** Description changed: - Cloud-init's salt minion module writes minion.pem, and minion.pub to - the wrong directory. Salt-minion expects them in /etc/salt/pki/minion, - but /etc/salt/pki is used by cloud-init's salt minion module. Somehow in - the past this worked out, and the files would be moved to - /etc/salt/pki/minion. This part I don't understand, but currently on - Ubuntu 16.04 Xenial with cloud-init 0.7.7 it doesn't work out. What - happens is cloud-init writes to /etc/salt/pki, and salt-minion ignores - the /etc/salt/pki files and writes it's own /etc/salt/pki/minion files. - This results in the salt minion generated keys being rejected by the - salt master. + ==== Begin SRU Template ==== + [Impact] + Salt minion config module of cloud-init would not work by default + if 'public_key' and 'private_key' were provided. + + [Test Case] + ## Recreate failure + $ cat >user-data <<EOF + #cloud-config + salt_minion: + public_key: "foo public" + private_key: "foo private" + EOF + + $ lxc launch ubuntu-daily:xenial x1 "--config=user.user-data=$(cat user-data)" + $ lxc exec x1 -- grep salt/pki/ /var/log/cloud-init.log + Sep 13 21:04:55 ubuntu [CLOUDINIT] util.py[DEBUG]: Writing to /etc/salt/pki/minion.pub - wb: [420] 10 bytes + Sep 13 21:04:55 ubuntu [CLOUDINIT] util.py[DEBUG]: Writing to /etc/salt/pki/minion.pem - wb: [420] 11 bytes + + ## Note, that ubuntu's packaging actuall moves these files to their proper + ## location, so checking the log is all we can do to show failure. + + ## Now update container, clean and reboot to show first boot + $ lxc exec x1 -- sh -c ' + p=/etc/apt/sources.list.d/proposed.list + echo deb http://archive.ubuntu.com/ubuntu xenial-proposed main > "$p" && + apt-get update -q && apt-get -qy install cloud-init' + $ lxc exec x1 -- sh -c 'apt-get -qy --purge remove salt-minion && rm -Rf /etc/salt' + $ lxc exec x1 -- sh -c ' + cd /var/lib/cloud && for d in *; do [ "$d" = "seed" ] || rm -Rf "$d"; done + rm -Rf /var/log/cloud-init*' + + $ lxc exec x1 reboot + + $ lxc exec x1 -- grep salt/pki/ /var/log/cloud-init.log + Sep 13 21:10:52 x1 [CLOUDINIT] util.py[DEBUG]: Writing to /etc/salt/pki/minion/minion.pub - wb: [420] 10 bytes + Sep 13 21:10:52 x1 [CLOUDINIT] util.py[DEBUG]: Writing to /etc/salt/pki/minion/minion.pem - wb: [420] 11 bytes + + [Regression Potential] + Low chance for regression, especially since the packaging does the right thing. + ==== End SRU Template ==== + + + Cloud-init's salt minion module writes minion.pem, and minion.pub to the wrong directory. Salt-minion expects them in /etc/salt/pki/minion, but /etc/salt/pki is used by cloud-init's salt minion module. Somehow in the past this worked out, and the files would be moved to /etc/salt/pki/minion. This part I don't understand, but currently on Ubuntu 16.04 Xenial with cloud-init 0.7.7 it doesn't work out. What happens is cloud-init writes to /etc/salt/pki, and salt-minion ignores the /etc/salt/pki files and writes it's own /etc/salt/pki/minion files. This results in the salt minion generated keys being rejected by the salt master. Current: pki_dir = salt_cfg.get('pki_dir', '/etc/salt/pki') Fixed: pki_dir = salt_cfg.get('pki_dir', '/etc/salt/pki/minion')
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1609899 Title: salt minion module writes minion keys to the wrong directory To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1609899/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
