No proxy key found in pillar or opts for id X.

[brocoli-mountain]

I'm trying to connect to a Cisco IOS device using napalm-salt and am getting the error when running the command: salt-proxy --proxyid=switch1 -l debug

[ERROR ] No proxy key found in pillar or opts for id switch1. Check your pillar/opts configuration and contents. Salt-proxy aborted.

I have been following the install instructions in the readme. I expect I have configured something incorrectly so if anyonecould help, I'd appreciate it.

Configuration is as follows:

root@SaltMinion:/etc/salt/pillar# ls -l total 8 -rw-r--r-- 1 root root 97 May 13 20:59 switch_1.sls -rw-r--r-- 1 root root 31 May 13 21:02 top.sls

root@SaltMinion:/etc/salt/pillar# more top.sls base: switch1:

• switch_1

root@SaltMinion:/etc/salt/pillar# more switch_1.sls proxy: proxytype: napalm driver: ios host: 192.168.0.250 username: [removed] passwd: [removed]

root@SaltMinion:/etc/salt/pillar# salt-proxy --proxyid=switch1 -l debug [DEBUG ] Reading configuration from /etc/salt/proxy [DEBUG ] Configuration file path: /etc/salt/proxy [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. [INFO ] Setting up "switch1" the Salt ProxyMinion [DEBUG ] Created pidfile: /var/run/salt/switch1/salt-minion.pid [INFO ] The Proxy Minion is starting up the Salt ProxyMinion [DEBUG ] AsyncEventPublisher PUB socket URI: /var/run/salt/minion/minion_event_8521ddf0ec_pub.ipc [DEBUG ] AsyncEventPublisher PULL socket URI: /var/run/salt/minion/minion_event_8521ddf0ec_pull.ipc [INFO ] Starting pull socket on /var/run/salt/minion/minion_event_8521ddf0ec_pull.ipc [DEBUG ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_8521ddf0ec_pub.ipc [DEBUG ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_8521ddf0ec_pull.ipc [DEBUG ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_8521ddf0ec_pub.ipc [INFO ] Creating minion process manager [DEBUG ] Process Manager starting! [DEBUG ] Process Manager starting! [DEBUG ] Connecting to master. Attempt 1 of 1 [DEBUG ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'switch1', 'tcp://192.168.0.26:4506') [DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (10767) [DEBUG ] Setting zmq_reconnect_ivl to '10767ms' [DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms' [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'switch1', 'tcp://192.168.0.26:4506', 'clear') [DEBUG ] Decrypting the current master AES key [DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem [DEBUG ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_8521ddf0ec_pub.ipc [DEBUG ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_8521ddf0ec_pull.ipc [DEBUG ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_8521ddf0ec_pull.ipc [DEBUG ] Sending event: tag = salt/auth/creds; data = {'_stamp': '2017-05-13T20:08:33.181583', 'creds': {'publish_port': 4505, 'aes': '1M+gnPeVyx3gI3tSvxMg87OcaWvZsqbJlF12XUTTdcJjtS8Lu3o5bzEMV8uY5e5TKXW7B76WMe8=', 'master_uri': 'tcp://192.168.0.26:4506'}, 'key': ('/etc/salt/pki/minion', 'switch1', 'tcp://192.168.0.26:4506')} [DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem [DEBUG ] subclassed _post_master_init [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'switch1', 'tcp://192.168.0.26:4506', 'aes') [DEBUG ] Re-using AsyncAuth for ('/etc/salt/pki/minion', 'switch1', 'tcp://192.168.0.26:4506') [DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem [ERROR ] No proxy key found in pillar or opts for id switch1. Check your pillar/opts configuration and contents. Salt-proxy aborted. [INFO ] Proxy Minion Stopping the Salt ProxyMinion [ERROR ] No proxy key found in pillar or opts for id switch1. Check your pillar/opts configuration and contents. Salt-proxy aborted. [INFO ] Shutting down the Salt ProxyMinion The Salt ProxyMinion is shutdown. No proxy key found in pillar or opts for id switch1. Check your pillar/opts configuration and contents. Salt-proxy aborted.

[mirceaulinic]

Hi @brocoli-mountain this is one of the most common mistakes. Check this tutorial: https://ripe74.ripe.net/presentations/18-RIPE-74-Network-automation-at-scale-up-and-running-in-60-minutes.pdf following step by step, you should be able to setup correctly :-)

If not, feel free to shout out.

At a glance, I would recommend you to double check the file_roots and pillar_roots in the master config (for example https://github.com/napalm-automation/napalm-salt/blob/master/master#L252-L258). After updating these options, you need to restart the master process.

Also, double check that SLS files are valid YAML. This document - https://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html - presents very icely some common mistakes.

[brocoli-mountain]

Thanks for this - I actually got there myself just about the same time as you posted this!

I think my confusion came because in the documentation I read, it's not 100% clear what is configured on the master and what is on the minion if they're running on differnt hosts as in my PoC environment. Also the file locations in the documentation reference /etc/salt/ locations but when examining the config files for the pillar_roots setting, it lists /srv/...

[mirceaulinic]

No problem. Yes, I agree, there are many details you need to be aware at the beginning. But in time, you'll be more comfortable with these. I feel like the document I linked can still be improved and it's waiting for feedback. If you have any other questions, I'll be happy to answer. I am also on Slack, for quicker help and under the #saltstack channel there are few more experienced people.

[serg239]

I have had the same "No proxy key found in pillar or opts for id" problem when I moved proxy-minion from salt-master to "proxy" host. I successfully configured proxy-minion on salt-master before that. I mean pillars, proxymodule, execution and state modules, salt states worked on salt-master. But when I tried to move proxy-minion related pillars and modules to "proxy" host I have got an error above. I tried to recover the same structure of files on "proxy" host as I have had on salt-master: /srv/salt/_proxy, /srv/salt/_modules, /srv/salt/_states/, /srv/pillar/top.sls and proxy sls with proxytype and opts definitions. So, what should be the structure of files on "proxy" host and what is the difference between that and salt-master file structure? Probably I have to leave some modules on salt-master? It will be good to know what "proxy key in pillar or opts" means also? Finally, are there any relations (keys, logs, caches, etc.) between salt-minion on "proxy" host and proxy-minions I'm trying to install? Any help will be appreciated!

[serg239]

I resolved the issue. In my case the problem was related to dependency of my proxymodule (/srv/salt/_proxy/abc.py on salt-master) from external library. So, it was necessary to install the library on "proxy" host and set the PYTHONPATH.

[tigerrabbit]

To add another example that causes a similar error like above. I had the c4221.sls file created, but I didn't have the entry in the top.sls file. Fixed that and the proxy worked. Thanks for the great project.

[elkinaguas]

The problem in my case was that I was configuring the top.sls and eos.sls (for a eos router) files on the proxy-minion instead of defining them on the master.

[borisovano]

Just clear out one thingy that might confuse: The term proxy "key" mentioned in the error msg refers to key as "key in key,value". NOT key as "key in private key".

It's pretty obvious, however the confusion might be caused by the fact that usually the error message preceded by not related debug message that's also using "key" term:

[DEBUG ] Loaded minion **key**: /etc/salt/pki/minion/minion.pem
[ERROR ] No proxy **key** found in pillar or opts for id switch1. Check your pillar/opts configuration and contents. Salt-proxy aborted.

[kaibabbob]

It also really helps not to have a typo in the proxy name in the top.sls

[wasabi222]

I'm adding my travail here as this seems to be the top google result:

The pillar top file is rendered on a per-minion basis, with the jinja rendered first, then the yaml. If you are sharing your pillar top file with other folks and they are doing something fancy with jinja in the pillar top file that the proxy minion doesn't know about*, the pillar top file will fail to render for the proxy minion, and thus, the top-level proxy key won't be found.

• for example:

  base:
  non-proxy-device:
  {% if grains['custom_grain'] == 'my custom grain' %}
  - my_custom_pillar
  {% endif %}
  cisco_device:
  - proxy_pillar

  in the above, the cisco_device proxy minion will fail because the entire top file jinja gets rendered first, and the cisco_device doesn't have that custom_grain value set. You can verify this by looking at the master log cat /var/log/salt/master. This can be avoided by using {% salt.grains.get('custom_pillar') %} I hope this helps someone.