I think we can backport this until there is a new release out. On 06/03/24 09:26 +0100, Uwe Werler wrote: > Hi all, > > it seems that it has to do with eol in minion keys: > > https://github.com/saltstack/salt/issues/66126 > There's also a PR: https://github.com/saltstack/salt/pull/66140 > > Best regards > > Uwe > > On 05 Mar 17:24, Uwe Werler wrote: > > Hi Micholaj, > > > > to upgrade minions to a higher version than the master is usually a bad > > idea. > > > > I noticed the same problem. Installed salt at my alpine machines (3006.7) > > and lost connection to the master. But after upgrading my master to 3006.7 > > my OpenBSD minions (3006.5) lost connection too. When I registered the > > minions new the keys were stored under accepted keys and immediately under > > denied keys too. I guess this has something to do with the upgrades in > > cryptography/pyopenssl. I didn't investigate further but upgraded all > > machines to 3006.7. > > > > Best regards > > > > Uwe > > > > Am 5. März 2024 16:29:55 MEZ schrieb Mikolaj Kucharski > > <miko...@kucharski.name>: > > >Hi Robert. > > > > > >I've notived this problem on my Debian Bookworm machines, which recently > > >got upgraded to 3006.7 and now I also see this on my OpenBSD -current, > > >which also started to run 3006.7 minions. I have Salt master running > > >on OpenBSD -stable with salt-3006.3 and minions after upgrade to 3006.7 > > >lost communication to the master: > > > > > >openbsd-current-minion# tail -n10 /var/log/salt/minion > > >The master public key can be found at: > > >/etc/salt/pki/minion/minion_master.pub > > >2024-03-05 15:13:22,252 [salt.minion:1157][ERROR ][44088] Error while > > >bringing up minion for multi-master. Is master at fde4:f456:48c2:13c0::1 > > >responding? The error message was Unable to sign_in to master: Invalid > > >master key > > >2024-03-05 15:13:32,719 [salt.crypt:1188][ERROR ][44088] The master key > > >has changed, the salt master could have been subverted, verify salt > > >master's public key > > >2024-03-05 15:13:32,721 [salt.crypt:803 ][CRITICAL][44088] The Salt Master > > >server's public key did not authenticate! > > >The master may need to be updated if it is a version of Salt lower than > > >3006.7, or > > >If you are confident that you are connecting to a valid Salt Master, then > > >remove the master public key and restart the Salt Minion. > > >The master public key can be found at: > > >/etc/salt/pki/minion/minion_master.pub > > >2024-03-05 15:13:32,727 [salt.minion:1157][ERROR ][44088] Error while > > >bringing up minion for multi-master. Is master at fde4:f456:48c2:13c0::1 > > >responding? The error message was Unable to sign_in to master: Invalid > > >master key > > > > > >I didn't check does upgrade to 3006.7 on master help. I don't want > > >to touch my -stable machines. I could setup Salt master on -current > > >and test, but all this problem started on Debian and OpenBSD after > > >minion upgrade to 3006.7. I do follow -stable packages and syspatch > > >on my 7.4-stable machines, but giving upgrade on Debian and OpenBSD, > > >I suspect compatibility issue on Salt side. > > > > > >openbsd-salt-master# sysctl -n kern.version > > >OpenBSD 7.4 (GENERIC.MP) #3: Wed Feb 28 06:23:33 MST 2024 > > > > > > r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > > > > > >openbsd-salt-master# ls -lhtnr /var/db/pkg/ | tail > > >drwxr-xr-x 2 0 0 512B Jan 17 23:23 brotli-1.0.9p0 > > >drwxr-xr-x 2 0 0 512B Jan 17 23:23 taskd-1.1.0p5 > > >drwxr-xr-x 2 0 0 512B Feb 7 02:50 ngtcp2-0.19.1 > > >drwxr-xr-x 2 0 0 512B Feb 7 02:50 nghttp3-0.15.0 > > >drwxr-xr-x 2 0 0 512B Feb 7 02:50 nghttp2-1.57.0 > > >drwxr-xr-x 2 0 0 512B Feb 7 02:50 git-2.42.0 > > >drwxr-xr-x 2 0 0 512B Feb 7 02:50 curl-8.6.0 > > >drwxr-xr-x 2 0 0 512B Feb 14 00:47 libunbound-1.19.1 > > >drwxr-xr-x 2 0 0 512B Feb 14 00:47 gnutls-3.8.3 > > >drwxr-xr-x 2 0 0 512B Feb 24 17:56 quirks-6.160 > > > > > > > > >openbsd-current-minion# sysctl -n kern.version > > >OpenBSD 7.5 (GENERIC.MP) #53: Sun Mar 3 22:36:54 MST 2024 > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > > > > > >Are you aware of this problem? Ports mailing list, did you notice this, > > >by any chance? > > > > > >-- > > >Regards, > > > Mikolaj > > > > > > > -- > > Mit freundlichen Grüssen / Með bestu kveðju / With kind regards > > > > Uwe Werler > > -- > wq: ~uw
-- Regards, Robert Nagy
