/salt_master_ca-ca.crt > /etc/haproxy/ssl/10.0.1.90-all.pem
      Result: False
     Comment: One or more requisite failed: salt.minion.cert./etc/haproxy/ssl/10.0.1.90.crt
     Changes:   
----------
          ID: /etc/haproxy/ssl/10.0.1.90-all.pem_cert_permissions
    Function: file.managed
        Name: /etc/haproxy/ssl/10.0.1.90-all.pem
      Result: False
     Comment: One or more requisite failed: salt.minion.cert.salt_minion_cert_proxy_all
     Changes:

The text was updated successfully, but these errors were encountered:

fpytloun · 2017-11-08T12:19:37Z

You need to restart salt-minion on your CA node.
Signing policy salt_master_ca_cert_server does not exist means that you probably have signing policy defined in minion configuration but service was not restarted.

* Update docs/submodules/fuel from branch 'master' - [noha] Disable proxy certificate generation noha scenarios try to generate the proxy SSL cert using the Salt Master CA authority. However, this requires a `salt-minion` restart between the CA configuration and the cert generation (see [1]). Since we don't use this cert anyway, let's just disable it for cfg01. JIRA: FUEL-377 [1] salt-formulas/salt-formula-salt#67 Change-Id: I8e88200e0d5614f0034c0c77e6ba675dc7ef0c11 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>

noha scenarios try to generate the proxy SSL cert using the Salt Master CA authority. However, this requires a `salt-minion` restart between the CA configuration and the cert generation (see [1]). Since we don't use this cert anyway, let's just disable it for cfg01. JIRA: FUEL-377 [1] salt-formulas/salt-formula-salt#67 Change-Id: I8e88200e0d5614f0034c0c77e6ba675dc7ef0c11 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>

* Update docs/submodules/fuel from branch 'stable/fraser' - Merge "[noha] Disable proxy certificate generation" into stable/fraser - [noha] Disable proxy certificate generation noha scenarios try to generate the proxy SSL cert using the Salt Master CA authority. However, this requires a `salt-minion` restart between the CA configuration and the cert generation (see [1]). Since we don't use this cert anyway, let's just disable it for cfg01. JIRA: FUEL-377 [1] salt-formulas/salt-formula-salt#67 Change-Id: I8e88200e0d5614f0034c0c77e6ba675dc7ef0c11 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 016db55bd5cc07d32926b60d59b1fdd7e2471705)

noha scenarios try to generate the proxy SSL cert using the Salt Master CA authority. However, this requires a `salt-minion` restart between the CA configuration and the cert generation (see [1]). Since we don't use this cert anyway, let's just disable it for cfg01. JIRA: FUEL-377 [1] salt-formulas/salt-formula-salt#67 Change-Id: I8e88200e0d5614f0034c0c77e6ba675dc7ef0c11 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 016db55)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

When I run ##salt -C 'I@docker:swarm' state.sls salt##, follow error happed #67

When I run ##salt -C 'I@docker:swarm' state.sls salt##, follow error happed #67

Projoke commented Nov 8, 2017

fpytloun commented Nov 8, 2017

When I run ##salt -C 'I@docker:swarm' state.sls salt##, follow error happed #67

When I run ##salt -C 'I@docker:swarm' state.sls salt##, follow error happed #67

Comments

Projoke commented Nov 8, 2017

fpytloun commented Nov 8, 2017