search

salt-formulas / salt-formula-salt

Other
14 stars 31 forks source link

When I run ##salt -C 'I@docker:swarm' state.sls salt##, follow error happed #67

Open Projoke opened 6 years ago

Projoke commented 6 years ago 
          ID: /etc/haproxy/ssl/10.0.1.90.crt
    Function: x509.certificate_managed
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1735, in call
                  **cdata['kwargs'])
                File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1653, in wrapper
                  return f(*args, **kwargs)
                File "/usr/lib/python2.7/dist-packages/salt/states/x509.py", line 475, in certificate_managed
                  ret['comment'] = __salt__['x509.create_certificate'](path=name, **kwargs)
                File "/usr/lib/python2.7/dist-packages/salt/modules/x509.py", line 1119, in create_certificate
                  pem_type='CERTIFICATE')
                File "/usr/lib/python2.7/dist-packages/salt/modules/x509.py", line 641, in write_pem
                  text = get_pem_entry(text, pem_type=pem_type)
                File "/usr/lib/python2.7/dist-packages/salt/modules/x509.py", line 380, in get_pem_entry
                  '{1}'.format(pem_type, text))
              SaltInvocationError: PEM does not contain a single entry of type CERTIFICATE:
              Signing policy salt_master_ca_cert_server does not exist.
     Started: 16:53:53.927848
    Duration: 715.996 ms
     Changes:   
----------
          ID: /etc/haproxy/ssl/10.0.1.90.crt_cert_permissions
    Function: file.managed
        Name: /etc/haproxy/ssl/10.0.1.90.crt
      Result: False
     Comment: One or more requisite failed: salt.minion.cert./etc/haproxy/ssl/10.0.1.90.crt
     Changes:   
----------
          ID: salt_minion_cert_proxy_all
    Function: cmd.wait
        Name: cat /etc/haproxy/ssl/10.0.1.90.key /etc/haproxy/ssl/10.0.1.90.crt /etc/haproxy/ssl/salt_master_ca-ca.crt > /etc/haproxy/ssl/10.0.1.90-all.pem
      Result: False
     Comment: One or more requisite failed: salt.minion.cert./etc/haproxy/ssl/10.0.1.90.crt
     Changes:   
----------
          ID: /etc/haproxy/ssl/10.0.1.90-all.pem_cert_permissions
    Function: file.managed
        Name: /etc/haproxy/ssl/10.0.1.90-all.pem
      Result: False
     Comment: One or more requisite failed: salt.minion.cert.salt_minion_cert_proxy_all
     Changes:
fpytloun commented 6 years ago

You need to restart salt-minion on your CA node. Signing policy salt_master_ca_cert_server does not exist means that you probably have signing policy defined in minion configuration but service was not restarted.