How to communicate with salt-master

问题

I am trying to access salt master from salt-minion. But, I am unable to get the keys on salt-master.

On my VM, I installed salt-master and on my Windows, I installed salt-minion. I have given master IP address on my minion vi salt\conf\minion

master: master ip address

I tried to run the command below:

c:\salt\salt-minion.exe -l debug -c c:\salt\conf

I am getting a message like below:

[DEBUG   ] Reading configuration from c:\salt\conf\minion
[INFO    ] Using cached minion ID from c:\salt\conf\minion_id: HoroppaLabs
[DEBUG   ] Configuration file path: c:\salt\conf\minion
[INFO    ] Setting up the Salt Minion "HoroppaLabs"
[DEBUG   ] Created pidfile: c:\salt\var\run\salt-minion.pid
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Attempting to authenticate with the Salt Master at 172.31.16.131
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[WARNING ] SaltReqTimeoutError: Waited 60 seconds
[INFO    ] Waiting for minion key to be accepted by the master.
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[WARNING ] SaltReqTimeoutError: Waited 60 seconds
[INFO    ] Waiting for minion key to be accepted by the master.
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem

I didn't get anything else, just the above.

On master, I tried to run the below command

sudo salt-key -L
Accepted Keys:
Unaccepted Keys:
Rejected Keys:

I didn't get any keys on master to accept

Can any one help, how can I communicate with salt-master?

回答1:

This could be due to default incoming port on master (4505 and 4506) for salt communication are blocked Since minions connect to masters, the only firewall configuration that must be done is on the master. By default master must be able to accept incoming connection on port 4505 and 4506 If your master is on centos or RHEL try below command to add ports to your firewall settings 1. firewall-cmd --get-active-zones It will say either public, dmz, or something else. You should only apply to the zones required.

2. firewall-cmd --permanent --zone= --add-port=4505-4506/tcp firewall-cmd --reload (to open port 4505 and 4506)

回答2:

You need to add your salt minion to your master. To do that run following command on you master:

salt-key -A <your_minions_hostname_or_ip>

For example in my case I did

salt-key -A virtual@192.168.56.101

For reference have a look here.

来源：https://stackoverflow.com/questions/22926906/how-to-communicate-with-salt-master