* Salt minion is unable unencrypt the messages from master during boot
because of lack of entropy, throwing the exception:
File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py", line 146, in sign
raise SSLError('Unable to encrypt message')
SSLError: Unable to encrypt message:
error:80064191:lib(128):osrandom_init:getrandom() initialization failed with EAGAIN. Most likely Kernel CPRNG is not se
error:80065190:lib(128):osrandom_rand_bytes:getrandom() initialization failed.
error:04088003:rsa routines:RSA_setup_blinding:BN lib
error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error
After node has been booted up, and /dev/random device collected some
extra entropy, salt-minion could start.
This patch configures libvirt vms to use /dev/urandom for faster
entropy regeneration
Change-Id: I470166b4424752d24ac4bb2cb87d9f99cd14752e
Co-Authored-By: Oleksandr Savatieiev <osavatieiev@mirantis.com>
Prod-Related: PROD-19711
When proxy parameter was defined and host is empty string, salt is complaining with warning. With this patch when host is empty parameters are not used.
Change-Id: I11150e5f141182d5934564611d6c39b2b379b5e9
[Fix] Doc
Issue: - It is not possible to pass [R]andom [N]umber [G]enerator
device to libvirt guest xml in order to control entropy.
- Doc has no information on how to provision vms using salt
Solution: - Pass rng parameters via kwargs from node: pillar
Attach rng xml object to generated xml.
- Provide with an example
Prod-Related: PROD-19214
Customer-Found
Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
Our formula strictly rely on cherrypy framework when running salt API.
This patch adds that dependency to api packages as when installing
recommended is disabled it won't be installed by default.
Change-Id: I12d9368b17f2d0bc33dded2d1a9c8abd9bfcd0b1
Related-Prod: PROD-18105
salt-minion started via upstart is not using /etc/environment to
source variables therefore is not using system wide http_proxy parameters if
they are set there. With this patch if salt.minion.env_vars is set to engine:
file salt will set envvars in /etc/default/salt-minion and will use them for
all commands executed remotely via salt. Since /etc/default is not used on
systems with systemd override for salt-minion to use /etc/environmnet will be
set.
Change-Id: Icfe122de2486a83820a0bd2e2aeea4be3796c6aa
Closes-bug: PROD-16676
This patch adds new httpng.py which is a copy of http.py
from Salt 2017. It contains wait_for_successful_query method which
is needed in order to wait for init of OpenStack API interfaces
like Cinder API, Designate API, etc.
Change-Id: I5b4e526392df6dc0b9103a203937dbab31e0d301
Related-Prod: PROD-17170
The patch deletes deprecated cmd.run function which actually
was defined in salt 2016 as alias for cmd.shell therefore this
change supports backward compatibility.
Change-Id: I47eae0b8ee45ca1a1a9b3e8e544c893614573fda
Related-PROD: 17056
The patch fixes the issue when reclass adapter crashes if a new node
is tried to register in reclass metadata with reactor/runner mechanism.
This actually happens because of merged PR https://github.com/saltstack/salt/pull/15881 so
ID of master is chnaged to <NODE_NAME>_master https://github.com/saltstack/salt/blame/2017.7/salt/config/__init__.py#L3584
thats why runner modul can't fine the node and crashes.
Change-Id: I12b59db72d58d5b9d09cbd454201a75366545779
Related-PROD: PROD-17051