-
-
Save kevins9/a79123cfacd11e117fd1 to your computer and use it in GitHub Desktop.
salt-api failures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
external_auth: | |
pam: | |
newminion: | |
- '@wheel' | |
rest_cherrypy: | |
port: 8000 | |
host: 0.0.0.0 | |
ssl_crt: /etc/pki/tls/certs/localhost.crt | |
ssl_key: /etc/pki/tls/private/localhost.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
credentials are good: | |
--------------------- | |
[root@saltmaster ~]# curl -ksi https://localhost:8000/login -H "Accept: application/json" -d username=newminion -d password=password -d eauth=pam | |
HTTP/1.1 200 OK | |
Content-Length: 184 | |
Access-Control-Expose-Headers: GET, POST | |
Vary: Accept-Encoding | |
Server: CherryPy/3.2.2 | |
Allow: GET, HEAD, POST | |
Access-Control-Allow-Credentials: true | |
Date: Wed, 10 Jun 2015 22:28:17 GMT | |
Access-Control-Allow-Origin: * | |
X-Auth-Token: 80a898f412b457a6bbe51714137b22847c8fabc5 | |
Content-Type: application/json | |
Set-Cookie: session_id=80a898f412b457a6bbe51714137b22847c8fabc5; expires=Thu, 11 Jun 2015 08:28:17 GMT; Path=/ | |
{"return": [{"perms": ["@wheel"], "start": 1433975297.5599329, "token": "80a898f412b457a6bbe51714137b22847c8fabc5", "expire": 1434018497.5599339, "user": "newminion", "eauth": "pam"}]} | |
keys request fails: | |
------------------- | |
[root@saltmaster ~]# curl -sSk https://localhost:8000/keys -d mid=foobar.test.example.net -d username=newminion -d password=password -d euath=pam | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" | |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | |
<html> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> | |
<title>401 Unauthorized</title> | |
<style type="text/css"> | |
#powered_by { | |
margin-top: 20px; | |
border-top: 2px solid black; | |
font-style: italic; | |
} | |
#traceback { | |
color: red; | |
} | |
</style> | |
</head> | |
<body> | |
<h2>401 Unauthorized</h2> | |
<p>No permission -- see authorization schemes</p> | |
<pre id="traceback"></pre> | |
<div id="powered_by"> | |
<span>Powered by <a href="http://www.cherrypy.org">CherryPy 3.2.2</a></span> | |
</div> | |
</body> | |
</html> | |
now any call fails with 500: | |
---------------------------- | |
[root@saltmaster ~]# curl -ksi https://localhost:8000/login -H "Accept: application/json" -d username=newminion -d password=password -d eauth=pam | |
HTTP/1.1 500 Internal Server Error | |
Content-Length: 805 | |
Access-Control-Expose-Headers: GET, POST | |
Server: CherryPy/3.2.2 | |
Allow: GET, HEAD, POST | |
Access-Control-Allow-Credentials: true | |
Date: Wed, 10 Jun 2015 22:31:37 GMT | |
Access-Control-Allow-Origin: * | |
Content-Type: text/html;charset=utf-8 | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" | |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | |
<html> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> | |
<title>500 Internal Server Error</title> | |
<style type="text/css"> | |
#powered_by { | |
margin-top: 20px; | |
border-top: 2px solid black; | |
font-style: italic; | |
} | |
#traceback { | |
color: red; | |
} | |
</style> | |
</head> | |
<body> | |
<h2>500 Internal Server Error</h2> | |
<p>The server encountered an unexpected condition which prevented it from fulfilling the request.</p> | |
<pre id="traceback"></pre> | |
<div id="powered_by"> | |
<span>Powered by <a href="http://www.cherrypy.org">CherryPy 3.2.2</a></span> | |
</div> | |
</body> | |
</html> | |
salt-api must be restarted for it to respond to any call. | |
This worked previously! Now /keys consistently results in a 401 followed by 500s to all requests. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# getent passwd newminion | |
newminion:x:501:99:new minion creation only:/dev/null:/sbin/nologin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# salt --versions | |
Salt: 2014.7.1 | |
Python: 2.6.6 (r266:84292, Jan 22 2014, 09:42:36) | |
Jinja2: unknown | |
M2Crypto: 0.20.2 | |
msgpack-python: 0.4.4 | |
msgpack-pure: Not Installed | |
pycrypto: 2.0.1 | |
libnacl: Not Installed | |
PyYAML: 3.10 | |
ioflo: Not Installed | |
PyZMQ: 14.3.1 | |
RAET: Not Installed | |
ZMQ: 3.2.5 | |
Mako: Not Installed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment