A lot of virtual machine clones have been done, and it has been found that they all work with the same key — a common one for everyone.
those. salt-key -P shows the same pub Key
it does not seem to cause problems, but I would like to do everything correctly. How to regenerate keys?
deleting /etc/salt/pki/minion/minion.pem /etc/salt/pki/minion/minion.pub does not solve the problem - the key is the same
how to do right?
each minion , in order for master to distinguish them, must have a unique identifier stored on the minion in the /etc/salt/minion_id .
on minion :
stop salt-minion :
$ sudo service salt-minion stop write down a suitable unique identifier:
$ echo уникальный-идентификатор | sudo tee /etc/salt/minion_id remove the old key:
$ sudo rm /etc/salt/pki/minion/minion.pem /etc/salt/pki/minion/minion.pub run salt-minion (this should generate a new key instead of the remote one):
$ sudo service salt-minion start now the master will receive a new connection request, which can be seen, for example, with such a command (on master ):
$ salt-key -l un and then connect the "knocking" minions . all at once:
$ salt-key -A or one at a time:
$ salt-key -a идентификатор-minion-а addition
To remove unnecessary minion records from the master configuration (as shown by the salt-key program), you need to delete the corresponding files from the /etc/salt/pki/master/minions/ directory on the master
Source: https://ru.stackoverflow.com/questions/625108/
All Articles
/etc/salt/minion_idfrom the “model image” (it will be filled with the value from thehostnamecommand, which I hope you have is unique for each clone) and/etc/salt/pki/minion/minion*( must be generated the first time you start salt-minion ). - aleksandr barakin