使用gitfs_remotes和Salt Stack公式设置Vagrant VM

Question

I'm trying to provision vagrant VM using salt with existing salt formulas. I've followed this presentation to get access to gitfs_remotes : https://github.com/borgstrom/salt-vagrant-saltconf2014/blob/master/presentation.md .

salt/minion

master: 127.0.0.1
state_verbose: False

salt/master:

# listen on the loopback in open mode
interface: 127.0.0.1
auto_accept: True

# use both the local roots as well as gitfs remotes
fileserver_backend:
  - roots
  - git

# map our project specific files to the local roots
file_roots:
  base:
    - /vagrant/salt/roots
pillar_roots:
  base:
    - /vagrant/salt/pillar

# setup our salt formulas as gitfs remotes
gitfs_remotes:
  - https://github.com/saltstack-formulas/mysql-formula

Vagrantfile (part):

config.vm.synced_folder "salt/roots/", "/srv/salt/"
config.vm.synced_folder "salt/pillar", "/srv/pillar/"

config.vm.provision :salt do |salt|
    salt.minion_config = "salt/minion"
    salt.master_config = "salt/master"
    salt.bootstrap_options = "-F -c /tmp/ -P"
    salt.run_highstate = true
end

/salt/roots/top.sls:

base:
  '*':
    - mysql

But I get the error:

[INFO ] SaltReqTimeoutError: after 60 seconds. (Try 7 of 7) Attempt to authenticate with the salt master failed

Answer 1

A masterless minion is able to use gitfs without an explicitly configured master. There was an issue in saltstack/salt .

Have a look at this issue in saltstack/salt-bootstrap , for details about why to install things in front using bash provisioning.

Here is a working configuration using the node-formula.

Vagrantfile

Vagrant.configure(2) do |config|
  config.vm.box = "debian/jessie64"

  # mount state tree and pillar
  config.vm.synced_folder ".saltstack/salt/", "/srv/salt/", type: "rsync"
  config.vm.synced_folder ".saltstack/pillar/", "/srv/pillar/", type: "rsync"

  # install those to be able to use gitfs for node formula
  # @see https://github.com/saltstack/salt-bootstrap/issues/245
  config.vm.provision :shell, :inline => "sudo apt-get -y install git-core"
  config.vm.provision :shell, :inline => "sudo apt-get -y install python-setuptools"
  config.vm.provision :shell, :inline => "sudo easy_install GitPython"

  config.vm.provision :salt do |salt|
    # Workaround for:
    # Copying salt minion config to /etc/salt
    # Failed to upload a file to the guest VM via SCP due to a permissions
    # error. [...]; @see:
    # https://github.com/mitchellh/vagrant/issues/5973#issuecomment-137276605
    salt.bootstrap_options = '-F -c /tmp/ -P'
    salt.masterless = true
    salt.minion_config = ".saltstack/minion"
    salt.run_highstate = true
    salt.verbose = true
  end

  # sync working dir
  config.vm.synced_folder ".", "/vagrant", type: "rsync",
    rsync__exclude: [".git/", ".saltstack"]
end

.saltstack/minion

state_verbose: True

file_client: local

gitfs_provider: gitpython

fileserver_backend:
  - roots
  - git

gitfs_remotes:
  - https://github.com/saltstack-formulas/node-formula.git

Answer 2

You are getting that error because when a minion connects to Salt Master - the request has to be approved by Salt master. It is like a security mechanism - first time around needs approval, second time onwards the fingerprint of machine is used. On your salt master run:

sudo salt-key

You should see something like and you will notice that the key of new machine is not yet accepted.

Accepted Keys: Denied Keys: Unaccepted Keys: xyz.hostname.com Rejected Keys:

Go ahead and run the command:

sudo salt-key -A

Say yes on confirmation and the key will be accepted and the error should go away. Also to test that the minion is reachable run command on master:

sudo salt '*' test.ping

This should return true from minions.

Finally use a tried and test project like this one from Salt team or one I have written and you will get going with Salt quite fast.