Salt on Windows (h5)

In this exercise I’m making my windows host desktop as a slave, and creating a new master available to public internet.
In my previous exercises my master has been a virtual machine which has no public ip address, which has been kinda boring, so I decided to create a virtual server at digital ocean. I made a virtual ubuntu server 18.04 which has a public IP address, 1GB RAM, 25GB SSD and is located at Frankfurt data center.

Since my virtual server is publicly available to internet, it was safe to enable firewall. I used commands: sudo ufw enable & sudo ufw allow OpenSSH. Latter command is important because I might want to acces my server with ssh again.
The virtual server was very easy to set up, and I installed salt on it right away. I begun by installing both minion and master on the server to test if the master-slave architecture was working correctly, and it was.
After that I tried to make my windows host machine a slave, but I couldn’t succeed at first. Master didn’t recognize any keys when typing sudo salt-key. Then I remembered I had enabled firewall, so I had to make some rules for salt. I typed following commands: sudo ufw enable 4505/tcp 4506/tcp. Salt uses these two ports, and after allowing them master got request from windows slave to accept its key.

b) Using salt locally on windows slave

I tried to install advanced port scanner locally on windows, but got an error. Installing wireshark worked instead.
Windows IP Configuration.

I used some old virtualmachines in oracle virtualbox while collecting more slaves for my new master, but this wasn’t as easy and fast as I thought it would be. At first, it seemed to be an easy task to just change the masters address in /etc/salt/minion files. So I started four of my old virtualmachines and changed the addresses to be my new masters address. After doing this, I was able to accept all of keys on master except one.

When I checked the status of this minion, I saw that the log were full of same error.

I triple checked that I edited the minion file correctly and was certain that there were no typos. Still I was getting error which said: “The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate”
I didn’t find any help from google, so I checked the file again and this time scrolled all the way down.

This is what I saw at the bottom. There were another master address! I should have checked the whole file…

Removing the extra master address from the minion file fixed the error message, but I still couldn’t connect slaves on my master. Fortunately, there is logs!

Because master has changed, so is the public key which minions use for authenticating. I had to remove the old masters public key, restart the minion and then it worked.

I tried to locate application configuration files in windows, but I could find only few of them, and editing them didn’t seem to work. I am not familiar with windows’ configuration files, and would like to learn how to edit them using salt.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s