Closed sjorge closed 8 years ago
sjorge
commented
8 years ago input on that lines seems to be a dict with the certificate data, I did a dirty hack to just return input but it looks like the entire dataformat has changed because then I just hit a next error.
sjorge
commented
8 years ago content of input_
{'Issuer Public Key': '-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtiqj2jyTiZYLjBkDFzd9\nd0HMKtZLKYyLGqrcbtAs6lkXcDKqfqRAkHyYn/faj/DJ7RrgCjrOUAZG8UaATnQR\nOgRgOZ+Z6AhCM/bqpW1YaEn3dZjD4NdDJGV93+vArPm5otddtVIJGQT9FYv0MF9s\nByTlAWA3Pd4VRNrTDcXhi5rDFyxG3QFoQ5y/qPAP/xI49EE9h07h5IysQg9XM4DJ\nw0wAzFKKhUiGNCgvtUL11UOMV/8grM3tjdju2LJA+PRUoIl6uxi9e4CRcHexC6P9\nA9G70AtM8ESCzWhd3JxQaMf0uKQZhH8rUs4GUj2qFJI6gvL/f8ePeTm6MjqQGbVQ\nj0nY09FM1iI/bag3ntBQaT7D8fox/CH/ojwhz5aqF6MTIy2N4tLOeV+fCWLutyYw\nKqFmV1dme2WUqzLWXabh5F9TEzxYUZXz4nrR42dpIH/M2fMD9HksC/vIMarvoHw2\nXmQvcj+swIscpO00IgXOuoQiqbASCVp/LfP7P60lUGcbZpJUuOWcUXmkl10zA8nY\nnveFLDYr8w+K7qrFwTtktZWuvI/Pf8SpmzLKRBdI07DVzUbJHzWIyRnkpfOC4I5o\n2rBbTNfodxKEBRaEO0X+pswJuZMd1LD0/MCfIuQpANGztbzPw6GFf3Ck0usVuWJf\nWSgnPNXlocJgo6zFN7PlfrkCAwEAAQ==\n-----END PUBLIC KEY-----\n', 'Not After': '2016-06-21 12:44:21', 'Subject Hash': '6D:5E:51:36', 'Serial Number': '07:54:FA:04:2D:6C:CC:35', 'SHA1 Finger Print': 'BF:AC:11:99:4B:B5:16:F6:C8:C5:F2:42:3B:0E:5A:22:B8:29:0A:A0', 'SHA-256 Finger Print': '2A:8B:4B:AA:E8:CA:7D:23:DB:F0:6A:58:28:F8:FC:5B:D1:02:51:ED:7A:87:E1:A4:0B:D7:22:BB:4E:27:7C:02', 'MD5 Finger Print': '2E:9F:D7:7B:23:5A:C4:EB:98:87:81:D9:58:54:81:2A', 'Version': 3, 'Public Key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+vZc0HgAYPONSa4p7Nd\nDN75h3h60WVXD4T2kzG732pgInxeMyqDcoWP+IGBCZOQN9b+7LbnCzBJFShbUCzH\nx5m5iIgH2qnAg1eFDnOn06N1REtsY8frMKjIy1CB45V2CnxMSV179A3+ohUFGsIK\nY0AWppP/0TcWPNP4TIl9DdxscvYSKtEWaBGPFgYlVJrsf6ccVfwg3IlotKfx5rz7\neJfeAbbvCkoeKEwwT9xSBMpoUslxIhYLqE9qkEcfiaLVrQtrxtQkGbmZ/kW75HsT\nseKbWJXn6iFZSx0FfV7xfUTWduMP+3f54ldwMf+BUIA6Hn8f3x3d4JCp/NyQaKO2\nawIDAQAB\n-----END PUBLIC KEY-----\n', 'X509v3 Extensions': {'subjectKeyIdentifier': 'A8:99:00:9A:98:61:EB:F2:3D:20:B7:B3:AF:15:6A:88:E5:E1:73:38', 'keyUsage': 'critical Certificate Sign, CRL Sign', 'authorityKeyIdentifier': 'keyid:03:C4:9C:3F:8E:62:FB:20:C4:51:40:D5:C5:6F:11:FE:FD:EC:35:DD\nDirName:/C=BE/CN=ca.acheron.be/L=Kapellen/ST=Antwerp/emailAddress=certadm@acheron.be\nserial:6F:B2:94:3B:DB:68:91:FB\n', 'basicConstraints': 'critical CA:FALSE'}, 'Key Size': 2048, 'Issuer': {'C': 'BE', 'SP': 'Antwerp', 'emailAddress': 'certadm@acheron.be', 'CN': 'ca.acheron.be', 'L': 'Kapellen'}, 'Issuer Hash': '3A:F3:4F:DC', 'Not Before': '2016-03-23 12:44:21', 'Subject': {'C': 'BE', 'SP': 'Antwerp', 'emailAddress': 'certadm@acheron.be', 'CN': 'test.acheron.be', 'L': 'Kapellen'}}changing [ca_server] to [ca_server]['Public Key'] might fix it... will roll a test of this later today
https://github.com/saltstack/salt/blob/2016.3/salt/modules/x509.py#L1096
Eh there doesn't seem to be any certificate data in the resulting dict
sjorge
commented
8 years ago Further digging into this, testrun ends up being set to true in kwargs before they get passed: If I hack it to always be false, the returned data has a totally different datastructure, making the existing code just work!
Now to figure out WHY it is set to true as I did not pass test=True on the state.apply!
{'signing_policy': 'default', 'public_key': '-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+vZc0HgAYPONSa4p7NdDN75h3h60WVXD4T2kzG732pgInxeMyqDcoWP+IGBCZOQN9b+7LbnCzBJFShbUCzHx5m5iIgH2qnAg1eFDnOn06N1REtsY8frMKjIy1CB45V2CnxMSV179A3+ohUFGsIKY0AWppP/0TcWPNP4TIl9DdxscvYSKtEWaBGPFgYlVJrsf6ccVfwg3IlotKfx5rz7eJfeAbbvCkoeKEwwT9xSBMpoUslxIhYLqE9qkEcfiaLVrQtrxtQkGbmZ/kW75HsTseKbWJXn6iFZSx0FfV7xfUTWduMP+3f54ldwMf+BUIA6Hn8f3x3d4JCp/NyQaKO2awIDAQAB-----END PUBLIC KEY-----', 'days_valid': 90, 'testrun': True, 'CN': 'test.acheron.be'}@jfindlay Is there a reason for the testrun=True here: https://github.com/saltstack/salt/blob/2016.3/salt/states/x509.py#L429
sjorge
commented
8 years ago I have a fix, PR opened against 2015.8.
Tested on 2016.3 and develop.
jfindlay
commented
8 years ago @sjorge, I'm not really familiar with this state or module. You could ask @clinta.
sjorge
commented
8 years ago @jfindlay I closed the PR, It's bad. Remote signing worked, but it kept creating new certificates even if one existed. It also broke local signing. This definitely needs lots of love in the future.
clinta
commented
8 years ago I'll test this soon. I've not upgraded to 2016.3 yet, but am using this state extensively in production, so if it's broken I'll need to get it fixed before upgrading.
clinta
commented
8 years ago A basic cert state is working for me under 2016.3. I tried testing your state but I don't have role/certificate/config.jinja which is needed to apply it.
Based on that error message I would guess that perhaps something in the rendered yaml has a colon in it which is not escaped or quoted so it is interpreted as a dict rather than a string.
If you apply the state via salt-call from the minion with --log-level=debug you should get a log line Results of YAML rendering which may help diagnose the issue.
sjorge
commented
8 years ago @clinta
role.certificate.authority
local:
----------
ID: certificate.authority::policies
Function: file.managed
Name: /salt/config/minion.d/signing_policies.conf
Result: True
Comment: File /salt/config/minion.d/signing_policies.conf is in the correct state
Started: 00:09:17.507864
Duration: 73.009 ms
Changes:
----------
ID: certificate.authority::directories
Function: file.directory
Name: /salt/pki/issued/
Result: True
Comment: Directory /salt/pki/issued updated
Started: 00:09:17.581349
Duration: 9.654 ms
Changes:
----------
/salt/pki/issued:
New Dir
----------
ID: certificate.authority::directories
Function: file.directory
Name: /salt/pki
Result: True
Comment: Directory /salt/pki is in the correct state
Started: 00:09:17.591455
Duration: 3.539 ms
Changes:
----------
ID: certificate.authority::key
Function: x509.private_key_managed
Name: /salt/pki/ca.key
Result: True
Comment: PEM written to /salt/pki/ca.key
Started: 00:09:17.691104
Duration: 959.936 ms
Changes:
----------
new:
4096 bit private key
old:
/salt/pki/ca.key does not exist.
----------
ID: certificate.authority::crt
Function: x509.certificate_managed
Name: /salt/pki/ca.crt
Result: True
Comment: PEM written to /salt/pki/ca.crt
Started: 00:09:18.652737
Duration: 59.647 ms
Changes:
----------
new:
----------
Issuer:
----------
C:
BE
CN:
ca.acheron.be
L:
Kapellen
SP:
Antwerp
emailAddress:
certadm@acheron.be
Issuer Hash:
3A:F3:4F:DC
Key Size:
4096
MD5 Finger Print:
F3:A2:63:76:CE:F5:49:82:0A:76:DA:E3:15:50:AD:98
Not After:
2026-03-22 23:09:18
Not Before:
2016-03-24 23:09:18
Public Key:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtw0JAsgZQLF6rgqitxlL
BHFg0RgMy0UbFXxmfpz7ryjbYx0UNvVCL5fCOpcRhPM1cJCCpoNMQITvpcmbwAyk
mXDBv9A9oDJ58Y4qQ+tyXdS8O61uxzNs+j2Nrs6cVxWKq/FDvCPevkBOOLcOD4eY
PEF+ti7RF4mQP53hdIDhj36dd5osFDJXwpDgFGDFOtznV+TlVZtvJd3vR1nmVZTm
eqtT7RXnvUKZCkqvtLLppDG20s0Os/Ils3zI07H+ksR3cyd/Fw0HKo4NZY1naPxg
TAgCGTGpq+C2zZnmi+zLDMwSrP0pNDXH0hUVLMUyA9BaLQjAaKrqhzkFGrZOVcUP
47Eom8RPofflsBw6C7VOTgXhwV5uFYtnaRYxKBhp/Sbt4aAWAwrs17fjexsFsrLu
nGebhGxpw6wuC1kzS45VMV7QI3u9EA42wR7SO6y22RB7yziKAjhhIuOY5BCAKAAy
WpOnDfYV95C9a06nlGKVy1A3sG3W2OGAQJTdyVcLOWg7KvJnxEqDpZRqugjDA3wa
tZFjr9KyepB6Qm4gmXqWvra3W3uviQwR4d9uap/UOsTlcbcPXCNTCx0RmI+l4gJf
77PlA/sLAmvm5QfaR7JvW78zdEUZ1b1ID6FJt6vIUC+7fdit4Mery1rV4s30Etq0
epsWwodtQfGCHSaNKX4IHtMCAwEAAQ==
-----END PUBLIC KEY-----
SHA-256 Finger Print:
91:2C:3C:A4:69:4B:6E:96:4D:9B:C9:FF:BF:6B:C6:97:17:EB:F4:18:B3:1F:3D:AF:24:DF:0F:BD:33:F8:97:F5
SHA1 Finger Print:
53:2F:58:52:BC:B0:E7:E6:13:4F:6D:4B:36:20:18:D9:AC:09:E7:23
Serial Number:
FF:03:33:51:2F:29:BE:E9
Subject:
----------
C:
BE
CN:
ca.acheron.be
L:
Kapellen
SP:
Antwerp
emailAddress:
certadm@acheron.be
Subject Hash:
3A:F3:4F:DC
Version:
3
X509v3 Extensions:
----------
authorityKeyIdentifier:
keyid:F0:6E:B5:CD:EF:7A:D0:FE:B3:16:50:EE:3B:BC:68:F4:DF:67:45:49
DirName:/C=BE/CN=ca.acheron.be/L=Kapellen/ST=Antwerp/emailAddress=certadm@acheron.be
serial:FF:03:33:51:2F:29:BE:E9
basicConstraints:
critical CA:TRUE
keyUsage:
critical Certificate Sign, CRL Sign
subjectKeyIdentifier:
F0:6E:B5:CD:EF:7A:D0:FE:B3:16:50:EE:3B:BC:68:F4:DF:67:45:49
old:
/salt/pki/ca.crt does not exist.
----------
ID: mine.send
Function: module.run
Result: True
Comment: Module function mine.send executed
Started: 00:09:18.715237
Duration: 511.048 ms
Changes:
----------
ret:
True
Summary for local
------------
Succeeded: 6 (changed=4)
Failed: 0
------------
Total states run: 6role.certificate
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Configuration file path: /opt/local/etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Connecting to master. Attempt 1 of 1
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (7683)
[DEBUG ] Setting zmq_reconnect_ivl to '7683ms'
[DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'clear')
[DEBUG ] Decrypting the current master AES key
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] LazyLoaded state.apply
[DEBUG ] LazyLoaded saltutil.is_running
[DEBUG ] LazyLoaded grains.get
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Loading fresh modules for state activity
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] Could not find file from saltenv 'base', 'salt://role/certificate.sls'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/init.sls' to resolve 'salt://role/certificate/init.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/init.sls' to resolve 'salt://role/certificate/init.sls'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/init.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/certificate/init.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[DEBUG ] LazyLoaded grains.filter_by
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_macros/cert.jinja' to resolve 'salt://role/certificate/_macros/cert.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_macros/cert.jinja' to resolve 'salt://role/certificate/_macros/cert.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_macros/cert.jinja'
[DEBUG ] LazyLoaded mine.get
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/init.sls' using 'jinja' renderer: 0.22850394249
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/certificate/init.sls:
######
## certificate state
## -----------------------------------
######
## import
## variables
## publish authority root cert
certificate::ca:
file.directory:
- name: /opt/local/etc/openssl/certs
x509.pem_managed:
- name: /opt/local/etc/openssl/certs/internal-ca.crt
- text: -----BEGIN CERTIFICATE-----MIIGQzCCBCugAwIBAgIJAOQQXTY/Om3jMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAkJFMRYwFAYDVQQDDA1jYS5hY2hlcm9uLmJlMREwDwYDVQQHDAhLYXBlbGxlbjEQMA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9uLmJlMB4XDTE2MDMyNDIzMDkxOFoXDTI2MDMyMjIzMDkxOFowbTELMAkGA1UEBhMCQkUxFjAUBgNVBAMMDWNhLmFjaGVyb24uYmUxETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3DQkCyBlAsXquCqK3GUsEcWDRGAzLRRsVfGZ+nPuvKNtjHRQ29UIvl8I6lxGE8zVwkIKmg0xAhO+lyZvADKSZcMG/0D2gMnnxjipD63Jd1Lw7rW7HM2z6PY2uzpxXFYqr8UO8I96+QE44tw4Ph5g8QX62LtEXiZA/neF0gOGPfp13miwUMlfCkOAUYMU63OdX5OVVm28l3e9HWeZVlOZ6q1PtFee9QpkKSq+0sumkMbbSzQ6z8iWzfMjTsf6SxHdzJ38XDQcqjg1ljWdo/GBMCAIZMamr4LbNmeaL7MsMzBKs/Sk0NcfSFRUsxTID0FotCMBoquqHOQUatk5VxQ/jsSibxE+h9+WwHDoLtU5OBeHBXm4Vi2dpFjEoGGn9Ju3hoBYDCuzXt+N7GwWysu6cZ5uEbGnDrC4LWTNLjlUxXtAje70QDjbBHtI7rLbZEHvLOIoCOGEi45jkEIAoADJak6cN9hX3kL1rTqeUYpXLUDewbdbY4YBAlN3JVws5aDsq8mfESoOllGq6CMMDfBq1kWOv0rJ6kHpCbiCZepa+trdbe6+JDBHh325qn9Q6xOVxtw9cI1MLHRGYj6XiAl/vs+UD+wsCa+blB9pHsm9bvzN0RRnVvUgPoUm3q8hQL7t92K3gx6vLWtXizfQS2rR6mxbCh21B8YIdJo0pfgge0wIDAQABo4HlMIHiMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwbrXN73rQ/rMWUO47vGj032dFSTCBnwYDVR0jBIGXMIGUgBTwbrXN73rQ/rMWUO47vGj032dFSaFxpG8wbTELMAkGA1UEBhMCQkUxFjAUBgNVBAMMDWNhLmFjaGVyb24uYmUxETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWCCQDkEF02Pzpt4zANBgkqhkiG9w0BAQsFAAOCAgEAHqvYmbLU9sq12OmXVlGULhLc6XFEkXjX+uNRJOF6etFh1pyoJxfzo55+t/MgG1n/PtoXZ8fDg1fy5Fxu1OzqxIGxZMBh3ctQkyl7RbrHBcrk8JNZKFr4MnVAUrxbs/cC7ODGSL2ru7hFvDeYLEvmPStk/RmEUz05hMRWC+WyMLVsyI2Bywgn7otTHWLsnTEpAxdpBqeuxeM/2ADm+ZhF2F+cZtE/hhdmg1Or4xiIMErS2PIrtS5bIPQSGYoOYi39W6y4Pn2j1eQlWl3tJ0/FzuQY+cM+v3rL2hJnlar9coGFqegYF9Ak+SrH3on1K+YQV0p77f4stYoURukl9Es2hLo1ePy0s1epYu7GE0nPB2H5Heo6CT0sSgRnQiqq2SHqg0wqk1BcMhcgMmOldaWbzBlc7Swsp9HU8oHxBCpSWMhq6XUu/8iKnnVwZCHV2Vx6uTaStHzX6KAfrurPK33lHo/pHUh0PiICmZqoaSUy02eksQLB2lNxxYMnoWIgDQ04miIDw8rTtqEKS/Q/v5lOvOQ6mddTmxQCu2jLnhOZqvzPqYzw3leVHac9716B0gFORLuO/1w0vY+/i1yZA6Gd9Kb5OPQqO/Vc4KyrHTuz0KCMztJWP+w1m2x1BWWcHUGGc72RA3eY6wrS+4PQ76jyZ5Na3PN5m0rVvjUiEnHg6cs=-----END CERTIFICATE-----
- require:
- file: certificate::ca
certificate::rebuild-cache:
cmd.wait:
- name: /opt/local/bin/c_rehash
- watch:
- x509: certificate::ca
#TODO: dns, ip4, ip6 aliasses
certificate:test.acheron.be::directory:
file.directory:
- name: /opt/local/etc/pki
certificate:test.acheron.be::key:
x509.private_key_managed:
- name: /opt/local/etc/pki/test.acheron.be.key
- bits: 2048
- require:
- file: certificate:test.acheron.be::directory
certificate:test.acheron.be::crt:
x509.certificate_managed:
- ca_server: cronos
- signing_policy: default
- public_key: /opt/local/etc/pki/test.acheron.be.key
- path: /opt/local/etc/pki/test.acheron.be.crt
- CN: test.acheron.be
- days_valid: 90
- days_remaining: 30
- backup: True
- require:
- x509: certificate:test.acheron.be::key
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] LazyLoaded config.get
[DEBUG ] Results of YAML rendering:
OrderedDict([('certificate::ca', OrderedDict([('file.directory', [OrderedDict([('name', '/opt/local/etc/openssl/certs')])]), ('x509.pem_managed', [OrderedDict([('name', '/opt/local/etc/openssl/certs/internal-ca.crt')]), OrderedDict([('text', '-----BEGIN CERTIFICATE-----MIIGQzCCBCugAwIBAgIJAOQQXTY/Om3jMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAkJFMRYwFAYDVQQDDA1jYS5hY2hlcm9uLmJlMREwDwYDVQQHDAhLYXBlbGxlbjEQMA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9uLmJlMB4XDTE2MDMyNDIzMDkxOFoXDTI2MDMyMjIzMDkxOFowbTELMAkGA1UEBhMCQkUxFjAUBgNVBAMMDWNhLmFjaGVyb24uYmUxETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3DQkCyBlAsXquCqK3GUsEcWDRGAzLRRsVfGZ+nPuvKNtjHRQ29UIvl8I6lxGE8zVwkIKmg0xAhO+lyZvADKSZcMG/0D2gMnnxjipD63Jd1Lw7rW7HM2z6PY2uzpxXFYqr8UO8I96+QE44tw4Ph5g8QX62LtEXiZA/neF0gOGPfp13miwUMlfCkOAUYMU63OdX5OVVm28l3e9HWeZVlOZ6q1PtFee9QpkKSq+0sumkMbbSzQ6z8iWzfMjTsf6SxHdzJ38XDQcqjg1ljWdo/GBMCAIZMamr4LbNmeaL7MsMzBKs/Sk0NcfSFRUsxTID0FotCMBoquqHOQUatk5VxQ/jsSibxE+h9+WwHDoLtU5OBeHBXm4Vi2dpFjEoGGn9Ju3hoBYDCuzXt+N7GwWysu6cZ5uEbGnDrC4LWTNLjlUxXtAje70QDjbBHtI7rLbZEHvLOIoCOGEi45jkEIAoADJak6cN9hX3kL1rTqeUYpXLUDewbdbY4YBAlN3JVws5aDsq8mfESoOllGq6CMMDfBq1kWOv0rJ6kHpCbiCZepa+trdbe6+JDBHh325qn9Q6xOVxtw9cI1MLHRGYj6XiAl/vs+UD+wsCa+blB9pHsm9bvzN0RRnVvUgPoUm3q8hQL7t92K3gx6vLWtXizfQS2rR6mxbCh21B8YIdJo0pfgge0wIDAQABo4HlMIHiMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwbrXN73rQ/rMWUO47vGj032dFSTCBnwYDVR0jBIGXMIGUgBTwbrXN73rQ/rMWUO47vGj032dFSaFxpG8wbTELMAkGA1UEBhMCQkUxFjAUBgNVBAMMDWNhLmFjaGVyb24uYmUxETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWCCQDkEF02Pzpt4zANBgkqhkiG9w0BAQsFAAOCAgEAHqvYmbLU9sq12OmXVlGULhLc6XFEkXjX+uNRJOF6etFh1pyoJxfzo55+t/MgG1n/PtoXZ8fDg1fy5Fxu1OzqxIGxZMBh3ctQkyl7RbrHBcrk8JNZKFr4MnVAUrxbs/cC7ODGSL2ru7hFvDeYLEvmPStk/RmEUz05hMRWC+WyMLVsyI2Bywgn7otTHWLsnTEpAxdpBqeuxeM/2ADm+ZhF2F+cZtE/hhdmg1Or4xiIMErS2PIrtS5bIPQSGYoOYi39W6y4Pn2j1eQlWl3tJ0/FzuQY+cM+v3rL2hJnlar9coGFqegYF9Ak+SrH3on1K+YQV0p77f4stYoURukl9Es2hLo1ePy0s1epYu7GE0nPB2H5Heo6CT0sSgRnQiqq2SHqg0wqk1BcMhcgMmOldaWbzBlc7Swsp9HU8oHxBCpSWMhq6XUu/8iKnnVwZCHV2Vx6uTaStHzX6KAfrurPK33lHo/pHUh0PiICmZqoaSUy02eksQLB2lNxxYMnoWIgDQ04miIDw8rTtqEKS/Q/v5lOvOQ6mddTmxQCu2jLnhOZqvzPqYzw3leVHac9716B0gFORLuO/1w0vY+/i1yZA6Gd9Kb5OPQqO/Vc4KyrHTuz0KCMztJWP+w1m2x1BWWcHUGGc72RA3eY6wrS+4PQ76jyZ5Na3PN5m0rVvjUiEnHg6cs=-----END CERTIFICATE-----')]), OrderedDict([('require', [OrderedDict([('file', 'certificate::ca')])])])])])), ('certificate::rebuild-cache', OrderedDict([('cmd.wait', [OrderedDict([('name', '/opt/local/bin/c_rehash')]), OrderedDict([('watch', [OrderedDict([('x509', 'certificate::ca')])])])])])), ('certificate:test.acheron.be::directory', OrderedDict([('file.directory', [OrderedDict([('name', '/opt/local/etc/pki')])])])), ('certificate:test.acheron.be::key', OrderedDict([('x509.private_key_managed', [OrderedDict([('name', '/opt/local/etc/pki/test.acheron.be.key')]), OrderedDict([('bits', 2048)]), OrderedDict([('require', [OrderedDict([('file', 'certificate:test.acheron.be::directory')])])])])])), ('certificate:test.acheron.be::crt', OrderedDict([('x509.certificate_managed', [OrderedDict([('ca_server', 'cronos')]), OrderedDict([('signing_policy', 'default')]), OrderedDict([('public_key', '/opt/local/etc/pki/test.acheron.be.key')]), OrderedDict([('path', '/opt/local/etc/pki/test.acheron.be.crt')]), OrderedDict([('CN', 'test.acheron.be')]), OrderedDict([('days_valid', 90)]), OrderedDict([('days_remaining', 30)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('x509', 'certificate:test.acheron.be::key')])])])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/init.sls' using 'yaml' renderer: 0.0597870349884
[DEBUG ] LazyLoaded file.directory
[INFO ] Running state [/opt/local/etc/openssl/certs] at time 00:14:47.145323
[INFO ] Executing state file.directory for /opt/local/etc/openssl/certs
[DEBUG ] LazyLoaded file.stats
[INFO ] Directory /opt/local/etc/openssl/certs is in the correct state
[INFO ] Completed state [/opt/local/etc/openssl/certs] at time 00:14:47.164677 duration_in_ms=19.354
[DEBUG ] LazyLoaded x509.get_pem_entry
[DEBUG ] LazyLoaded x509.pem_managed
[INFO ] Running state [/opt/local/etc/openssl/certs/internal-ca.crt] at time 00:14:47.265972
[INFO ] Executing state x509.pem_managed for /opt/local/etc/openssl/certs/internal-ca.crt
[INFO ] The file is already in the correct state
[INFO ] Completed state [/opt/local/etc/openssl/certs/internal-ca.crt] at time 00:14:47.268454 duration_in_ms=2.482
[DEBUG ] LazyLoaded cmd.wait
[INFO ] Running state [/opt/local/bin/c_rehash] at time 00:14:47.271546
[INFO ] Executing state cmd.wait for /opt/local/bin/c_rehash
[INFO ] No changes made for /opt/local/bin/c_rehash
[INFO ] Completed state [/opt/local/bin/c_rehash] at time 00:14:47.273694 duration_in_ms=2.148
[INFO ] Running state [/opt/local/etc/pki] at time 00:14:47.274387
[INFO ] Executing state file.directory for /opt/local/etc/pki
[INFO ] Directory /opt/local/etc/pki is in the correct state
[INFO ] Completed state [/opt/local/etc/pki] at time 00:14:47.277626 duration_in_ms=3.239
[INFO ] Running state [/opt/local/etc/pki/test.acheron.be.key] at time 00:14:47.279722
[INFO ] Executing state x509.private_key_managed for /opt/local/etc/pki/test.acheron.be.key
[INFO ] The Private key is already in the correct state
[INFO ] Completed state [/opt/local/etc/pki/test.acheron.be.key] at time 00:14:47.282748 duration_in_ms=3.026
[INFO ] Running state [certificate:test.acheron.be::crt] at time 00:14:47.284692
[INFO ] Executing state x509.certificate_managed for certificate:test.acheron.be::crt
[DEBUG ] LazyLoaded publish.publish
[INFO ] Publishing 'x509.sign_remote_certificate' to tcp://[2001:6f8:1480:30::130]:4506
[DEBUG ] Re-using SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[ERROR ] An exception occurred in this state: Traceback (most recent call last):
File "/opt/salt/lib/python2.7/site-packages/salt/state.py", line 1703, in call
**cdata['kwargs'])
File "/opt/salt/lib/python2.7/site-packages/salt/loader.py", line 1607, in wrapper
return f(*args, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/states/x509.py", line 429, in certificate_managed
new = __salt__['x509.create_certificate'](testrun=True, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 1099, in create_certificate
pem_type='CERTIFICATE')
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 628, in write_pem
text = get_pem_entry(text, pem_type=pem_type)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 367, in get_pem_entry
'{1}'.format(pem_type, text))
SaltInvocationError: PEM does not contain a single entry of type CERTIFICATE:
PEM does not contain a single entry of type CERTIFICATE:
/salt/pki/certificates/ca.crt
[INFO ] Completed state [certificate:test.acheron.be::crt] at time 00:14:47.978178 duration_in_ms=693.486
[DEBUG ] File /var/cache/salt/minion/accumulator/18446741324877745552 does not exist, no need to cleanup.
[DEBUG ] LazyLoaded config.option
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] LazyLoaded highstate.output
local:
----------
ID: certificate::ca
Function: file.directory
Name: /opt/local/etc/openssl/certs
Result: True
Comment: Directory /opt/local/etc/openssl/certs is in the correct state
Started: 00:14:47.145323
Duration: 19.354 ms
Changes:
----------
ID: certificate::ca
Function: x509.pem_managed
Name: /opt/local/etc/openssl/certs/internal-ca.crt
Result: True
Comment: The file is already in the correct state
Started: 00:14:47.265972
Duration: 2.482 ms
Changes:
----------
ID: certificate::rebuild-cache
Function: cmd.wait
Name: /opt/local/bin/c_rehash
Result: True
Comment:
Started: 00:14:47.271546
Duration: 2.148 ms
Changes:
----------
ID: certificate:test.acheron.be::directory
Function: file.directory
Name: /opt/local/etc/pki
Result: True
Comment: Directory /opt/local/etc/pki is in the correct state
Started: 00:14:47.274387
Duration: 3.239 ms
Changes:
----------
ID: certificate:test.acheron.be::key
Function: x509.private_key_managed
Name: /opt/local/etc/pki/test.acheron.be.key
Result: True
Comment: The Private key is already in the correct state
Started: 00:14:47.279722
Duration: 3.026 ms
Changes:
----------
ID: certificate:test.acheron.be::crt
Function: x509.certificate_managed
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/opt/salt/lib/python2.7/site-packages/salt/state.py", line 1703, in call
**cdata['kwargs'])
File "/opt/salt/lib/python2.7/site-packages/salt/loader.py", line 1607, in wrapper
return f(*args, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/states/x509.py", line 429, in certificate_managed
new = __salt__['x509.create_certificate'](testrun=True, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 1099, in create_certificate
pem_type='CERTIFICATE')
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 628, in write_pem
text = get_pem_entry(text, pem_type=pem_type)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 350, in get_pem_entry
text = _text_or_file(text)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 267, in _text_or_file
if os.path.isfile(input_):
File "/opt/local/lib/python2.7/genericpath.py", line 37, in isfile
st = os.stat(path)
TypeError: coercing to Unicode: need string or buffer, dict found
Started: 00:14:47.284692
Duration: 693.486 ms
Changes:
Summary for local
------------
Succeeded: 5
Failed: 1
------------
Total states run: 6So creating the key + ca-cert on cronos works fine, creating a certificate to be signed by the before mentioned ca... fails on both cronos or a different minion. I had a PR where I though I fixed it but it kept recreating the certificate every state run and it broke local certificates :-1:
clinta
commented
8 years ago You are writing your CA to /salt/pki/ca.crt but trying to sign it with a CA at /salt/pki/certificates/ca.crt. Check the signing_cert value in your signing policy.
sjorge
commented
8 years ago I'm pretty sure I fixed that before running those. Let me do it again because the signing policy file (on disks) has the correct path. I'll recheck everything and run again.
sjorge
commented
8 years ago @clinta fresh data, I may not have restarted the salt-minion yesterday so it could have used the wrong path. The contents of input_ where genericpath.py is complaining about is found in #issuecomment-200350188
[root@cronos /salt/states/role/certificate]# ls -lR /salt/states/role/certificate
/salt/states/role/certificate:
total 6
drwxr-sr-x 2 root nacl 3 Mar 25 01:12 _files
drwxr-sr-x 2 root nacl 3 Mar 25 00:54 _macros
-rw-r--r-- 1 root nacl 2131 Mar 25 00:36 authority.sls
-rw-r--r-- 1 root nacl 1047 Mar 25 00:06 config.jinja
-rw-r--r-- 1 root nacl 1508 Mar 25 00:54 init.sls
/salt/states/role/certificate/_files:
total 1
-rw-r--r-- 1 root nacl 519 Mar 25 01:12 signing_policies.conf
/salt/states/role/certificate/_macros:
total 2
-rw-r--r-- 1 root nacl 995 Mar 25 00:53 cert.jinja######
## certificate configuration
## -----------------------------------
######
## macros
{% from '_macros/common.jinja' import config_merge with context %}
## defaults
{% set certcfg =
{
'authority_id': 'cronos',
'authority_dir': '/salt/pki',
'castore_dir': false,
'castore_bin': false,
'managed': None
}
%}
## platform specific + pillar overwrite
{% do config_merge(certcfg, salt['grains.filter_by']({
'SmartOS': {
'castore_dir': '/opt/local/etc/openssl/certs',
'castore_bin': '/opt/local/bin/c_rehash',
'pki_dir': '/opt/local/etc/pki'
},
'CentOS': {
'castore_dir': '/etc/pki/ca-trust/source/anchors',
'castore_bin': '/usr/bin/update-ca-trust extract',
'pki_dir': '/etc/pki'
},
'Ubuntu': {
'castore_dir': '/usr/local/share/ca-certificates',
'castore_bin': '/usr/sbin/update-ca-certificates',
'pki_dir': '/etc/pki'
},
},
grain="os", merge=salt.pillar.get('certificate', {})))
%}
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2######
## certificate state
## -----------------------------------
######
## import
{% from 'role/certificate/config.jinja' import certcfg with context %}
{% from 'role/certificate/_macros/cert.jinja' import managed_certificate with context %}
## variables
{% set ca_host = certcfg['authority_id'] %}
{% set ca_crt_path = certcfg['authority_dir'] ~ '/ca.crt' %}
{% set ca_crt = salt['mine.get'](ca_host, 'x509.get_pem_entries') %}
## publish authority root cert
{% if ca_host in ca_crt and ca_crt_path in ca_crt[ca_host] and certcfg['castore_dir'] %}
certificate::truststore:
file.directory:
- name: {{ certcfg['castore_dir'] }}
x509.pem_managed:
- name: {{ certcfg['castore_dir'] }}/internal-ca.crt
- text: {{ ca_crt[ca_host][ca_crt_path]|replace('\n', '') }}
- require:
- file: certificate::truststore
{% if certcfg['castore_bin'] %}
cmd.wait:
- name: {{ certcfg['castore_bin'] }}
- watch:
- x509: certificate::truststore
{% endif %}
certificate::keystore:
file.directory:
- name: {{ certcfg['pki_dir'] }}
{% else %}
certificate::ca:
test.show_notification:
- text: root authority certificate not found, signing requests will fail
{% endif %}
{% if ca_host in ca_crt and ca_crt_path in ca_crt[ca_host] and certcfg['castore_dir'] %}
{% if certcfg['managed'] %}
{% for fqdn in certcfg['managed'] %}
{{ managed_certificate(fqdn) }}
{% endfor %}
{% endif %}
{% endif %}
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2######
## certificate.authority state
## -----------------------------------
## https://docs.saltstack.com/en/develop/ref/states/all/salt.states.x509.html#module-salt.states.x509
######
## import
{% from 'role/salt/config.jinja' import saltcfg with context %}
{% from 'role/certificate/config.jinja' import certcfg with context %}
## manage private key
certificate.authority::private-key:
x509.private_key_managed:
- name: {{ certcfg['authority_dir'] }}/ca.key
- bits: 4096
- backup: True
- require:
- file: certificate.authority::directory
## manage certificate
certificate.authority::certificate:
x509.certificate_managed:
- name: {{ certcfg['authority_dir'] }}/ca.crt
- signing_private_key: {{ certcfg['authority_dir'] }}/ca.key
- CN: acheron-ca
- C: BE
- ST: Antwerp
- L: Kapellen
- Email: certadm@acheron.be
- basicConstraints: "critical CA:true"
- keyUsage: "critical cRLSign, keyCertSign"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3650
- days_remaining: 0
- backup: True
- require:
- x509: certificate.authority::private-key
## manage directories
certificate.authority::directory:
file.directory:
- name: {{ certcfg['authority_dir'] }}
- makedirs: true
- user: root
- group: nacl
- dir_mode: 2770
certificate.authority::directory-issued:
file.directory:
- name: {{ certcfg['authority_dir'] }}/issued/
- makedirs: true
- user: root
- group: nacl
- dir_mode: 2770
## manage policies
certificate.authority::policies:
file.managed:
- name: {{ saltcfg['prefix'] }}/minion.d/signing_policies.conf
- template: jinja
- source: salt://role/certificate/_files/signing_policies.conf
- context:
saltcfg: {{ saltcfg }}
certcfg: {{ certcfg }}
## store ca in grains
mine.send:
module.run:
- func: x509.get_pem_entries
- kwargs:
glob_path: {{ certcfg['authority_dir'] }}/ca.crt
- onchanges:
- x509: certificate.authority::certificate
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2x509_signing_policies:
default:
- minions: '*'
- signing_private_key: {{ certcfg['authority_dir'] }}/ca.key
- signing_cert: {{ certcfg['authority_dir'] }}/ca.crt
- C: BE
- ST: Antwerp
- L: Kapellen
- Email: certadm@acheron.be
- basicConstraints: "critical CA:false"
- keyUsage: "critical digitalSignature,keyEncipherment"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 90
- copypath: {{ certcfg['authority_dir'] }}/issued/######
## certificate macros
## -----------------------------------
######
## import
{% from 'role/certificate/config.jinja' import certcfg with context %}
## macros
{% macro managed_certificate(fqdn, dns_alias=[], ip4_alias=[], ip6_alias=[], key_size=2048, days_valid=90) %}
{#TODO: dns, ip4, ip6 aliasses #}
certificate:{{ fqdn }}::key:
x509.private_key_managed:
- name: {{ certcfg['pki_dir'] ~ '/' ~ fqdn ~ '.key' }}
- bits: {{ key_size }}
- require:
- file: certificate::keystore
certificate:{{ fqdn }}::crt:
x509.certificate_managed:
- ca_server: {{ certcfg['authority_id'] }}
- signing_policy: default
- public_key: {{ certcfg['pki_dir'] ~ '/' ~ fqdn ~ '.key' }}
- path: {{ certcfg['pki_dir'] ~ '/' ~ fqdn ~ '.crt' }}
- CN: {{ fqdn }}
- days_valid: {{ days_valid }}
- days_remaining: 30
- backup: True
- require:
- x509: certificate:{{ fqdn }}::key
{% endmacro %}
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2I cleaned up the /salt/pki and /salt/config/minion.d/signingpolicies.conf first
[root@cronos /salt/states/role/certificate]# salt-call -l debug state.apply role.certificate.authority
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Configuration file path: /opt/local/etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Connecting to master. Attempt 1 of 1
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (9201)
[DEBUG ] Setting zmq_reconnect_ivl to '9201ms'
[DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'clear')
[DEBUG ] Decrypting the current master AES key
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] LazyLoaded state.apply
[DEBUG ] LazyLoaded saltutil.is_running
[DEBUG ] LazyLoaded grains.get
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Loading fresh modules for state activity
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/authority.sls' to resolve 'salt://role/certificate/authority.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/authority.sls' to resolve 'salt://role/certificate/authority.sls'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/authority.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/certificate/authority.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[DEBUG ] LazyLoaded grains.filter_by
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/config.jinja'
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/authority.sls' using 'jinja' renderer: 0.174430131912
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/certificate/authority.sls:
######
## certificate.authority state
## -----------------------------------
## https://docs.saltstack.com/en/develop/ref/states/all/salt.states.x509.html#module-salt.states.x509
######
## import
## manage private key
certificate.authority::private-key:
x509.private_key_managed:
- name: /salt/pki/ca.key
- bits: 4096
- backup: True
- require:
- file: certificate.authority::directory
## manage certificate
certificate.authority::certificate:
x509.certificate_managed:
- name: /salt/pki/ca.crt
- signing_private_key: /salt/pki/ca.key
- CN: acheron-ca
- C: BE
- ST: Antwerp
- L: Kapellen
- Email: certadm@acheron.be
- basicConstraints: "critical CA:true"
- keyUsage: "critical cRLSign, keyCertSign"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3650
- days_remaining: 0
- backup: True
- require:
- x509: certificate.authority::private-key
## manage directories
certificate.authority::directory:
file.directory:
- name: /salt/pki
- makedirs: true
- user: root
- group: nacl
- dir_mode: 2770
certificate.authority::directory-issued:
file.directory:
- name: /salt/pki/issued/
- makedirs: true
- user: root
- group: nacl
- dir_mode: 2770
## manage policies
certificate.authority::policies:
file.managed:
- name: /salt/config/minion.d/signing_policies.conf
- template: jinja
- source: salt://role/certificate/_files/signing_policies.conf
- context:
saltcfg: {'prefix': '/salt/config', 'schedule_apply': 15, 'log_level_logfile': 'warning', 'service': {'minion': 'salt:minion', 'master': 'salt:master'}, 'master': 'cronos.acheron.be', 'smtp': {'tls': True, 'server': 'exosphere.acheron.be'}}
certcfg: {'managed': None, 'castore_dir': '/opt/local/etc/openssl/certs', 'authority_dir': '/salt/pki', 'pki_dir': '/opt/local/etc/pki', 'authority_id': 'cronos', 'castore_bin': '/opt/local/bin/c_rehash'}
## store ca in grains
mine.send:
module.run:
- func: x509.get_pem_entries
- kwargs:
glob_path: /salt/pki/ca.crt
- onchanges:
- x509: certificate.authority::certificate
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] LazyLoaded config.get
[DEBUG ] Results of YAML rendering:
OrderedDict([('certificate.authority::private-key', OrderedDict([('x509.private_key_managed', [OrderedDict([('name', '/salt/pki/ca.key')]), OrderedDict([('bits', 4096)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('file', 'certificate.authority::directory')])])])])])), ('certificate.authority::certificate', OrderedDict([('x509.certificate_managed', [OrderedDict([('name', '/salt/pki/ca.crt')]), OrderedDict([('signing_private_key', '/salt/pki/ca.key')]), OrderedDict([('CN', 'acheron-ca')]), OrderedDict([('C', 'BE')]), OrderedDict([('ST', 'Antwerp')]), OrderedDict([('L', 'Kapellen')]), OrderedDict([('Email', 'certadm@acheron.be')]), OrderedDict([('basicConstraints', 'critical CA:true')]), OrderedDict([('keyUsage', 'critical cRLSign, keyCertSign')]), OrderedDict([('subjectKeyIdentifier', 'hash')]), OrderedDict([('authorityKeyIdentifier', 'keyid,issuer:always')]), OrderedDict([('days_valid', 3650)]), OrderedDict([('days_remaining', 0)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('x509', 'certificate.authority::private-key')])])])])])), ('certificate.authority::directory', OrderedDict([('file.directory', [OrderedDict([('name', '/salt/pki')]), OrderedDict([('makedirs', True)]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'nacl')]), OrderedDict([('dir_mode', 2770)])])])), ('certificate.authority::directory-issued', OrderedDict([('file.directory', [OrderedDict([('name', '/salt/pki/issued/')]), OrderedDict([('makedirs', True)]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'nacl')]), OrderedDict([('dir_mode', 2770)])])])), ('certificate.authority::policies', OrderedDict([('file.managed', [OrderedDict([('name', '/salt/config/minion.d/signing_policies.conf')]), OrderedDict([('template', 'jinja')]), OrderedDict([('source', 'salt://role/certificate/_files/signing_policies.conf')]), OrderedDict([('context', OrderedDict([('saltcfg', OrderedDict([('prefix', '/salt/config'), ('schedule_apply', 15), ('log_level_logfile', 'warning'), ('service', OrderedDict([('minion', 'salt:minion'), ('master', 'salt:master')])), ('master', 'cronos.acheron.be'), ('smtp', OrderedDict([('tls', True), ('server', 'exosphere.acheron.be')]))])), ('certcfg', OrderedDict([('managed', 'None'), ('castore_dir', '/opt/local/etc/openssl/certs'), ('authority_dir', '/salt/pki'), ('pki_dir', '/opt/local/etc/pki'), ('authority_id', 'cronos'), ('castore_bin', '/opt/local/bin/c_rehash')]))]))])])])), ('mine.send', OrderedDict([('module.run', [OrderedDict([('func', 'x509.get_pem_entries')]), OrderedDict([('kwargs', OrderedDict([('glob_path', '/salt/pki/ca.crt')]))]), OrderedDict([('onchanges', [OrderedDict([('x509', 'certificate.authority::certificate')])])])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/authority.sls' using 'yaml' renderer: 0.0842680931091
[DEBUG ] LazyLoaded x509.get_pem_entry
[DEBUG ] LazyLoaded x509.private_key_managed
[DEBUG ] LazyLoaded file.directory
[INFO ] Running state [/salt/pki] at time 14:42:28.414646
[INFO ] Executing state file.directory for /salt/pki
[DEBUG ] LazyLoaded file.user_to_uid
[INFO ] {'/salt/pki': 'New Dir'}
[INFO ] Completed state [/salt/pki] at time 14:42:28.437185 duration_in_ms=22.539
[INFO ] Running state [/salt/pki/ca.key] at time 14:42:28.438008
[INFO ] Executing state x509.private_key_managed for /salt/pki/ca.key
.............................................................................................................................................++
.....++
[INFO ] {'new': '4096 bit private key', 'old': '/salt/pki/ca.key does not exist.'}
[INFO ] Completed state [/salt/pki/ca.key] at time 14:42:31.369589 duration_in_ms=2931.581
[INFO ] Running state [/salt/pki/ca.crt] at time 14:42:31.371352
[INFO ] Executing state x509.certificate_managed for /salt/pki/ca.crt
[INFO ] {'new': {'MD5 Finger Print': 'E2:33:F2:2D:16:23:89:26:50:6C:08:79:F9:38:9A:01', 'Version': 3, 'Key Size': 4096, 'Not After': '2026-03-23 13:42:31', 'X509v3 Extensions': OrderedDict([('basicConstraints', 'critical CA:TRUE'), ('keyUsage', 'critical Certificate Sign, CRL Sign'), ('subjectKeyIdentifier', '19:61:F1:DD:E0:73:C7:38:E5:95:DA:8C:BF:36:E9:D8:C7:AA:26:60'), ('authorityKeyIdentifier', 'keyid:19:61:F1:DD:E0:73:C7:38:E5:95:DA:8C:BF:36:E9:D8:C7:AA:26:60\nDirName:/C=BE/CN=acheron-ca/L=Kapellen/ST=Antwerp/emailAddress=certadm@acheron.be\nserial:DF:19:52:74:4D:AD:35:7B\n')]), 'Subject Hash': '69:72:5C:41', 'SHA1 Finger Print': '71:7C:D9:1B:6D:20:C8:28:1A:87:4D:8F:BD:70:82:F2:4A:AF:9C:21', 'SHA-256 Finger Print': 'DB:92:86:46:15:44:4B:83:E3:3C:19:A1:C3:FD:96:4E:C2:85:59:84:18:F2:B5:3A:81:5B:3A:06:7F:39:B5:9E', 'Serial Number': 'DF:19:52:74:4D:AD:35:7B', 'Public Key': '-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3BUb9mLOgavxy8eyhWRs\nEGkAYcFQCX3uGwBDNpW09nIarDO8Zlno9ER/2p0bIJwPdPYhr4cKqfAWQPHgHl2C\ncbAPFbXSQFfGqeASbDuPf0VGLDEJHpk8l39y4e5oJPQcfEsQvw6sv+aQzdVBVKN+\n0BxcdFbPocsYyEZ/hKseyfwIa1HJDTsCgrlVG3AEe7rLIgFslvScrKX0XKHCdzw5\nTSh4BOM/JPk/RiGaHT7jxQKMuuUUhLkwqw8OmdnlXyifgIAlx49zGbnjg+KEThqP\nRqxj31TwtkNJwX/EcmOPIImn+0uKbJ0LwQfNNr6PXQdYaOAvDOmqvpRjwVDed9OA\n9moV4EMpd1742wbFph1tNoltX8J2Y6W+iFbSjem7TmRqEWMffuDu2yQnQV+XIOJL\n8cN43IHntC84Gxd3GqNhpxojo84iXgDbws9nk0zxdylN5Y7dJQ686CtVEWo+pHoU\nmuh+yoKOl1aioDgNQa4YQfHA4V3O1yqOfnwc5eKJznQ30uePDhRrtJquZGy1hUWm\nvpBZ3NwEwbvcN23+zJ1nHcHmONS1biHUJ6CuP0RGBjgZVX5CBSr5Nw2q3nETooMP\n0aW/+TyBXpqb3Mc0D9QYX2jlPeunSCUui8JBhbOHCijkwRI2y02G2y+P678pkwF8\n/pMUUFz1Kor+n0Ti8mFd9OUCAwEAAQ==\n-----END PUBLIC KEY-----\n', 'Issuer Hash': '69:72:5C:41', 'Subject': {'C': 'BE', 'SP': 'Antwerp', 'emailAddress': 'certadm@acheron.be', 'CN': 'acheron-ca', 'L': 'Kapellen'}, 'Not Before': '2016-03-25 13:42:31', 'Issuer': {'C': 'BE', 'SP': 'Antwerp', 'emailAddress': 'certadm@acheron.be', 'CN': 'acheron-ca', 'L': 'Kapellen'}}, 'old': '/salt/pki/ca.crt does not exist.'}
[INFO ] Completed state [/salt/pki/ca.crt] at time 14:42:31.430283 duration_in_ms=58.931
[INFO ] Running state [/salt/pki/issued/] at time 14:42:31.430838
[INFO ] Executing state file.directory for /salt/pki/issued/
[INFO ] {'/salt/pki/issued': 'New Dir'}
[INFO ] Completed state [/salt/pki/issued/] at time 14:42:31.436869 duration_in_ms=6.031
[INFO ] Running state [/salt/config/minion.d/signing_policies.conf] at time 14:42:31.437326
[INFO ] Executing state file.managed for /salt/config/minion.d/signing_policies.conf
[DEBUG ] LazyLoaded cp.hash_file
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_files/signing_policies.conf' to resolve 'salt://role/certificate/_files/signing_policies.conf'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_files/signing_policies.conf' to resolve 'salt://role/certificate/_files/signing_policies.conf'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_files/signing_policies.conf'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_files/signing_policies.conf' to resolve 'salt://role/certificate/_files/signing_policies.conf'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_files/signing_policies.conf' to resolve 'salt://role/certificate/_files/signing_policies.conf'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_files/signing_policies.conf'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[INFO ] File changed:
New file
[INFO ] Completed state [/salt/config/minion.d/signing_policies.conf] at time 14:42:31.497670 duration_in_ms=60.344
[DEBUG ] LazyLoaded module.run
[INFO ] Running state [mine.send] at time 14:42:31.500611
[INFO ] Executing state module.run for mine.send
[DEBUG ] LazyLoaded mine.send
[DEBUG ] MinionEvent PUB socket URI: /var/run/salt/minion/minion_event_6526b48f89_pub.ipc
[DEBUG ] MinionEvent PULL socket URI: /var/run/salt/minion/minion_event_6526b48f89_pull.ipc
[DEBUG ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_6526b48f89_pull.ipc
[DEBUG ] Sending event - data = {'_stamp': '2016-03-25T13:42:31.508293', 'cmd': '_mine', 'data': {'x509.get_pem_entries': {'/salt/pki/ca.crt': '-----BEGIN CERTIFICATE-----\nMIIGOjCCBCKgAwIBAgIJAOk+o2OagIHZMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV\nBAYTAkJFMRMwEQYDVQQDDAphY2hlcm9uLWNhMREwDwYDVQQHDAhLYXBlbGxlbjEQ\nMA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9u\nLmJlMB4XDTE2MDMyNTEzNDIzMVoXDTI2MDMyMzEzNDIzMVowajELMAkGA1UEBhMC\nQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYD\nVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUw\nggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDcFRv2Ys6Bq/HLx7KFZGwQ\naQBhwVAJfe4bAEM2lbT2chqsM7xmWej0RH/anRsgnA909iGvhwqp8BZA8eAeXYJx\nsA8VtdJAV8ap4BJsO49/RUYsMQkemTyXf3Lh7mgk9Bx8SxC/Dqy/5pDN1UFUo37Q\nHFx0Vs+hyxjIRn+Eqx7J/AhrUckNOwKCuVUbcAR7ussiAWyW9JyspfRcocJ3PDlN\nKHgE4z8k+T9GIZodPuPFAoy65RSEuTCrDw6Z2eVfKJ+AgCXHj3MZueOD4oROGo9G\nrGPfVPC2Q0nBf8RyY48giaf7S4psnQvBB802vo9dB1ho4C8M6aq+lGPBUN5304D2\nahXgQyl3XvjbBsWmHW02iW1fwnZjpb6IVtKN6btOZGoRYx9+4O7bJCdBX5cg4kvx\nw3jcgee0LzgbF3cao2GnGiOjziJeANvCz2eTTPF3KU3ljt0lDrzoK1URaj6kehSa\n6H7Kgo6XVqKgOA1BrhhB8cDhXc7XKo5+fBzl4onOdDfS548OFGu0mq5kbLWFRaa+\nkFnc3ATBu9w3bf7MnWcdweY41LVuIdQnoK4/REYGOBlVfkIFKvk3DarecROigw/R\npb/5PIFempvcxzQP1BhfaOU966dIJS6LwkGFs4cKKOTBEjbLTYbbL4/rvymTAXz+\nkxRQXPUqiv6fROLyYV305QIDAQABo4HiMIHfMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQZYfHd4HPHOOWV2oy/NunYx6omYDCBnAYD\nVR0jBIGUMIGRgBQZYfHd4HPHOOWV2oy/NunYx6omYKFupGwwajELMAkGA1UEBhMC\nQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYD\nVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWC\nCQDpPqNjmoCB2TANBgkqhkiG9w0BAQsFAAOCAgEAstHWs0FNndqmSVuo2REeLC3L\nHfk0XE8WhLL5rYfGYe08xeIZVSJhzsJF3IategErMiteDAWMkgr4CFPUcsCBzQio\nrR+Mmpclp78DwdE9PSWiXpfK6nJTt25Z7PaH50ajgh5nKXJGMoxSzu5L/Oh31NfZ\nZ/bSmOZRBhl6N8aE78eRgPIxuEXmZxVl3mX/BtxL2/F3WaXdPQmFAg6hgsBM064N\nt8xASOQT2yuSAbP/4a15/Cj5EDYjEzCirgjBPIwKBVeQRhoaFsmuAaWADEYksbHl\nSUuj9Daclger/dWOfL72njDT7RnYjiYL0jJSFkDZsnGZeZcvh7rTDwIbeElmuIwW\nBNM1KY++U2j02K4ql5Xv7FMf0wOm7v2eRfWRfTmTazjj6tNUGOUZDRjGG0TnGrk9\nWG0a0RxM7e5auYry5FiA3CqjlieR96nJ9zovsdWiTe3Be2Hja4Vm3+z8kbQ4XX1n\ngDrutcG6uMUlZVE4EBTtxxBSgifawBs2Y6oTNleQ0Mogf8zFcfqH3neFP9ka1ekG\nUYSu9gZ8mLjNa9oIL4k1TSxOZoy2+QYYWC9oJCAODZPegyUrhpMWMjpQtutRbEDx\nufjlSk2yKtQz23awJetNcjDGE2qmehlDS0XZouygxWUiKY7ArRFdxNObBAaeUCDd\nMYp6kTlVEA37+3kVhvk=\n-----END CERTIFICATE-----\n'}}, 'id': 'cronos'}
[INFO ] {'ret': True}
[INFO ] Completed state [mine.send] at time 14:42:32.011328 duration_in_ms=510.717
[DEBUG ] File /var/cache/salt/minion/accumulator/18446741324877667536 does not exist, no need to cleanup.
[DEBUG ] LazyLoaded config.option
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] LazyLoaded highstate.output
[DEBUG ] LazyLoaded nested.output
[DEBUG ] LazyLoaded nested.output
[DEBUG ] LazyLoaded nested.output
[DEBUG ] LazyLoaded nested.output
[DEBUG ] LazyLoaded nested.output
[DEBUG ] LazyLoaded nested.output
local:
----------
ID: certificate.authority::directory
Function: file.directory
Name: /salt/pki
Result: True
Comment: Directory /salt/pki updated
Started: 14:42:28.414646
Duration: 22.539 ms
Changes:
----------
/salt/pki:
New Dir
----------
ID: certificate.authority::private-key
Function: x509.private_key_managed
Name: /salt/pki/ca.key
Result: True
Comment: PEM written to /salt/pki/ca.key
Started: 14:42:28.438008
Duration: 2931.581 ms
Changes:
----------
new:
4096 bit private key
old:
/salt/pki/ca.key does not exist.
----------
ID: certificate.authority::certificate
Function: x509.certificate_managed
Name: /salt/pki/ca.crt
Result: True
Comment: PEM written to /salt/pki/ca.crt
Started: 14:42:31.371352
Duration: 58.931 ms
Changes:
----------
new:
----------
Issuer:
----------
C:
BE
CN:
acheron-ca
L:
Kapellen
SP:
Antwerp
emailAddress:
certadm@acheron.be
Issuer Hash:
69:72:5C:41
Key Size:
4096
MD5 Finger Print:
E2:33:F2:2D:16:23:89:26:50:6C:08:79:F9:38:9A:01
Not After:
2026-03-23 13:42:31
Not Before:
2016-03-25 13:42:31
Public Key:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3BUb9mLOgavxy8eyhWRs
EGkAYcFQCX3uGwBDNpW09nIarDO8Zlno9ER/2p0bIJwPdPYhr4cKqfAWQPHgHl2C
cbAPFbXSQFfGqeASbDuPf0VGLDEJHpk8l39y4e5oJPQcfEsQvw6sv+aQzdVBVKN+
0BxcdFbPocsYyEZ/hKseyfwIa1HJDTsCgrlVG3AEe7rLIgFslvScrKX0XKHCdzw5
TSh4BOM/JPk/RiGaHT7jxQKMuuUUhLkwqw8OmdnlXyifgIAlx49zGbnjg+KEThqP
Rqxj31TwtkNJwX/EcmOPIImn+0uKbJ0LwQfNNr6PXQdYaOAvDOmqvpRjwVDed9OA
9moV4EMpd1742wbFph1tNoltX8J2Y6W+iFbSjem7TmRqEWMffuDu2yQnQV+XIOJL
8cN43IHntC84Gxd3GqNhpxojo84iXgDbws9nk0zxdylN5Y7dJQ686CtVEWo+pHoU
muh+yoKOl1aioDgNQa4YQfHA4V3O1yqOfnwc5eKJznQ30uePDhRrtJquZGy1hUWm
vpBZ3NwEwbvcN23+zJ1nHcHmONS1biHUJ6CuP0RGBjgZVX5CBSr5Nw2q3nETooMP
0aW/+TyBXpqb3Mc0D9QYX2jlPeunSCUui8JBhbOHCijkwRI2y02G2y+P678pkwF8
/pMUUFz1Kor+n0Ti8mFd9OUCAwEAAQ==
-----END PUBLIC KEY-----
SHA-256 Finger Print:
DB:92:86:46:15:44:4B:83:E3:3C:19:A1:C3:FD:96:4E:C2:85:59:84:18:F2:B5:3A:81:5B:3A:06:7F:39:B5:9E
SHA1 Finger Print:
71:7C:D9:1B:6D:20:C8:28:1A:87:4D:8F:BD:70:82:F2:4A:AF:9C:21
Serial Number:
DF:19:52:74:4D:AD:35:7B
Subject:
----------
C:
BE
CN:
acheron-ca
L:
Kapellen
SP:
Antwerp
emailAddress:
certadm@acheron.be
Subject Hash:
69:72:5C:41
Version:
3
X509v3 Extensions:
----------
authorityKeyIdentifier:
keyid:19:61:F1:DD:E0:73:C7:38:E5:95:DA:8C:BF:36:E9:D8:C7:AA:26:60
DirName:/C=BE/CN=acheron-ca/L=Kapellen/ST=Antwerp/emailAddress=certadm@acheron.be
serial:DF:19:52:74:4D:AD:35:7B
basicConstraints:
critical CA:TRUE
keyUsage:
critical Certificate Sign, CRL Sign
subjectKeyIdentifier:
19:61:F1:DD:E0:73:C7:38:E5:95:DA:8C:BF:36:E9:D8:C7:AA:26:60
old:
/salt/pki/ca.crt does not exist.
----------
ID: certificate.authority::directory-issued
Function: file.directory
Name: /salt/pki/issued/
Result: True
Comment: Directory /salt/pki/issued updated
Started: 14:42:31.430838
Duration: 6.031 ms
Changes:
----------
/salt/pki/issued:
New Dir
----------
ID: certificate.authority::policies
Function: file.managed
Name: /salt/config/minion.d/signing_policies.conf
Result: True
Comment: File /salt/config/minion.d/signing_policies.conf updated
Started: 14:42:31.437326
Duration: 60.344 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: mine.send
Function: module.run
Result: True
Comment: Module function mine.send executed
Started: 14:42:31.500611
Duration: 510.717 ms
Changes:
----------
ret:
True
Summary for local
------------
Succeeded: 6 (changed=6)
Failed: 0
------------
Total states run: 6Manually restart the minion to make sure the new config is loaded ( doing it via service state does not work and it kills the minion )
[root@cronos /salt/states/role/certificate]# svcadm disable salt:minion
[root@cronos /salt/states/role/certificate]# svcadm enable salt:minion
s[root@cronos /salt/states/role/certificate]# svcs salt:minion
STATE STIME FMRI
online 14:44:09 svc:/network/salt:minion
[root@cronos /salt/states/role/certificate]# date
Fri Mar 25 14:44:15 CET 2016[root@cronos /salt/states/role/certificate]# salt-call -l debug state.apply role.certificate pillar='{ "certificate": { "managed": { "test.acheron.be": None }}}'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Configuration file path: /opt/local/etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Connecting to master. Attempt 1 of 1
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (3597)
[DEBUG ] Setting zmq_reconnect_ivl to '3597ms'
[DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'clear')
[DEBUG ] Decrypting the current master AES key
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] LazyLoaded state.apply
[DEBUG ] LazyLoaded saltutil.is_running
[DEBUG ] LazyLoaded grains.get
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Loading fresh modules for state activity
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] Could not find file from saltenv 'base', 'salt://role/certificate.sls'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/init.sls' to resolve 'salt://role/certificate/init.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/init.sls' to resolve 'salt://role/certificate/init.sls'
[DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://role/certificate/init.sls'
[DEBUG ] No dest file found
[INFO ] Fetching file from saltenv 'base', ** done ** 'role/certificate/init.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/certificate/init.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[DEBUG ] LazyLoaded grains.filter_by
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_macros/cert.jinja' to resolve 'salt://role/certificate/_macros/cert.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_macros/cert.jinja' to resolve 'salt://role/certificate/_macros/cert.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_macros/cert.jinja'
[DEBUG ] LazyLoaded mine.get
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/init.sls' using 'jinja' renderer: 0.215584993362
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/certificate/init.sls:
######
## certificate state
## -----------------------------------
######
## import
## variables
## publish authority root cert
certificate::truststore:
file.directory:
- name: /opt/local/etc/openssl/certs
x509.pem_managed:
- name: /opt/local/etc/openssl/certs/internal-ca.crt
- text: -----BEGIN CERTIFICATE-----MIIGOjCCBCKgAwIBAgIJAOk+o2OagIHZMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNVBAYTAkJFMRMwEQYDVQQDDAphY2hlcm9uLWNhMREwDwYDVQQHDAhLYXBlbGxlbjEQMA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9uLmJlMB4XDTE2MDMyNTEzNDIzMVoXDTI2MDMyMzEzNDIzMVowajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDcFRv2Ys6Bq/HLx7KFZGwQaQBhwVAJfe4bAEM2lbT2chqsM7xmWej0RH/anRsgnA909iGvhwqp8BZA8eAeXYJxsA8VtdJAV8ap4BJsO49/RUYsMQkemTyXf3Lh7mgk9Bx8SxC/Dqy/5pDN1UFUo37QHFx0Vs+hyxjIRn+Eqx7J/AhrUckNOwKCuVUbcAR7ussiAWyW9JyspfRcocJ3PDlNKHgE4z8k+T9GIZodPuPFAoy65RSEuTCrDw6Z2eVfKJ+AgCXHj3MZueOD4oROGo9GrGPfVPC2Q0nBf8RyY48giaf7S4psnQvBB802vo9dB1ho4C8M6aq+lGPBUN5304D2ahXgQyl3XvjbBsWmHW02iW1fwnZjpb6IVtKN6btOZGoRYx9+4O7bJCdBX5cg4kvxw3jcgee0LzgbF3cao2GnGiOjziJeANvCz2eTTPF3KU3ljt0lDrzoK1URaj6kehSa6H7Kgo6XVqKgOA1BrhhB8cDhXc7XKo5+fBzl4onOdDfS548OFGu0mq5kbLWFRaa+kFnc3ATBu9w3bf7MnWcdweY41LVuIdQnoK4/REYGOBlVfkIFKvk3DarecROigw/Rpb/5PIFempvcxzQP1BhfaOU966dIJS6LwkGFs4cKKOTBEjbLTYbbL4/rvymTAXz+kxRQXPUqiv6fROLyYV305QIDAQABo4HiMIHfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQZYfHd4HPHOOWV2oy/NunYx6omYDCBnAYDVR0jBIGUMIGRgBQZYfHd4HPHOOWV2oy/NunYx6omYKFupGwwajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWCCQDpPqNjmoCB2TANBgkqhkiG9w0BAQsFAAOCAgEAstHWs0FNndqmSVuo2REeLC3LHfk0XE8WhLL5rYfGYe08xeIZVSJhzsJF3IategErMiteDAWMkgr4CFPUcsCBzQiorR+Mmpclp78DwdE9PSWiXpfK6nJTt25Z7PaH50ajgh5nKXJGMoxSzu5L/Oh31NfZZ/bSmOZRBhl6N8aE78eRgPIxuEXmZxVl3mX/BtxL2/F3WaXdPQmFAg6hgsBM064Nt8xASOQT2yuSAbP/4a15/Cj5EDYjEzCirgjBPIwKBVeQRhoaFsmuAaWADEYksbHlSUuj9Daclger/dWOfL72njDT7RnYjiYL0jJSFkDZsnGZeZcvh7rTDwIbeElmuIwWBNM1KY++U2j02K4ql5Xv7FMf0wOm7v2eRfWRfTmTazjj6tNUGOUZDRjGG0TnGrk9WG0a0RxM7e5auYry5FiA3CqjlieR96nJ9zovsdWiTe3Be2Hja4Vm3+z8kbQ4XX1ngDrutcG6uMUlZVE4EBTtxxBSgifawBs2Y6oTNleQ0Mogf8zFcfqH3neFP9ka1ekGUYSu9gZ8mLjNa9oIL4k1TSxOZoy2+QYYWC9oJCAODZPegyUrhpMWMjpQtutRbEDxufjlSk2yKtQz23awJetNcjDGE2qmehlDS0XZouygxWUiKY7ArRFdxNObBAaeUCDdMYp6kTlVEA37+3kVhvk=-----END CERTIFICATE-----
- require:
- file: certificate::truststore
cmd.wait:
- name: /opt/local/bin/c_rehash
- watch:
- x509: certificate::truststore
certificate::keystore:
file.directory:
- name: /opt/local/etc/pki
certificate:test.acheron.be::key:
x509.private_key_managed:
- name: /opt/local/etc/pki/test.acheron.be.key
- bits: 2048
- require:
- file: certificate::keystore
certificate:test.acheron.be::crt:
x509.certificate_managed:
- ca_server: cronos
- signing_policy: default
- public_key: /opt/local/etc/pki/test.acheron.be.key
- path: /opt/local/etc/pki/test.acheron.be.crt
- CN: test.acheron.be
- days_valid: 90
- days_remaining: 30
- backup: True
- require:
- x509: certificate:test.acheron.be::key
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] LazyLoaded config.get
[DEBUG ] Results of YAML rendering:
OrderedDict([('certificate::truststore', OrderedDict([('file.directory', [OrderedDict([('name', '/opt/local/etc/openssl/certs')])]), ('x509.pem_managed', [OrderedDict([('name', '/opt/local/etc/openssl/certs/internal-ca.crt')]), OrderedDict([('text', '-----BEGIN CERTIFICATE-----MIIGOjCCBCKgAwIBAgIJAOk+o2OagIHZMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNVBAYTAkJFMRMwEQYDVQQDDAphY2hlcm9uLWNhMREwDwYDVQQHDAhLYXBlbGxlbjEQMA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9uLmJlMB4XDTE2MDMyNTEzNDIzMVoXDTI2MDMyMzEzNDIzMVowajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDcFRv2Ys6Bq/HLx7KFZGwQaQBhwVAJfe4bAEM2lbT2chqsM7xmWej0RH/anRsgnA909iGvhwqp8BZA8eAeXYJxsA8VtdJAV8ap4BJsO49/RUYsMQkemTyXf3Lh7mgk9Bx8SxC/Dqy/5pDN1UFUo37QHFx0Vs+hyxjIRn+Eqx7J/AhrUckNOwKCuVUbcAR7ussiAWyW9JyspfRcocJ3PDlNKHgE4z8k+T9GIZodPuPFAoy65RSEuTCrDw6Z2eVfKJ+AgCXHj3MZueOD4oROGo9GrGPfVPC2Q0nBf8RyY48giaf7S4psnQvBB802vo9dB1ho4C8M6aq+lGPBUN5304D2ahXgQyl3XvjbBsWmHW02iW1fwnZjpb6IVtKN6btOZGoRYx9+4O7bJCdBX5cg4kvxw3jcgee0LzgbF3cao2GnGiOjziJeANvCz2eTTPF3KU3ljt0lDrzoK1URaj6kehSa6H7Kgo6XVqKgOA1BrhhB8cDhXc7XKo5+fBzl4onOdDfS548OFGu0mq5kbLWFRaa+kFnc3ATBu9w3bf7MnWcdweY41LVuIdQnoK4/REYGOBlVfkIFKvk3DarecROigw/Rpb/5PIFempvcxzQP1BhfaOU966dIJS6LwkGFs4cKKOTBEjbLTYbbL4/rvymTAXz+kxRQXPUqiv6fROLyYV305QIDAQABo4HiMIHfMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQZYfHd4HPHOOWV2oy/NunYx6omYDCBnAYDVR0jBIGUMIGRgBQZYfHd4HPHOOWV2oy/NunYx6omYKFupGwwajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWCCQDpPqNjmoCB2TANBgkqhkiG9w0BAQsFAAOCAgEAstHWs0FNndqmSVuo2REeLC3LHfk0XE8WhLL5rYfGYe08xeIZVSJhzsJF3IategErMiteDAWMkgr4CFPUcsCBzQiorR+Mmpclp78DwdE9PSWiXpfK6nJTt25Z7PaH50ajgh5nKXJGMoxSzu5L/Oh31NfZZ/bSmOZRBhl6N8aE78eRgPIxuEXmZxVl3mX/BtxL2/F3WaXdPQmFAg6hgsBM064Nt8xASOQT2yuSAbP/4a15/Cj5EDYjEzCirgjBPIwKBVeQRhoaFsmuAaWADEYksbHlSUuj9Daclger/dWOfL72njDT7RnYjiYL0jJSFkDZsnGZeZcvh7rTDwIbeElmuIwWBNM1KY++U2j02K4ql5Xv7FMf0wOm7v2eRfWRfTmTazjj6tNUGOUZDRjGG0TnGrk9WG0a0RxM7e5auYry5FiA3CqjlieR96nJ9zovsdWiTe3Be2Hja4Vm3+z8kbQ4XX1ngDrutcG6uMUlZVE4EBTtxxBSgifawBs2Y6oTNleQ0Mogf8zFcfqH3neFP9ka1ekGUYSu9gZ8mLjNa9oIL4k1TSxOZoy2+QYYWC9oJCAODZPegyUrhpMWMjpQtutRbEDxufjlSk2yKtQz23awJetNcjDGE2qmehlDS0XZouygxWUiKY7ArRFdxNObBAaeUCDdMYp6kTlVEA37+3kVhvk=-----END CERTIFICATE-----')]), OrderedDict([('require', [OrderedDict([('file', 'certificate::truststore')])])])]), ('cmd.wait', [OrderedDict([('name', '/opt/local/bin/c_rehash')]), OrderedDict([('watch', [OrderedDict([('x509', 'certificate::truststore')])])])])])), ('certificate::keystore', OrderedDict([('file.directory', [OrderedDict([('name', '/opt/local/etc/pki')])])])), ('certificate:test.acheron.be::key', OrderedDict([('x509.private_key_managed', [OrderedDict([('name', '/opt/local/etc/pki/test.acheron.be.key')]), OrderedDict([('bits', 2048)]), OrderedDict([('require', [OrderedDict([('file', 'certificate::keystore')])])])])])), ('certificate:test.acheron.be::crt', OrderedDict([('x509.certificate_managed', [OrderedDict([('ca_server', 'cronos')]), OrderedDict([('signing_policy', 'default')]), OrderedDict([('public_key', '/opt/local/etc/pki/test.acheron.be.key')]), OrderedDict([('path', '/opt/local/etc/pki/test.acheron.be.crt')]), OrderedDict([('CN', 'test.acheron.be')]), OrderedDict([('days_valid', 90)]), OrderedDict([('days_remaining', 30)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('x509', 'certificate:test.acheron.be::key')])])])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/init.sls' using 'yaml' renderer: 0.056617975235
[DEBUG ] LazyLoaded file.directory
[INFO ] Running state [/opt/local/etc/openssl/certs] at time 14:45:39.197133
[INFO ] Executing state file.directory for /opt/local/etc/openssl/certs
[DEBUG ] LazyLoaded file.stats
[INFO ] Directory /opt/local/etc/openssl/certs is in the correct state
[INFO ] Completed state [/opt/local/etc/openssl/certs] at time 14:45:39.215435 duration_in_ms=18.302
[DEBUG ] LazyLoaded x509.get_pem_entry
[DEBUG ] LazyLoaded x509.pem_managed
[INFO ] Running state [/opt/local/etc/openssl/certs/internal-ca.crt] at time 14:45:39.313478
[INFO ] Executing state x509.pem_managed for /opt/local/etc/openssl/certs/internal-ca.crt
[INFO ] {'new': '-----BEGIN CERTIFICATE-----\nMIIGOjCCBCKgAwIBAgIJAOk+o2OagIHZMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV\nBAYTAkJFMRMwEQYDVQQDDAphY2hlcm9uLWNhMREwDwYDVQQHDAhLYXBlbGxlbjEQ\nMA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9u\nLmJlMB4XDTE2MDMyNTEzNDIzMVoXDTI2MDMyMzEzNDIzMVowajELMAkGA1UEBhMC\nQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYD\nVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUw\nggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDcFRv2Ys6Bq/HLx7KFZGwQ\naQBhwVAJfe4bAEM2lbT2chqsM7xmWej0RH/anRsgnA909iGvhwqp8BZA8eAeXYJx\nsA8VtdJAV8ap4BJsO49/RUYsMQkemTyXf3Lh7mgk9Bx8SxC/Dqy/5pDN1UFUo37Q\nHFx0Vs+hyxjIRn+Eqx7J/AhrUckNOwKCuVUbcAR7ussiAWyW9JyspfRcocJ3PDlN\nKHgE4z8k+T9GIZodPuPFAoy65RSEuTCrDw6Z2eVfKJ+AgCXHj3MZueOD4oROGo9G\nrGPfVPC2Q0nBf8RyY48giaf7S4psnQvBB802vo9dB1ho4C8M6aq+lGPBUN5304D2\nahXgQyl3XvjbBsWmHW02iW1fwnZjpb6IVtKN6btOZGoRYx9+4O7bJCdBX5cg4kvx\nw3jcgee0LzgbF3cao2GnGiOjziJeANvCz2eTTPF3KU3ljt0lDrzoK1URaj6kehSa\n6H7Kgo6XVqKgOA1BrhhB8cDhXc7XKo5+fBzl4onOdDfS548OFGu0mq5kbLWFRaa+\nkFnc3ATBu9w3bf7MnWcdweY41LVuIdQnoK4/REYGOBlVfkIFKvk3DarecROigw/R\npb/5PIFempvcxzQP1BhfaOU966dIJS6LwkGFs4cKKOTBEjbLTYbbL4/rvymTAXz+\nkxRQXPUqiv6fROLyYV305QIDAQABo4HiMIHfMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQZYfHd4HPHOOWV2oy/NunYx6omYDCBnAYD\nVR0jBIGUMIGRgBQZYfHd4HPHOOWV2oy/NunYx6omYKFupGwwajELMAkGA1UEBhMC\nQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYD\nVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWC\nCQDpPqNjmoCB2TANBgkqhkiG9w0BAQsFAAOCAgEAstHWs0FNndqmSVuo2REeLC3L\nHfk0XE8WhLL5rYfGYe08xeIZVSJhzsJF3IategErMiteDAWMkgr4CFPUcsCBzQio\nrR+Mmpclp78DwdE9PSWiXpfK6nJTt25Z7PaH50ajgh5nKXJGMoxSzu5L/Oh31NfZ\nZ/bSmOZRBhl6N8aE78eRgPIxuEXmZxVl3mX/BtxL2/F3WaXdPQmFAg6hgsBM064N\nt8xASOQT2yuSAbP/4a15/Cj5EDYjEzCirgjBPIwKBVeQRhoaFsmuAaWADEYksbHl\nSUuj9Daclger/dWOfL72njDT7RnYjiYL0jJSFkDZsnGZeZcvh7rTDwIbeElmuIwW\nBNM1KY++U2j02K4ql5Xv7FMf0wOm7v2eRfWRfTmTazjj6tNUGOUZDRjGG0TnGrk9\nWG0a0RxM7e5auYry5FiA3CqjlieR96nJ9zovsdWiTe3Be2Hja4Vm3+z8kbQ4XX1n\ngDrutcG6uMUlZVE4EBTtxxBSgifawBs2Y6oTNleQ0Mogf8zFcfqH3neFP9ka1ekG\nUYSu9gZ8mLjNa9oIL4k1TSxOZoy2+QYYWC9oJCAODZPegyUrhpMWMjpQtutRbEDx\nufjlSk2yKtQz23awJetNcjDGE2qmehlDS0XZouygxWUiKY7ArRFdxNObBAaeUCDd\nMYp6kTlVEA37+3kVhvk=\n-----END CERTIFICATE-----\n', 'old': '-----BEGIN CERTIFICATE-----\nMIIGODCCBCCgAwIBAgIIFp76a26K5DUwDQYJKoZIhvcNAQELBQAwajELMAkGA1UE\nBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAw\nDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24u\nYmUwHhcNMTYwMzI1MDAxNDM5WhcNMjYwMzIzMDAxNDM5WjBqMQswCQYDVQQGEwJC\nRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV\nBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCC\nAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANM4zxeuKAYa9SmHHzUGaLL1\nFI+nNJJ4KXRezVGtQsrMHQntFRhjH1T3Najaj7W+MKG/LtSPMXgX4UDlNnXkpxki\nXMltEbbAcVimi9XTombuRAEznApJNq0zo+rlIa9foVDE0xUcTKEjE4OB30ghC/yR\nCFjUeyVITgj3HGBsCzJdjl0gFyZVCg4+K6nULrawlG6H1iQkbw1a/8AMkGv3488d\nGwz2jTIvrhrHduDdh3KdLqhdldpGwn6JkkO4gwJ+WGtK1dR741gQyxDpeTu2WxLm\n7ahlW8S0PQvAFFcrNzm7ApUwgYVmodOcggnMDbcGfiQPpSQ9c8cPtBvy8Ge31bRp\nnEK4/u3w1QFWeUV6+6NnO+IibnIjBrqGyKPKZD8KyC1pGMgdy32TlJ8kC3E/mQ4w\nSZZgi5Gr0XuRMz/DVX26Go8bLPJCi8qv/dI8oJ2z0YTAk5I+5gDCsMro1dsuGVlY\neEU0KSXRsvrpf8Eu5Xh+imZsqu2sCu/BwfAZ4ky0YrlDlrHJa3JggtPeNMPjX6ma\n2dmR6UQ8Wo+EPyEcgmPB/5qHGxdo1mEv5mvF4j7xiS59+T/9tK64sS9W+n1OTOd9\n6Itzb+Ah178in6dIAQL3M37LH8yQl6QQVex2Ifi43uFS905WiUNwJi38Xs1EL/PY\nWOJej8b3jRG3IULKJHLnAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGAleMyvI+exK7EWBA1oUwx9fF0ZMIGbBgNV\nHSMEgZMwgZCAFGAleMyvI+exK7EWBA1oUwx9fF0ZoW6kbDBqMQswCQYDVQQGEwJC\nRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV\nBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYII\nFp76a26K5DUwDQYJKoZIhvcNAQELBQADggIBAJj9q76PUINkyJBrZlEt/4iISBsM\n1+rpSkLfiHBGa5F208k+TGF+OP2ADt120aM1CM44taV8AYq2/86YkPGygMzUF+VT\nodAXofhRM1gUkIKLK87FgpSZNVo5UTtUaw+Mzhi6Pc+b74/cHDCdm39/Mt91aG3j\nY2Mx+BVPLKXDlWLzECXWyI/QlHikZGirVGbvKQ4mcbxJyyMlomV9/l7drt657+Mk\ngykiKltOfJGFkbNg+O6C8aabl1MSDx9kdu9nYV7q54poemE0OIbqtgDKg1WcrpKW\nW1ItyTy8eCJPPAVq0oFJlFUPmy91IqqAOegEjduI54kE5C24Qc37MOmY5cFY/UP0\nLyH3BvKz4oH/cIUqA+dlHp+VtmuZWM77+r5R3ESqm3Vl2ZCxlCCYFOpJP9ckqRQK\naTWosE1guN3tIw3TQk+v/u9UkKdnTfi5XrlmG5P25Wax/Z91SIgZD3vJbS51SEVW\nnRwiwlQuHoX/ginPsPgl5v9GQpCVolmN/JHTaX5FeMkreyqMobyeaqljuVp/KEfY\nLuJn9KvWIqCNl4MrHr6sr/3WyCz9351NnHHhpGu5E70Xb8T8womsIik8ELI/rC8u\n/jxX5nRLgoO7hf+rCZDO6xrHeAOOVQVSWvy0i3KOP9ME+49RzlW1a3+2KMg8MfXf\n5lQdDj0RbCpQv+DP\n-----END CERTIFICATE-----\n'}
[INFO ] Completed state [/opt/local/etc/openssl/certs/internal-ca.crt] at time 14:45:39.316393 duration_in_ms=2.915
[DEBUG ] LazyLoaded cmd.wait
[INFO ] Running state [/opt/local/bin/c_rehash] at time 14:45:39.319292
[INFO ] Executing state cmd.wait for /opt/local/bin/c_rehash
[INFO ] No changes made for /opt/local/bin/c_rehash
[INFO ] Completed state [/opt/local/bin/c_rehash] at time 14:45:39.321146 duration_in_ms=1.854
[INFO ] Running state [/opt/local/bin/c_rehash] at time 14:45:39.321598
[INFO ] Executing state cmd.mod_watch for /opt/local/bin/c_rehash
[DEBUG ] LazyLoaded cmd.run_all
[INFO ] Executing command '/opt/local/bin/c_rehash' in directory '/root'
[DEBUG ] stdout: Doing /opt/local/etc/openssl/certs
[INFO ] {'pid': 59945, 'retcode': 0, 'stderr': '', 'stdout': 'Doing /opt/local/etc/openssl/certs'}
[INFO ] Completed state [/opt/local/bin/c_rehash] at time 14:45:46.473860 duration_in_ms=7152.262
[INFO ] Running state [/opt/local/etc/pki] at time 14:45:46.475471
[INFO ] Executing state file.directory for /opt/local/etc/pki
[INFO ] Directory /opt/local/etc/pki is in the correct state
[INFO ] Completed state [/opt/local/etc/pki] at time 14:45:46.480006 duration_in_ms=4.535
[INFO ] Running state [/opt/local/etc/pki/test.acheron.be.key] at time 14:45:46.481854
[INFO ] Executing state x509.private_key_managed for /opt/local/etc/pki/test.acheron.be.key
[INFO ] The Private key is already in the correct state
[INFO ] Completed state [/opt/local/etc/pki/test.acheron.be.key] at time 14:45:46.484924 duration_in_ms=3.07
[INFO ] Running state [certificate:test.acheron.be::crt] at time 14:45:46.486626
[INFO ] Executing state x509.certificate_managed for certificate:test.acheron.be::crt
[DEBUG ] LazyLoaded publish.publish
[INFO ] Publishing 'x509.sign_remote_certificate' to tcp://[2001:6f8:1480:30::130]:4506
[DEBUG ] Re-using SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[ERROR ] An exception occurred in this state: Traceback (most recent call last):
File "/opt/salt/lib/python2.7/site-packages/salt/state.py", line 1703, in call
**cdata['kwargs'])
File "/opt/salt/lib/python2.7/site-packages/salt/loader.py", line 1607, in wrapper
return f(*args, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/states/x509.py", line 429, in certificate_managed
new = __salt__['x509.create_certificate'](testrun=True, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 1099, in create_certificate
pem_type='CERTIFICATE')
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 628, in write_pem
text = get_pem_entry(text, pem_type=pem_type)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 350, in get_pem_entry
text = _text_or_file(text)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 267, in _text_or_file
if os.path.isfile(input_):
File "/opt/local/lib/python2.7/genericpath.py", line 37, in isfile
st = os.stat(path)
TypeError: coercing to Unicode: need string or buffer, dict found
[INFO ] Completed state [certificate:test.acheron.be::crt] at time 14:45:46.872249 duration_in_ms=385.623
[DEBUG ] File /var/cache/salt/minion/accumulator/18446741324877745488 does not exist, no need to cleanup.
[DEBUG ] LazyLoaded config.option
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] LazyLoaded highstate.output
[DEBUG ] LazyLoaded nested.output
[DEBUG ] LazyLoaded nested.output
local:
----------
ID: certificate::truststore
Function: file.directory
Name: /opt/local/etc/openssl/certs
Result: True
Comment: Directory /opt/local/etc/openssl/certs is in the correct state
Started: 14:45:39.197133
Duration: 18.302 ms
Changes:
----------
ID: certificate::truststore
Function: x509.pem_managed
Name: /opt/local/etc/openssl/certs/internal-ca.crt
Result: True
Comment: PEM written to /opt/local/etc/openssl/certs/internal-ca.crt
Started: 14:45:39.313478
Duration: 2.915 ms
Changes:
----------
new:
-----BEGIN CERTIFICATE-----
MIIGOjCCBCKgAwIBAgIJAOk+o2OagIHZMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
BAYTAkJFMRMwEQYDVQQDDAphY2hlcm9uLWNhMREwDwYDVQQHDAhLYXBlbGxlbjEQ
MA4GA1UECAwHQW50d2VycDEhMB8GCSqGSIb3DQEJARYSY2VydGFkbUBhY2hlcm9u
LmJlMB4XDTE2MDMyNTEzNDIzMVoXDTI2MDMyMzEzNDIzMVowajELMAkGA1UEBhMC
QkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYD
VQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDcFRv2Ys6Bq/HLx7KFZGwQ
aQBhwVAJfe4bAEM2lbT2chqsM7xmWej0RH/anRsgnA909iGvhwqp8BZA8eAeXYJx
sA8VtdJAV8ap4BJsO49/RUYsMQkemTyXf3Lh7mgk9Bx8SxC/Dqy/5pDN1UFUo37Q
HFx0Vs+hyxjIRn+Eqx7J/AhrUckNOwKCuVUbcAR7ussiAWyW9JyspfRcocJ3PDlN
KHgE4z8k+T9GIZodPuPFAoy65RSEuTCrDw6Z2eVfKJ+AgCXHj3MZueOD4oROGo9G
rGPfVPC2Q0nBf8RyY48giaf7S4psnQvBB802vo9dB1ho4C8M6aq+lGPBUN5304D2
ahXgQyl3XvjbBsWmHW02iW1fwnZjpb6IVtKN6btOZGoRYx9+4O7bJCdBX5cg4kvx
w3jcgee0LzgbF3cao2GnGiOjziJeANvCz2eTTPF3KU3ljt0lDrzoK1URaj6kehSa
6H7Kgo6XVqKgOA1BrhhB8cDhXc7XKo5+fBzl4onOdDfS548OFGu0mq5kbLWFRaa+
kFnc3ATBu9w3bf7MnWcdweY41LVuIdQnoK4/REYGOBlVfkIFKvk3DarecROigw/R
pb/5PIFempvcxzQP1BhfaOU966dIJS6LwkGFs4cKKOTBEjbLTYbbL4/rvymTAXz+
kxRQXPUqiv6fROLyYV305QIDAQABo4HiMIHfMA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQZYfHd4HPHOOWV2oy/NunYx6omYDCBnAYD
VR0jBIGUMIGRgBQZYfHd4HPHOOWV2oy/NunYx6omYKFupGwwajELMAkGA1UEBhMC
QkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYD
VQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmWC
CQDpPqNjmoCB2TANBgkqhkiG9w0BAQsFAAOCAgEAstHWs0FNndqmSVuo2REeLC3L
Hfk0XE8WhLL5rYfGYe08xeIZVSJhzsJF3IategErMiteDAWMkgr4CFPUcsCBzQio
rR+Mmpclp78DwdE9PSWiXpfK6nJTt25Z7PaH50ajgh5nKXJGMoxSzu5L/Oh31NfZ
Z/bSmOZRBhl6N8aE78eRgPIxuEXmZxVl3mX/BtxL2/F3WaXdPQmFAg6hgsBM064N
t8xASOQT2yuSAbP/4a15/Cj5EDYjEzCirgjBPIwKBVeQRhoaFsmuAaWADEYksbHl
SUuj9Daclger/dWOfL72njDT7RnYjiYL0jJSFkDZsnGZeZcvh7rTDwIbeElmuIwW
BNM1KY++U2j02K4ql5Xv7FMf0wOm7v2eRfWRfTmTazjj6tNUGOUZDRjGG0TnGrk9
WG0a0RxM7e5auYry5FiA3CqjlieR96nJ9zovsdWiTe3Be2Hja4Vm3+z8kbQ4XX1n
gDrutcG6uMUlZVE4EBTtxxBSgifawBs2Y6oTNleQ0Mogf8zFcfqH3neFP9ka1ekG
UYSu9gZ8mLjNa9oIL4k1TSxOZoy2+QYYWC9oJCAODZPegyUrhpMWMjpQtutRbEDx
ufjlSk2yKtQz23awJetNcjDGE2qmehlDS0XZouygxWUiKY7ArRFdxNObBAaeUCDd
MYp6kTlVEA37+3kVhvk=
-----END CERTIFICATE-----
old:
-----BEGIN CERTIFICATE-----
MIIGODCCBCCgAwIBAgIIFp76a26K5DUwDQYJKoZIhvcNAQELBQAwajELMAkGA1UE
BhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAw
DgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24u
YmUwHhcNMTYwMzI1MDAxNDM5WhcNMjYwMzIzMDAxNDM5WjBqMQswCQYDVQQGEwJC
RTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV
BAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANM4zxeuKAYa9SmHHzUGaLL1
FI+nNJJ4KXRezVGtQsrMHQntFRhjH1T3Najaj7W+MKG/LtSPMXgX4UDlNnXkpxki
XMltEbbAcVimi9XTombuRAEznApJNq0zo+rlIa9foVDE0xUcTKEjE4OB30ghC/yR
CFjUeyVITgj3HGBsCzJdjl0gFyZVCg4+K6nULrawlG6H1iQkbw1a/8AMkGv3488d
Gwz2jTIvrhrHduDdh3KdLqhdldpGwn6JkkO4gwJ+WGtK1dR741gQyxDpeTu2WxLm
7ahlW8S0PQvAFFcrNzm7ApUwgYVmodOcggnMDbcGfiQPpSQ9c8cPtBvy8Ge31bRp
nEK4/u3w1QFWeUV6+6NnO+IibnIjBrqGyKPKZD8KyC1pGMgdy32TlJ8kC3E/mQ4w
SZZgi5Gr0XuRMz/DVX26Go8bLPJCi8qv/dI8oJ2z0YTAk5I+5gDCsMro1dsuGVlY
eEU0KSXRsvrpf8Eu5Xh+imZsqu2sCu/BwfAZ4ky0YrlDlrHJa3JggtPeNMPjX6ma
2dmR6UQ8Wo+EPyEcgmPB/5qHGxdo1mEv5mvF4j7xiS59+T/9tK64sS9W+n1OTOd9
6Itzb+Ah178in6dIAQL3M37LH8yQl6QQVex2Ifi43uFS905WiUNwJi38Xs1EL/PY
WOJej8b3jRG3IULKJHLnAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGAleMyvI+exK7EWBA1oUwx9fF0ZMIGbBgNV
HSMEgZMwgZCAFGAleMyvI+exK7EWBA1oUwx9fF0ZoW6kbDBqMQswCQYDVQQGEwJC
RTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV
BAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYII
Fp76a26K5DUwDQYJKoZIhvcNAQELBQADggIBAJj9q76PUINkyJBrZlEt/4iISBsM
1+rpSkLfiHBGa5F208k+TGF+OP2ADt120aM1CM44taV8AYq2/86YkPGygMzUF+VT
odAXofhRM1gUkIKLK87FgpSZNVo5UTtUaw+Mzhi6Pc+b74/cHDCdm39/Mt91aG3j
Y2Mx+BVPLKXDlWLzECXWyI/QlHikZGirVGbvKQ4mcbxJyyMlomV9/l7drt657+Mk
gykiKltOfJGFkbNg+O6C8aabl1MSDx9kdu9nYV7q54poemE0OIbqtgDKg1WcrpKW
W1ItyTy8eCJPPAVq0oFJlFUPmy91IqqAOegEjduI54kE5C24Qc37MOmY5cFY/UP0
LyH3BvKz4oH/cIUqA+dlHp+VtmuZWM77+r5R3ESqm3Vl2ZCxlCCYFOpJP9ckqRQK
aTWosE1guN3tIw3TQk+v/u9UkKdnTfi5XrlmG5P25Wax/Z91SIgZD3vJbS51SEVW
nRwiwlQuHoX/ginPsPgl5v9GQpCVolmN/JHTaX5FeMkreyqMobyeaqljuVp/KEfY
LuJn9KvWIqCNl4MrHr6sr/3WyCz9351NnHHhpGu5E70Xb8T8womsIik8ELI/rC8u
/jxX5nRLgoO7hf+rCZDO6xrHeAOOVQVSWvy0i3KOP9ME+49RzlW1a3+2KMg8MfXf
5lQdDj0RbCpQv+DP
-----END CERTIFICATE-----
----------
ID: certificate::truststore
Function: cmd.wait
Name: /opt/local/bin/c_rehash
Result: True
Comment: Command "/opt/local/bin/c_rehash" run
Started: 14:45:39.321598
Duration: 7152.262 ms
Changes:
----------
pid:
59945
retcode:
0
stderr:
stdout:
Doing /opt/local/etc/openssl/certs
----------
ID: certificate::keystore
Function: file.directory
Name: /opt/local/etc/pki
Result: True
Comment: Directory /opt/local/etc/pki is in the correct state
Started: 14:45:46.475471
Duration: 4.535 ms
Changes:
----------
ID: certificate:test.acheron.be::key
Function: x509.private_key_managed
Name: /opt/local/etc/pki/test.acheron.be.key
Result: True
Comment: The Private key is already in the correct state
Started: 14:45:46.481854
Duration: 3.07 ms
Changes:
----------
ID: certificate:test.acheron.be::crt
Function: x509.certificate_managed
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/opt/salt/lib/python2.7/site-packages/salt/state.py", line 1703, in call
**cdata['kwargs'])
File "/opt/salt/lib/python2.7/site-packages/salt/loader.py", line 1607, in wrapper
return f(*args, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/states/x509.py", line 429, in certificate_managed
new = __salt__['x509.create_certificate'](testrun=True, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 1099, in create_certificate
pem_type='CERTIFICATE')
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 628, in write_pem
text = get_pem_entry(text, pem_type=pem_type)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 350, in get_pem_entry
text = _text_or_file(text)
File "/opt/salt/lib/python2.7/site-packages/salt/modules/x509.py", line 267, in _text_or_file
if os.path.isfile(input_):
File "/opt/local/lib/python2.7/genericpath.py", line 37, in isfile
st = os.stat(path)
TypeError: coercing to Unicode: need string or buffer, dict found
Started: 14:45:46.486626
Duration: 385.623 ms
Changes:
Summary for local
------------
Succeeded: 5 (changed=2)
Failed: 1
------------
Total states run: 6I added some additional logging here to help determine what value it is getting that is the wrong type.
Can you run the same test again with https://github.com/clinta/salt/blob/32075/salt/modules/x509.py?
sjorge
commented
8 years ago Both role.certificate.authority and role.certificate now fail. (remove the linked x509.py and then it worked again)
[root@cronos /salt/states/role/certificate]# salt --versions-report
Salt Version:
Salt: 2016.3.0rc1-112-g1af2e41
Dependency Versions:
Jinja2: 2.8
M2Crypto: 0.22
Mako: Not Installed
PyYAML: 3.11
PyZMQ: 14.4.1
Python: 2.7.11 (default, Mar 18 2016, 13:38:08)
RAET: 0.6.5
Tornado: 4.3
ZMQ: 4.1.3
cffi: Not Installed
cherrypy: 3.8.0
dateutil: 2.4.0
gitdb: 0.6.4
gitpython: 1.0.2
ioflo: 1.5.1
libgit2: Not Installed
libnacl: 1.4.4
msgpack-pure: Not Installed
msgpack-python: 0.4.7
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
python-gnupg: 2.0.2
smmap: 0.9.0
timelib: 0.2.4
System Versions:
dist:
machine: i86pc
release: 5.11
system: SunOS
version: Not Installed[root@cronos /salt/states/role/certificate]# salt 'cronos' saltutil.sync_all
cronos:
----------
beacons:
grains:
log_handlers:
modules:
- modules.x509
output:
proxymodules:
renderers:
returners:
sdb:
states:
utils:[root@cronos /salt/dynmod/_modules]# salt-call -l debug state.apply role.certificate.authority
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Configuration file path: /opt/local/etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Connecting to master. Attempt 1 of 1
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (9716)
[DEBUG ] Setting zmq_reconnect_ivl to '9716ms'
[DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'clear')
[DEBUG ] Decrypting the current master AES key
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] LazyLoaded state.apply
[DEBUG ] LazyLoaded saltutil.is_running
[DEBUG ] LazyLoaded grains.get
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Loading fresh modules for state activity
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/authority.sls' to resolve 'salt://role/certificate/authority.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/authority.sls' to resolve 'salt://role/certificate/authority.sls'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/authority.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/certificate/authority.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[DEBUG ] LazyLoaded grains.filter_by
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/config.jinja'
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/authority.sls' using 'jinja' renderer: 0.178818941116
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/certificate/authority.sls:
######
## certificate.authority state
## -----------------------------------
## https://docs.saltstack.com/en/develop/ref/states/all/salt.states.x509.html#module-salt.states.x509
######
## import
## pull in dependancies
include:
- role.salt.minion
- role.salt.master
## manage private key
certificate.authority::private-key:
x509.private_key_managed:
- name: /salt/pki/ca.key
- bits: 4096
- backup: True
- require:
- file: certificate.authority::directory
## manage certificate
certificate.authority::certificate:
x509.certificate_managed:
- name: /salt/pki/ca.crt
- signing_private_key: /salt/pki/ca.key
- CN: acheron-ca
- C: BE
- ST: Antwerp
- L: Kapellen
- Email: certadm@acheron.be
- basicConstraints: "critical CA:true"
- keyUsage: "critical cRLSign, keyCertSign"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3650
- days_remaining: 0
- backup: True
- require:
- x509: certificate.authority::private-key
## manage directories
certificate.authority::directory:
file.directory:
- name: /salt/pki
- makedirs: true
- user: root
- group: nacl
- dir_mode: 2770
certificate.authority::directory-issued:
file.directory:
- name: /salt/pki/issued/
- makedirs: true
- user: root
- group: nacl
- dir_mode: 2770
## manage policies
certificate.authority::policies:
file.managed:
- name: /salt/config/minion.d/signing_policies.conf
- template: jinja
- source: salt://role/certificate/_files/policies.conf
- context:
saltcfg: {'prefix': '/salt/config', 'schedule_apply': 15, 'log_level_logfile': 'warning', 'service': {'minion': 'salt:minion', 'master': 'salt:master'}, 'master': 'cronos.acheron.be', 'smtp': {'tls': True, 'server': 'exosphere.acheron.be'}}
certcfg: {'managed': None, 'castore_dir': '/opt/local/etc/openssl/certs', 'authority_dir': '/salt/pki', 'pki_dir': '/opt/local/etc/pki', 'authority_id': 'cronos', 'castore_bin': '/opt/local/bin/c_rehash'}
- watch_in:
- service: salt.minion::service
## manage peering
certificate.authority::peering:
file.managed:
- name: /salt/config/master.d/certificate_signing_peering.conf
- template: jinja
- source: salt://role/certificate/_files/peering.conf
- context:
authority_id: cronos
- watch_in:
- service: salt.master::service
## store ca in grains
mine.send:
module.run:
- func: x509.get_pem_entries
- kwargs:
glob_path: /salt/pki/ca.crt
- onchanges:
- x509: certificate.authority::certificate
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] LazyLoaded config.get
[DEBUG ] Results of YAML rendering:
OrderedDict([('include', ['role.salt.minion', 'role.salt.master']), ('certificate.authority::private-key', OrderedDict([('x509.private_key_managed', [OrderedDict([('name', '/salt/pki/ca.key')]), OrderedDict([('bits', 4096)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('file', 'certificate.authority::directory')])])])])])), ('certificate.authority::certificate', OrderedDict([('x509.certificate_managed', [OrderedDict([('name', '/salt/pki/ca.crt')]), OrderedDict([('signing_private_key', '/salt/pki/ca.key')]), OrderedDict([('CN', 'acheron-ca')]), OrderedDict([('C', 'BE')]), OrderedDict([('ST', 'Antwerp')]), OrderedDict([('L', 'Kapellen')]), OrderedDict([('Email', 'certadm@acheron.be')]), OrderedDict([('basicConstraints', 'critical CA:true')]), OrderedDict([('keyUsage', 'critical cRLSign, keyCertSign')]), OrderedDict([('subjectKeyIdentifier', 'hash')]), OrderedDict([('authorityKeyIdentifier', 'keyid,issuer:always')]), OrderedDict([('days_valid', 3650)]), OrderedDict([('days_remaining', 0)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('x509', 'certificate.authority::private-key')])])])])])), ('certificate.authority::directory', OrderedDict([('file.directory', [OrderedDict([('name', '/salt/pki')]), OrderedDict([('makedirs', True)]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'nacl')]), OrderedDict([('dir_mode', 2770)])])])), ('certificate.authority::directory-issued', OrderedDict([('file.directory', [OrderedDict([('name', '/salt/pki/issued/')]), OrderedDict([('makedirs', True)]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'nacl')]), OrderedDict([('dir_mode', 2770)])])])), ('certificate.authority::policies', OrderedDict([('file.managed', [OrderedDict([('name', '/salt/config/minion.d/signing_policies.conf')]), OrderedDict([('template', 'jinja')]), OrderedDict([('source', 'salt://role/certificate/_files/policies.conf')]), OrderedDict([('context', OrderedDict([('saltcfg', OrderedDict([('prefix', '/salt/config'), ('schedule_apply', 15), ('log_level_logfile', 'warning'), ('service', OrderedDict([('minion', 'salt:minion'), ('master', 'salt:master')])), ('master', 'cronos.acheron.be'), ('smtp', OrderedDict([('tls', True), ('server', 'exosphere.acheron.be')]))])), ('certcfg', OrderedDict([('managed', 'None'), ('castore_dir', '/opt/local/etc/openssl/certs'), ('authority_dir', '/salt/pki'), ('pki_dir', '/opt/local/etc/pki'), ('authority_id', 'cronos'), ('castore_bin', '/opt/local/bin/c_rehash')]))]))]), OrderedDict([('watch_in', [OrderedDict([('service', 'salt.minion::service')])])])])])), ('certificate.authority::peering', OrderedDict([('file.managed', [OrderedDict([('name', '/salt/config/master.d/certificate_signing_peering.conf')]), OrderedDict([('template', 'jinja')]), OrderedDict([('source', 'salt://role/certificate/_files/peering.conf')]), OrderedDict([('context', OrderedDict([('authority_id', 'cronos')]))]), OrderedDict([('watch_in', [OrderedDict([('service', 'salt.master::service')])])])])])), ('mine.send', OrderedDict([('module.run', [OrderedDict([('func', 'x509.get_pem_entries')]), OrderedDict([('kwargs', OrderedDict([('glob_path', '/salt/pki/ca.crt')]))]), OrderedDict([('onchanges', [OrderedDict([('x509', 'certificate.authority::certificate')])])])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/authority.sls' using 'yaml' renderer: 0.0972249507904
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/minion.sls' to resolve 'salt://role/salt/minion.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/minion.sls' to resolve 'salt://role/salt/minion.sls'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/minion.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/salt/minion.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/salt/minion.sls' using 'jinja' renderer: 0.120450019836
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/salt/minion.sls:
######
## salt.minion state
## -----------------------------------
## configuration for salt-minion
######
## import saltcfg
## manage minion
salt.minion::service: ## enable salt-minion
service.running:
- name: salt:minion
- enable: True
- order: last
- watch:
- file: salt.minion::config
salt.minion::config: ## manage minion config file
file.managed:
- name: /salt/config/minion
- template: jinja
- source:
- salt://role/salt/_files/minion.conf.SmartOS
- salt://role/salt/_files/minion.conf.default
- context:
saltcfg: {'prefix': '/salt/config', 'schedule_apply': 15, 'log_level_logfile': 'warning', 'service': {'minion': 'salt:minion', 'master': 'salt:master'}, 'master': 'cronos.acheron.be', 'smtp': {'tls': True, 'server': 'exosphere.acheron.be'}}
- user: root
- group: root
- mode: 0644
salt.minion::config.d:
file.directory:
- name: /salt/config/minion.d
- user: root
- group: root
- dir_mode: 0755
salt.minion::wrapper: ## create wrapper
file.symlink:
- makedirs: true
- force: true
- name: /usr/local/bin/salt-call
- target: /opt/salt/bin/salt-call
salt.minion::schedule-apply: ## schedule apply
schedule.present:
- function: state.apply
- minutes: 15
- splay: 15
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] Results of YAML rendering:
OrderedDict([('salt.minion::service', OrderedDict([('service.running', [OrderedDict([('name', 'salt:minion')]), OrderedDict([('enable', True)]), OrderedDict([('order', 'last')]), OrderedDict([('watch', [OrderedDict([('file', 'salt.minion::config')])])])])])), ('salt.minion::config', OrderedDict([('file.managed', [OrderedDict([('name', '/salt/config/minion')]), OrderedDict([('template', 'jinja')]), OrderedDict([('source', ['salt://role/salt/_files/minion.conf.SmartOS', 'salt://role/salt/_files/minion.conf.default'])]), OrderedDict([('context', OrderedDict([('saltcfg', OrderedDict([('prefix', '/salt/config'), ('schedule_apply', 15), ('log_level_logfile', 'warning'), ('service', OrderedDict([('minion', 'salt:minion'), ('master', 'salt:master')])), ('master', 'cronos.acheron.be'), ('smtp', OrderedDict([('tls', True), ('server', 'exosphere.acheron.be')]))]))]))]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('mode', 644)])])])), ('salt.minion::config.d', OrderedDict([('file.directory', [OrderedDict([('name', '/salt/config/minion.d')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('dir_mode', 755)])])])), ('salt.minion::wrapper', OrderedDict([('file.symlink', [OrderedDict([('makedirs', True)]), OrderedDict([('force', True)]), OrderedDict([('name', '/usr/local/bin/salt-call')]), OrderedDict([('target', '/opt/salt/bin/salt-call')])])])), ('salt.minion::schedule-apply', OrderedDict([('schedule.present', [OrderedDict([('function', 'state.apply')]), OrderedDict([('minutes', 15)]), OrderedDict([('splay', 15)])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/salt/minion.sls' using 'yaml' renderer: 0.047837972641
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/master.sls' to resolve 'salt://role/salt/master.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/master.sls' to resolve 'salt://role/salt/master.sls'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/master.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/salt/master.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/config.jinja' to resolve 'salt://role/salt/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/salt/master.sls' using 'jinja' renderer: 0.110279083252
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/salt/master.sls:
######
## salt.master
## -----------------------------------
######
## import saltcfg
## manage master
salt.master::packages: ## install packages
pkg.installed:
- names:
- git-base
pip.installed:
- names:
- progressbar
- bin_env: /opt/salt
salt.master::service: ## enable salt-minion
service.running:
- name: salt:master
- enable: True
- order: last
- watch:
- file: salt.master::config
salt.master::config: ## manage master config file
file.managed:
- name: /salt/config/master
- template: jinja
- source:
- salt://role/salt/_files/master.conf.SmartOS
- salt://role/salt/_files/master.conf.default
- context:
saltcfg: {'prefix': '/salt/config', 'schedule_apply': 15, 'log_level_logfile': 'warning', 'service': {'minion': 'salt:minion', 'master': 'salt:master'}, 'master': 'cronos.acheron.be', 'smtp': {'tls': True, 'server': 'exosphere.acheron.be'}}
- user: root
- group: root
- mode: 0644
salt.master::config.d:
file.directory:
- name: /salt/config/master.d
- user: root
- group: root
- dir_mode: 0755
#salt.master::directory-permissions: ## fix directory permissions for ACL
# file.directory:
# - names:
# - /var/cache/salt/master
# - /var/run/salt/master
# - user: root
# - group: nacl
# - dir_mode: 2775
#salt.master::log-permission: ## fix log permission for ACL
# file.managed:
# - name: /var/log/salt-master.log
# - user: root
# - group: nacl
# - mode: 0664
salt.master::wrapper: ## create wrapper
file.symlink:
- makedirs: true
- force: true
- names:
- /usr/local/bin/salt:
- target: /opt/salt/bin/salt
- /usr/local/bin/salt-key:
- target: /opt/salt/bin/salt-key
salt.master::repo: ## configure user.name and user.email for git repositorie
git.config_set:
- repo: /salt
- value: salt
- names:
- user.name
- user.email:
- value: salt@cronos.acheron.be
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] Results of YAML rendering:
OrderedDict([('salt.master::packages', OrderedDict([('pkg.installed', [OrderedDict([('names', ['git-base'])])]), ('pip.installed', [OrderedDict([('names', ['progressbar'])]), OrderedDict([('bin_env', '/opt/salt')])])])), ('salt.master::service', OrderedDict([('service.running', [OrderedDict([('name', 'salt:master')]), OrderedDict([('enable', True)]), OrderedDict([('order', 'last')]), OrderedDict([('watch', [OrderedDict([('file', 'salt.master::config')])])])])])), ('salt.master::config', OrderedDict([('file.managed', [OrderedDict([('name', '/salt/config/master')]), OrderedDict([('template', 'jinja')]), OrderedDict([('source', ['salt://role/salt/_files/master.conf.SmartOS', 'salt://role/salt/_files/master.conf.default'])]), OrderedDict([('context', OrderedDict([('saltcfg', OrderedDict([('prefix', '/salt/config'), ('schedule_apply', 15), ('log_level_logfile', 'warning'), ('service', OrderedDict([('minion', 'salt:minion'), ('master', 'salt:master')])), ('master', 'cronos.acheron.be'), ('smtp', OrderedDict([('tls', True), ('server', 'exosphere.acheron.be')]))]))]))]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('mode', 644)])])])), ('salt.master::config.d', OrderedDict([('file.directory', [OrderedDict([('name', '/salt/config/master.d')]), OrderedDict([('user', 'root')]), OrderedDict([('group', 'root')]), OrderedDict([('dir_mode', 755)])])])), ('salt.master::wrapper', OrderedDict([('file.symlink', [OrderedDict([('makedirs', True)]), OrderedDict([('force', True)]), OrderedDict([('names', [OrderedDict([('/usr/local/bin/salt', [OrderedDict([('target', '/opt/salt/bin/salt')])])]), OrderedDict([('/usr/local/bin/salt-key', [OrderedDict([('target', '/opt/salt/bin/salt-key')])])])])])])])), ('salt.master::repo', OrderedDict([('git.config_set', [OrderedDict([('repo', '/salt')]), OrderedDict([('value', 'salt')]), OrderedDict([('names', ['user.name', OrderedDict([('user.email', [OrderedDict([('value', 'salt@cronos.acheron.be')])])])])])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/salt/master.sls' using 'yaml' renderer: 0.0617599487305
[DEBUG ] LazyLoaded file.managed
[INFO ] Running state [/salt/config/minion] at time 18:23:43.375987
[INFO ] Executing state file.managed for /salt/config/minion
[DEBUG ] LazyLoaded file.user_to_uid
[DEBUG ] LazyLoaded cp.list_master
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/_files/minion.conf.default' to resolve 'salt://role/salt/_files/minion.conf.default'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/_files/minion.conf.default' to resolve 'salt://role/salt/_files/minion.conf.default'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/_files/minion.conf.default'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/_files/minion.conf.default' to resolve 'salt://role/salt/_files/minion.conf.default'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/_files/minion.conf.default' to resolve 'salt://role/salt/_files/minion.conf.default'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/_files/minion.conf.default'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[INFO ] File /salt/config/minion is in the correct state
[INFO ] Completed state [/salt/config/minion] at time 18:23:43.562906 duration_in_ms=186.919
[INFO ] Running state [/salt/config/minion.d] at time 18:23:43.563533
[INFO ] Executing state file.directory for /salt/config/minion.d
[INFO ] Directory /salt/config/minion.d is in the correct state
[INFO ] Completed state [/salt/config/minion.d] at time 18:23:43.567590 duration_in_ms=4.057
[INFO ] Running state [/usr/local/bin/salt-call] at time 18:23:43.568164
[INFO ] Executing state file.symlink for /usr/local/bin/salt-call
[DEBUG ] LazyLoaded user.info
[INFO ] Symlink /usr/local/bin/salt-call is present and owned by root:root
[INFO ] Completed state [/usr/local/bin/salt-call] at time 18:23:43.577789 duration_in_ms=9.625
[DEBUG ] LazyLoaded schedule.present
[INFO ] Running state [salt.minion::schedule-apply] at time 18:23:43.579656
[INFO ] Executing state schedule.present for salt.minion::schedule-apply
[DEBUG ] LazyLoaded schedule.list
[DEBUG ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_6526b48f89_pub.ipc
[DEBUG ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_6526b48f89_pull.ipc
[DEBUG ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_6526b48f89_pub.ipc
[DEBUG ] LazyLoaded event.fire
[DEBUG ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_6526b48f89_pub.ipc
[DEBUG ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_6526b48f89_pull.ipc
[DEBUG ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_6526b48f89_pull.ipc
[DEBUG ] Sending event - data = {'_stamp': '2016-03-25T17:23:43.592457', 'where': None, 'func': 'list'}
[INFO ] Job salt.minion::schedule-apply in correct state
[INFO ] Completed state [salt.minion::schedule-apply] at time 18:23:43.604831 duration_in_ms=25.175
[DEBUG ] Error loading module.win_pkg: Module win_pkg: module only works on Windows systems
[DEBUG ] LazyLoaded pkg.install
[DEBUG ] LazyLoaded pkg.installed
[DEBUG ] Error loading module.opkg: Module opkg only works on nilrt based systems
[DEBUG ] Error loading module.mac_pkgutil: The darwin_pkgutil execution module cannot be loaded: only available on MacOS systems.
[DEBUG ] Error loading module.dpkg: The dpkg execution module cannot be loaded: only works on Debian family systems.
[DEBUG ] Error loading module.pkgng: The pkgng execution module cannot be loaded: only available on FreeBSD 10 or FreeBSD 9 with providers.pkg set to pkgng.
[DEBUG ] Error loading module.aptpkg: The pkg module could not be loaded: unsupported OS family
[DEBUG ] Error loading module.yumpkg: Module yumpkg: no yum based system detected
[DEBUG ] Error loading module.solarispkg: The solarispkg execution module failed to load: only available on Solaris <= 10.
[DEBUG ] Error loading module.pkgutil: The pkgutil execution module cannot be loaded: only available on Solaris systems.
[DEBUG ] Error loading module.openbsdpkg: The openbsdpkg execution module cannot be loaded: only available on OpenBSD systems.
[DEBUG ] Error loading module.freebsdpkg: The freebsdpkg execution module cannot be loaded: either the os is not FreeBSD or the version of FreeBSD is >= 10.
[DEBUG ] Error loading module.selinux: semanage is not in the path
[DEBUG ] Error loading module.groupadd: The groupadd execution module cannot be loaded: only available on Linux, OpenBSD and NetBSD
[DEBUG ] Error loading module.alternatives: Cannot load alternatives module: /etc/alternatives dir not found
[DEBUG ] Error loading module.varnish: The varnish execution module failed to load: either varnishd or varnishadm is not in the path.
[DEBUG ] Error loading module.xapi: Module xapi: xenapi check failed
[DEBUG ] Error loading module.ebuild: The ebuild execution module cannot be loaded: either the system is not Gentoo or the portage python library is not available.
[DEBUG ] Error loading module.win_servermanager: Failed to load win_servermanager module:
Only available on Windows systems.
[DEBUG ] Error loading module.netbsd_sysctl: The netbsd_sysctl execution module failed to load: only available on NetBSD.
[DEBUG ] Error loading module.win_service: Module win_service: module only works on Windows systems
[DEBUG ] Error loading module.boto_sqs: The boto_sqs module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.freebsdkmod: The freebsdkmod execution module cannot be loaded: only available on FreeBSD systems.
[DEBUG ] Error loading module.parted: The parted execution module failed to load parted binary is not in the path.
[DEBUG ] Error loading module.freebsdports: The freebsdports execution module cannot be loaded: only available on FreeBSD systems.
[DEBUG ] Error loading module.qemu_nbd: The qemu_nbd execution module cannot be loaded: the qemu-nbd binary is not in the path.
[DEBUG ] Error loading module.netaddress: The netaddress execution module cannot be loaded: netaddr python library is not installed.
[DEBUG ] Error loading module.glusterfs: glusterfs server is not installed
[DEBUG ] Error loading module.memcached: The memcached execution module cannot be loaded: python memcache library not available.
[DEBUG ] Error loading module.win_powercfg: Module only works on Windows.
[DEBUG ] Error loading module.solarisips: The solarisips execution module failed to load: only available on Solaris >= 11.
[DEBUG ] Error loading module.pw_group: The pw_group execution module cannot be loaded: system is not supported.
[DEBUG ] Error loading module.apache: The apache execution module cannot be loaded: apache is not installed.
[DEBUG ] Error loading module.debconfmod: The debconfmod module could not be loaded: unsupported OS family
[DEBUG ] Error loading module.rdp: Module only works on Windows.
[DEBUG ] Error loading module.guestfs: The guestfs execution module cannot be loaded: guestmount binary not in path.
[DEBUG ] Error loading module.influx: The influx execution module cannot be loaded: influxdb library not available.
[DEBUG ] Error loading module.splunk_search: The splunk_search execution module failed to load: requires both the requests and the splunk-sdk python library to be installed.
[DEBUG ] Error loading module.win_system: Module win_system: module only works on Windows systems
[DEBUG ] Error loading module.glance: The glance execution module cannot be loaded: the glanceclient python library is not available.
[DEBUG ] Error loading module.iwtools: The iwtools execution module cannot be loaded: iwconfig is not installed.
[DEBUG ] Error loading module.chocolatey: Cannot load module chocolatey: Chocolatey requires Windows
[DEBUG ] Error loading module.cassandra_cql: Cannot load cassandra_cql module: python driver not found
[DEBUG ] Error loading module.boto_asg: The boto_asg module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.mssql: The mssql execution module cannot be loaded: the pymssql python library is not available.
[DEBUG ] Error loading module.trafficserver: trafficserver execution module not loaded: traffic_line command not found.
[DEBUG ] Error loading module.twilio_notify: The twilio_notify execution module failed to load: the twilio python library is not installed.
[DEBUG ] Error loading module.nspawn: The nspawn execution module failed to load: only work on systems that have been booted with systemd.
[DEBUG ] Error loading module.grub_legacy: The grub_legacy execution module cannot be loaded: the grub config file does not exist in /boot/grub/
[DEBUG ] Error loading module.debbuild: The debbuild module could not be loaded: unsupported OS family
[DEBUG ] Error loading module.rh_ip: The rh_ip execution module cannot be loaded: this module is only available on RHEL/Fedora based distributions.
[DEBUG ] Error loading module.blockdev: Cannot load the blockdev execution module: blockdev utility not found
[DEBUG ] Error loading module.pushbullet: Pushbullet API Key Unavailable, not loading.
[DEBUG ] Error loading module.iptables: The iptables execution module cannot be loaded: iptables not installed.
[DEBUG ] Error loading module.win_groupadd: Module win_groupadd: module only works on Windows systems
[INFO ] Executing command 'npm --version' in directory '/root'
[DEBUG ] output: 3.6.0
[DEBUG ] Error loading module.mac_softwareupdate: The softwareupdate module could not be loaded: module only works on MacOS systems.
[DEBUG ] Error loading module.znc: Module znc: znc binary not found
[DEBUG ] Error loading module.github: The github execution module cannot be loaded: PyGithub library is not installed.
[DEBUG ] Error loading module.xmpp: Module xmpp: required libraries failed to load
[DEBUG ] Error loading module.rpmbuild: The rpmbuild execution module failed to load: the mock package is not installed.
[DEBUG ] Error loading module.keyboard: The keyboard exeuction module cannot be loaded: only works on Redhat, Debian or Gentoo systems or if localectl binary in path.
[DEBUG ] Error loading module.win_task: Module win_task: module only works on Windows systems
[DEBUG ] Error loading module.powerpath: The powerpath execution module cannot be loaded: the emcpreg binary is not available.
[DEBUG ] Error loading module.portage_config: portage_config execution module cannot be loaded: only available on Gentoo with portage installed.
[DEBUG ] Error loading module.systemd: The systemd execution module failed to load: only available on Linux systems which have been booted with systemd.
[DEBUG ] Error loading module.freebsdservice: The freebsdservice execution module cannot be loaded: only available on FreeBSD systems.
[DEBUG ] Error loading module.openbsdrcctl: The openbsdpkg execution module cannot be loaded: only available on OpenBSD systems.
[DEBUG ] Error loading module.postgres: The postgres execution module failed to load: either the psql or initdb binary are not in the path or the csv library is not available
[DEBUG ] Error loading module.boto_sns: The boto_sns module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.augeas_cfg: Cannot load augeas_cfg module: augeas python module not installed
[DEBUG ] Error loading module.boto_cfn: The module boto_cfs could not be loaded: boto libraries not found
[DEBUG ] Error loading module.win_wua: Module win_wua: module has failed dependencies or is not on Windows client
[DEBUG ] Error loading module.ifttt: IFTTT Secret Key Unavailable, not loading.
[DEBUG ] Error loading module.debian_ip: The debian_ip module could not be loaded: unsupported OS family
[DEBUG ] Error loading module.win_dns_client: Module win_dns_client: module only works on Windows systems
[DEBUG ] Error loading module.freebsdjail: The freebsdjail execution module cannot be loaded: only available on FreeBSD systems.
[DEBUG ] Error loading module.gnomedesktop: The gnome_desktop execution module cannot be loaded: The Gio and GLib modules are not available
[DEBUG ] Error loading module.mac_service: Failed to load the mac_service module:
Only available on Mac OS X systems.
[DEBUG ] Error loading module.stormpath: The stormpath execution module failed to load: requires the stormpath:apiid config option to be set.
[DEBUG ] Error loading module.bluez: The bluetooth execution module cannot be loaded: bluetooth not installed.
[DEBUG ] Error loading module.victorops: No VictorOps api key found.
[DEBUG ] Error loading module.makeconf: The makeconf execution module cannot be loaded: only available on Gentoo systems.
[DEBUG ] Error loading module.win_path: Module win_path: module only works on Windows systems
[DEBUG ] Error loading module.mac_power: The mac_power module could not be loaded: module only works on Mac OS X systems.
[DEBUG ] Error loading module.system_profiler: The system_profiler execution module cannot be loaded: system_profiler unavailable.
[DEBUG ] Error loading module.reg: reg execution module failed to load: either the system is not Windows or the _winreg python library not available.
[DEBUG ] Error loading module.uwsgi: The uwsgi execution module failed to load: the uwsgi binary is not in the path.
[DEBUG ] Error loading module.sensors: sensors does not exist in the path
[DEBUG ] Error loading module.boto_ec2: The boto_ec2 module cannot be loaded: boto library not found
[DEBUG ] Error loading module.win_dsc: Module DSC: Module only works on Windows systems
[DEBUG ] Error loading module.win_firewall: Module win_firewall: module only works on Windows systems
[DEBUG ] Error loading module.puppet: The puppet execution module cannot be loaded: facter, puppet unavailable.
[DEBUG ] Error loading module.openbsdservice: The openbsdservice execution module cannot be loaded: only available on OpenBSD systems.
[INFO ] Log opened: Fri Mar 25 17:23:45 2016 UTC
[DEBUG ] Metaclass __new__ constructor called for <class 'gnupg._meta.GPGMeta'>
[DEBUG ] Metaclass __new__ constructor called for <class 'gnupg._meta.GPGMeta'>
[DEBUG ] Error loading module.system: This module is not available on SunOS
[DEBUG ] Error loading module.debian_service: The debian_service module could not be loaded: unsupported OS family and/or systemd running.
[DEBUG ] Error loading module.linux_ip: The linux_ip execution module cannot be loaded: the ip binary is not in the path.
[DEBUG ] Error loading module.cyg: Module cyg: module only works on Windows systems.
[DEBUG ] Error loading module.gentoo_service: The gentoo_service execution module cannot be loaded: only available on Gentoo systems.
[DEBUG ] Error loading module.pecl: The pecl execution module not loaded: pecl binary is not in the path.
[DEBUG ] Error loading module.chef: Cannot load chef module: chef-client not found
[DEBUG ] Error loading module.ssh_package: The ssh_package execution module failed to load: only works on an ssh_sample proxy minion.
[DEBUG ] Error loading module.win_ntp: Module win_system: module only works on Windows systems
[DEBUG ] Error loading module.dockerio: dockerio execution module not loaded: docker python library not available.
[DEBUG ] Error loading module.netscaler: The netscaler execution module failed to load: the nsnitro python library is not available.
[DEBUG ] Error loading module.win_update: Module win_update: module has failed dependencies or is not on Windows client
[DEBUG ] Error loading module.saltcloudmod: The saltcloudmod execution module failed to load: requires the saltcloud library.
[DEBUG ] Error loading module.win_file: Module win_file: module only works on Windows systems
[DEBUG ] Error loading module.vboxmanage: The vboxmanaged execution module failed to load: VBoxManage is not installed.
[DEBUG ] Error loading module.marathon: The marathon execution module cannot be loaded: this only works in proxy minions.
[DEBUG ] Error loading module.cassandra: The cassandra execution module cannot be loaded: pycassa not installed.
[DEBUG ] Error loading module.junos: The junos module could not be loaded: junos-eznc or proxy could not be loaded.
[DEBUG ] Error loading module.boto_rds: The boto_rds module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.win_timezone: Module win_timezone: tzutil not found or is not on Windows client
[DEBUG ] Error loading module.quota: The quota execution module cannot be loaded: the module is only available on POSIX-like systems with the setquota binary available.
[DEBUG ] Error loading module.qemu_img: The qemu_img execution module cannot be loaded: the qemu-img binary is not in the path.
[DEBUG ] Error loading module.boto_cloudwatch: The boto_cloudwatch module cannot be loaded: boto libraries are unavailable.
[DEBUG ] Error loading module.gentoolkitmod: The gentoolkitmod execution module cannot be loaded: either the system is not Gentoo or the gentoolkit.eclean python module not available
[DEBUG ] Error loading module.aws_sqs: The module aws_sqs could not be loaded: aws command not found
[DEBUG ] Error loading module.bower: The bower module could not be loaded: bower command not found
[DEBUG ] Error loading module.ldapmod: The ldapmod execution module cannot be loaded: ldap config not present.
[DEBUG ] Error loading module.rh_service: Cannot load rh_service module: OS not in set(['SUSE Enterprise Server', 'SUSE', 'RedHat', 'CentOS', 'CloudLinux', 'McAfee OS Server', 'XenServer', 'Amazon', 'OEL', 'ScientificLinux', 'ALT', 'Fedora'])
[DEBUG ] Error loading module.boto_lambda: The boto_lambda module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.smartos_vmadm: vmadm module can only be loaded on SmartOS computed nodes
[DEBUG ] Error loading module.dockerng: Docker module could not get imported
[DEBUG ] Error loading module.layman: layman execution module cannot be loaded: only available on Gentoo with layman installed.
[DEBUG ] Error loading module.ssh_service: The ssh_service execution module failed to load: only works on an ssh_sample proxy minion.
[DEBUG ] Error loading module.mac_system: The mac_system module could not be loaded: module only works on MacOS systems.
[DEBUG ] Error loading module.win_disk: Module win_disk: module only works on Windows systems
[DEBUG ] Error loading module.rest_package: The rest_package execution module failed to load: only works on a rest_sample proxy minion.
[DEBUG ] Error loading module.tuned: The tuned execution module failed to load: the tuned-adm binary is not in the path.
[DEBUG ] Error loading module.boto_elb: The boto_elb module cannot be loaded: boto library not found
[DEBUG ] Error loading module.pw_user: The pw_user execution module cannot be loaded: the pwd python module is not available or the system is not FreeBSD.
[DEBUG ] Error loading module.moosefs: The moosefs execution module cannot be loaded: the mfsgetgoal binary is not in the path.
[DEBUG ] Error loading module.mac_shadow: Not Darwin
[DEBUG ] Error loading module.mdadm: The mdadm execution module cannot be loaded: only available on Linux.
[DEBUG ] Error loading module.smartos_virt: virt module can only be loaded on SmartOS computed nodes
[DEBUG ] Error loading module.launchctl: Failed to load the mac_service module:
Only available on Mac OS X systems.
[DEBUG ] Error loading module.boto_secgroup: The boto_secgroup module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.boto_vpc: The boto_vpc module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.tls: PyOpenSSL version 0.10 or later must be installed before this module can be used.
[DEBUG ] Error loading module.ilo: ilo execution module not loaded: the hponcfg binary is not in the path.
[DEBUG ] Error loading module.chassis: The chassis execution module cannot be loaded: this only works in proxy minions.
[DEBUG ] Error loading module.bridge: The bridge execution module failed to load: requires one of the following tool/os combinations: ifconfig on FreeBSD/OpenBSD, brctl on Linux or brconfig on NetBSD.
[DEBUG ] Error loading module.mac_brew: The brew module could not be loaded: brew not found or grain os != MacOS
[DEBUG ] Error loading module.rpm: The rpm execution module failed to load: rpm binary is not in the path.
[DEBUG ] Error loading module.smartos_imgadm: imgadm module can only be loaded on SmartOS computed nodes
[DEBUG ] Error loading module.solr: The solr execution module failed to load: requires both the solr and apache-solr binaries in the path.
[DEBUG ] Error loading module.bamboohr: The API key was not specified. Please specify it using the "apikey" config.
[DEBUG ] Error loading module.nftables: The nftables execution module failed to load: nftables is not installed.
[DEBUG ] Error loading module.upstart: The upstart execution module failed to load: the system must be Ubuntu-based, or Debian-based with upstart support.
[DEBUG ] Error loading module.zypper: Module zypper: non SUSE OS not suppored by zypper package manager
[DEBUG ] Error loading module.deb_apache: apache execution module not loaded: apache not installed.
[DEBUG ] Error loading module.boto_elasticache: The modle boto_elasticache could not be loaded: boto libraries not found
[DEBUG ] Error loading module.eix: The eix execution module cannot be loaded: either the system is not Gentoo or the eix binary is not in the path.
[DEBUG ] Error loading module.vbox_guest: The vbox_guest execution module failed to load: only available on Linux systems.
[DEBUG ] Error loading module.zk_concurrency: Module zk_concurrency: dependencies failed
[DEBUG ] Error loading module.mac_desktop: Cannot load osxdesktop module: This is not a OSX host.
[DEBUG ] Error loading module.virt: Unable to locate or import python libvirt library.
[DEBUG ] Error loading module.boto_dynamodb: The module boto_dynamodb could not be loaded: boto libraries not found
[DEBUG ] Error loading module.win_autoruns: Module win_autoruns: module only works on Windows systems
[DEBUG ] Error loading module.linux_sysctl: The linux_sysctl execution module cannot be loaded: only available on Linux systems.
[DEBUG ] Error loading module.hadoop: The hadoop execution module cannot be loaded: hadoop binary not in path.
[DEBUG ] Error loading module.win_ip: Module win_ip: module only works on Windows systems
[DEBUG ] Error loading module.boto_kms: The boto_kms module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.poudriere: The poudriere execution module failed to load: only available on FreeBSD with the poudriere binary in the path.
[DEBUG ] Error loading module.sysrc: The sysrc execution module failed to load: the sysrc binary is not in the path.
[DEBUG ] Error loading module.boto_route53: The boto_route53 module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.win_useradd: Module win_useradd: module has failed dependencies or is not on Windows client
[DEBUG ] Error loading module.boto_iam: The boto_iam module could not be loaded: boto libraries not found
[DEBUG ] Error loading module.lxc: The lxc execution module cannot be loaded: the lxc-start binary is not in the path.
[DEBUG ] Error loading module.ddns: The ddns execution module cannot be loaded: dnspython not installed.
[DEBUG ] Error loading module.mac_ports: The macports execution module cannot be loaded: only available on MacOS with the 'port' binary in the PATH.
[DEBUG ] Error loading module.nginx: The nginx execution module cannot be loaded: nginx is not installed.
[DEBUG ] Error loading module.netbsdservice: The netbsdservice execution module failed to load: only available on NetBSD.
[DEBUG ] Error loading module.omapi: The omapi execution module cannot be loaded: the pypureomapi python library is not available.
[DEBUG ] Error loading module.win_shadow: Module win_shadow: module only works on Windows systems.
[DEBUG ] Error loading module.osquery: The osquery execution module cannot be loaded: osqueryi binary is not in the path.
[DEBUG ] Error loading module.mysql: The mysql execution module cannot be loaded: neither MySQLdb nor PyMySQL is available.
[DEBUG ] Error loading module.sysbench: The sysbench execution module failed to load: the sysbench binary is not in the path.
[DEBUG ] Error loading module.ipset: The ipset execution modules cannot be loaded: ipset binary not in path.
[DEBUG ] Error loading module.ipmi: No module named pyghmi.ipmi
[DEBUG ] Error loading module.win_repo: This module only works on Windows.
[DEBUG ] Error loading module.win_status: Cannot load win_status module on non-windows
[DEBUG ] Error loading module.redismod: The redis execution module failed to load: the redis python library is not available.
[DEBUG ] Error loading module.win_network: Module win_network: module only works on Windows systems
[DEBUG ] Error loading module.mac_sysctl: The darwin_sysctl execution module cannot be loaded: only available on MacOS systems.
[DEBUG ] Error loading module.openbsd_sysctl: The openbsd_sysctl execution module cannot be loaded: only available on FreeBSD systems.
[DEBUG ] Error loading module.service: Non Linux OSes are not supported
[DEBUG ] Error loading module.win_iis: Module win_iis: module only works on Windows systems
[DEBUG ] Error loading module.keystone: keystone execution module cannot be loaded: keystoneclient python library not available.
[DEBUG ] Error loading module.deb_postgres: postgres execution module not loaded: pg_createcluste command not found.
[DEBUG ] Error loading module.haproxyconn: The haproxyconn execution module cannot be loaded: haproxyctl module not available
[DEBUG ] Error loading module.freebsd_sysctl: The freebsd_sysctl execution module cannot be loaded: only available on FreeBSD systems.
[DEBUG ] Error loading module.mac_group: The mac_group execution module cannot be loaded: only available on Darwin-based systems >= 10.7
[DEBUG ] Error loading module.vsphere: Missing dependency: The vSphere module requires the pyVmomi Python module.
[DEBUG ] Error loading module.bsd_shadow: The bsd_shadow execution module cannot be loaded: only available on BSD family systems.
[DEBUG ] Error loading module.nova: The nova execution module failed to load: only available if nova is installed.
[DEBUG ] Error loading module.eselect: The eselect execution module cannot be loaded: either the system is not Gentoo or the eselect binary is not in the path.
[DEBUG ] Error loading module.htpasswd: The htpasswd execution mdule cannot be loaded: htpasswd binary not in path.
[DEBUG ] Error loading module.useradd: useradd execution module not loaded: either pwd python library not available or system not one of Linux, OpenBSD or NetBSD
[DEBUG ] Error loading module.hg: The hg execution module cannot be loaded: hg unavailable.
[DEBUG ] Error loading module.lvs: The lvs execution module cannot be loaded: the ipvsadm binary is not in the path.
[DEBUG ] Error loading module.munin: The munin execution module cannot be loaded: munin-node is not installed.
[DEBUG ] Error loading module.esxi: The esxi execution module failed to load: only available on proxy minions.
[DEBUG ] Error loading module.pacman: The pacman module could not be loaded: unsupported OS family.
[DEBUG ] Error loading module.firewalld: The firewalld execution module cannot be loaded: the firewall-cmd binary is not in the path.
[DEBUG ] Error loading module.dracr: The drac execution module cannot be loaded: racadm binary not in path.
[DEBUG ] Error loading module.test_virtual: The test_virtual execution module failed to load.
[DEBUG ] Error loading module.nagios: The nagios execution module cannot be loaded: nagios-plugins are not installed.
[DEBUG ] Error loading module.dockercompose: The dockercompose execution module not loaded: compose python library not available.
[DEBUG ] Error loading module.riak: The riak execution module failed to load: the riak binary is not in the path.
[DEBUG ] Error loading module.mac_timezone: The mac_timezone module could not be loaded: module only works on Mac OS X systems.
[DEBUG ] Error loading module.mongodb: The mongodb execution module cannot be loaded: the pymongo library is not available.
[DEBUG ] Error loading module.rest_service: The rest_service execution module failed to load: only works on a rest_sample proxy minion.
[DEBUG ] Error loading module.drac: The drac execution module cannot be loaded: racadm binary not in path.
[DEBUG ] Error loading module.splunk: The splunk execution module failed to load: requires splunk python library to be installed.
[DEBUG ] Error loading module.svn: The svn execution module cannot be loaded: svn unavailable.
[DEBUG ] Error loading module.rallydev: The rallydev execution module failed to load: rallydev:username not defined in config.
[DEBUG ] Error loading module.tomcat: Tomcat execution module not loaded: neither Tomcat installed locally nor tomcat-manager credentials set in grains/pillar/config.
[DEBUG ] Error loading module.monit: The monit execution module cannot be loaded: the monit binary is not in the path.
[DEBUG ] Error loading module.oracle: The oracle execution module not loaded: python oracle library not found.
[DEBUG ] Error loading module.linux_lvm: The linux_lvm execution module cannot be loaded: the lvm binary is not in the path.
[DEBUG ] Could not LazyLoad pkg.ex_mod_init
[INFO ] Running state [git-base] at time 18:23:45.985937
[INFO ] Executing state pkg.installed for git-base
[INFO ] Executing command '/opt/local/bin/pkgin ls' in directory '/root'
[DEBUG ] Could not LazyLoad pkg.normalize_name
[DEBUG ] Could not LazyLoad pkg.hold
[INFO ] Package git-base is already installed
[INFO ] Completed state [git-base] at time 18:23:46.481156 duration_in_ms=495.219
[DEBUG ] lzma module is not available
[DEBUG ] Registered VCS backend: git
[DEBUG ] Registered VCS backend: hg
[DEBUG ] Registered VCS backend: svn
[DEBUG ] Registered VCS backend: bzr
[DEBUG ] LazyLoaded pip.installed
[INFO ] Running state [progressbar] at time 18:23:46.851400
[INFO ] Executing state pip.installed for progressbar
[DEBUG ] Installed pip version: 8.1.1
[INFO ] Executing command ['/opt/salt/bin/pip', 'freeze'] in directory '/root'
[DEBUG ] stdout: backports-abc==0.4
backports.ssl-match-hostname==3.5.0.1
certifi==2016.2.28
CherryPy==3.8.0
croniter==0.3.12
enum34==1.1.2
futures==3.0.5
gitdb==0.6.4
GitPython==1.0.2
gnupg==2.0.2
ioflo==1.5.1
Jinja2==2.8
libnacl==1.4.4
M2Crypto==0.22.3
MarkupSafe==0.23
msgpack-python==0.4.7
progressbar==2.3
psutil==4.1.0
pycrypto==2.6.1
python-dateutil==2.4.0
PyYAML==3.11
pyzmq==14.4.1
raet==0.6.5
requests==2.9.1
salt===2016.3.0rc1-112-g1af2e41
singledispatch==3.4.0.3
six==1.10.0
smmap==0.9.0
timelib==0.2.4
tornado==4.3
virtualenv==13.1.2
[DEBUG ] CLEANUP_REQUIREMENTS: []
[DEBUG ] TRY BLOCK: end of pip.install -- cmd: ['/opt/salt/bin/pip', 'install'], cmd_kwargs: {'runas': None, 'use_vt': False, 'saltenv': 'base', 'env': {'VIRTUAL_ENV': '/opt/salt'}}
[INFO ] Executing command ['/opt/salt/bin/pip', 'install'] in directory '/root'
[DEBUG ] stderr: You must give at least one requirement to install (see "pip help install")
[INFO ] Python package progressbar was already installed
All packages were successfully installed
[INFO ] Completed state [progressbar] at time 18:23:48.688345 duration_in_ms=1836.945
[INFO ] Running state [/salt/config/master] at time 18:23:48.690029
[INFO ] Executing state file.managed for /salt/config/master
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/_files/master.conf.default' to resolve 'salt://role/salt/_files/master.conf.default'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/_files/master.conf.default' to resolve 'salt://role/salt/_files/master.conf.default'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/_files/master.conf.default'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/salt/_files/master.conf.default' to resolve 'salt://role/salt/_files/master.conf.default'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/salt/_files/master.conf.default' to resolve 'salt://role/salt/_files/master.conf.default'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/salt/_files/master.conf.default'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[INFO ] File /salt/config/master is in the correct state
[INFO ] Completed state [/salt/config/master] at time 18:23:48.812349 duration_in_ms=122.32
[INFO ] Running state [/salt/config/master.d] at time 18:23:48.812890
[INFO ] Executing state file.directory for /salt/config/master.d
[INFO ] Directory /salt/config/master.d is in the correct state
[INFO ] Completed state [/salt/config/master.d] at time 18:23:48.816991 duration_in_ms=4.101
[INFO ] Running state [/usr/local/bin/salt] at time 18:23:48.817531
[INFO ] Executing state file.symlink for /usr/local/bin/salt
[INFO ] Symlink /usr/local/bin/salt is present and owned by root:root
[INFO ] Completed state [/usr/local/bin/salt] at time 18:23:48.824935 duration_in_ms=7.404
[INFO ] Running state [/usr/local/bin/salt-key] at time 18:23:48.825435
[INFO ] Executing state file.symlink for /usr/local/bin/salt-key
[INFO ] Symlink /usr/local/bin/salt-key is present and owned by root:root
[INFO ] Completed state [/usr/local/bin/salt-key] at time 18:23:48.832643 duration_in_ms=7.208
[INFO ] Executing command ['git', '--version'] in directory '/root'
[DEBUG ] stdout: git version 2.7.3
[DEBUG ] LazyLoaded git.config_set
[INFO ] Running state [user.email] at time 18:23:48.946137
[INFO ] Executing state git.config_set for user.email
[INFO ] Executing command ['git', 'config', '--local', '--get-all', 'user.email'] in directory '/salt'
[DEBUG ] stdout: salt@cronos.acheron.be
[INFO ] 'user.email' is already set to 'salt@cronos.acheron.be'
[INFO ] Completed state [user.email] at time 18:23:49.056359 duration_in_ms=110.222
[INFO ] Running state [user.name] at time 18:23:49.057424
[INFO ] Executing state git.config_set for user.name
[INFO ] Executing command ['git', 'config', '--local', '--get-all', 'user.name'] in directory '/salt'
[DEBUG ] stdout: salt
[INFO ] 'user.name' is already set to 'salt'
[INFO ] Completed state [user.name] at time 18:23:49.168390 duration_in_ms=110.966
[DEBUG ] LazyLoaded x509.private_key_managed
[INFO ] Running state [/salt/pki] at time 18:23:49.174642
[INFO ] Executing state file.directory for /salt/pki
[INFO ] Directory /salt/pki is in the correct state
[INFO ] Completed state [/salt/pki] at time 18:23:49.179172 duration_in_ms=4.53
[INFO ] Running state [/salt/pki/ca.key] at time 18:23:49.180526
[INFO ] Executing state x509.private_key_managed for /salt/pki/ca.key
[INFO ] Determining if input is PEM text or a file: /salt/pki/ca.key
[INFO ] Determining if input is PEM text or a file: -----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAx+1kj7a04PmSNUqioUDPqPWxtAylp0Bm8kSyhOjBQ1c0UxuF
KPvXveNFh4mxTH2OYeck2gczJZsewM9ruPl8LMbhLSH/AuvsFVVpydPevrM+ktEJ
0eOvsCxf4aUYHqZlSnCMR/0gitn9ahDuseSYOC2eaFxBryswrZ6YqHrQtb7XmOQI
r/x5HAoqwQxRpVmcGcTGoOiSDU76lHvwXz9t2I4UzdtzZ+zAqS/9ZpAQzVPR491x
qe4biIbsE5GPdMiGe4LhwXYmUjeVi/RKp/UtnU8P1MCNApY0BlUAhAMJQ4wEecMz
ZXDrOPdZ9Ja6jSA0IYc4BzkhIyawJ1LNh1JRNw0O8nrCAKmExrbxiElYT9xqBqfV
Ra+wCbKJNAmSYHLwLlIXx6TqkDL4Bt+Pg18rm78fiqnYNHuVUxLgWgbLtDjl7tmg
cn5Yu21zsq58KupHE+z7lKim1CIv4035LlXz8WXYI9n5zqAiGjqrHlb2yJIy8XYq
XI5ShjJdprGsp99xaS4/ZIGjlS+Q7rt1yCmARQ0JXQmBmTE8ftUsU+6LujI97Aq1
oingizCQLC28boDM1ASJjWUwD34aJ7vtaL7VsmOVgsEa1gwq/6+2CcO7387UXhmB
V2bFqTh3ufGE/6InKGyHsOrLG5zFMFbWYGbXOg2EJaDOqsCPfVANMHbsxwkCAwEA
AQKCAgAM4TA/SefxLmLK6Bn+BWzbV6ixDreFRNLc/Kv7f/sjWXTXfchgUYkehIuw
JaC0aspHaFqpaRlUbN/YUASCkB/9ynorLCt/hq9Y2H3OMMYCxw1a6/iT+vUQhmtO
4BHjt5iC6SlAYgA8sbpvoNOfxjhANkAkPP1GSaQDK1puUCst6jN9eANPQxaSRd1n
PmHsIw+5YUHij9kI3nOqKSndGPr8nnqcoGyY31myDJNojhNnBuVYpqVx6xL/AqIm
yJPTVC/FuTLOAcyKM2aA86XzmAnuPm+opxbuebq0RbmYx5FLNrP7HCYtfM7KhrTW
2vb9rHtvRYTIgleuKgnjHqR6+USeCASBUQeRVLu/ENnHM2aTM4ob6Hf/JuSKEo/3
4IGAamh2kymAIZDgRlEPyAOmtY6cAdJSHD0dO9bTZ+D4EymBHzN69AeRH3obcj8i
EcY0g9teQ8/YVDogalTCGv8cVo+UOOd9jTMc7DZAghfZSUk1lrloEgDdu3hqYbad
KGKPN5x3635Bmb9t6PTBqJG+fWfpyJ4PbXUGK2/NOwqDeWcI/9kkz24Rm4ar8HaA
YPU++P6K511rydw7Kv2w9LAPb1bWxaHY9NETQs7CH2H6qnE5QXGtyot5QVlWJ1bK
VVew6if4+TUCVQl6c2yxvvg7xJzWUL2HfkMIeS+EcMfxGFl62QKCAQEA+GqAKB7W
20bJVceeUlw7VYXdX+qgRMdxtfcrq21WjqIipl+mKEAl22iptbyZdmaEkGsweo7R
/aMJ0+rzRLUPPk3k9mQ5HdJqo7AwmSaMmQ0WH1jw86C96ciOs1YugyU3G/8pBbvp
M/sfTfIYpP88Sd3Dcq2sCDrEnypYS/WcTNBtIHQlUmtb3jMia0V5oY9H+CKFrxRQ
5Ct/epK3bl1ST/aqOtT6z9qGrUnObkDTN7iEtjrfG9vRddiffqD8Yb63j/dLL6Uw
NnYprSlaAr0oW4/hqaNFAipNuxvdDaF+QFcOFajeC7hg8o6NvYdCeJLC6GUbNiAb
8JMH/ATntbXhZwKCAQEAzgftj5US/RuuwrwKZL9JotM3jkI5zC96VH0GwzMr2k62
rv0tEG6joVUG/yvhtf/PuoImnHnsrnNc2U/fDLHaLGYv/vl0vF9VAti2DY557sNC
2vfiKBS4sZodrw66HQeOPQKrPAIaVkClSZf0CtPXeUPpSiFjvWH7aap2HPhvAOHF
XRfxsWaR0jxKWmlcSTh3Kvt0Tia55xSYWE+6GHcFmh1CBQ/DwNfYqmsPUcG0X6o0
gswf9abiw3Gt7mlmNx2kk06/9McD02aulrwZmL197ZJjMwjkYcgi0Ns3Olo2cl9/
CvTsNsM1F6Z+90tQFcO9/fXqiRavDo/SzxkG40GeDwKCAQADFtf3J8MGQRAZ5/yZ
C5qVSq/hFHrfwBcy6xr468gqx+tkZEYdtAaEfv21S94gsc+uOBcHPyVvYQqrPv29
ef7xiGhzg/WN4GMBHBzOmsMe2CHRS/rbHMGf2aWkp0q2yMyxpW+uKZMR2WqfPoZ9
7sqiJIbcszozc/+j9xPYBfrmnaTtxWP9bWZcEgi4ismjb7O2az98WOVUoRHZxV9Q
mQqAAhJF3wYrdY09NHDDwDygMcQ8u+iwYQBu1b3OBlR9JrEDslCWDBjYZInKJHyB
EjchRF3LDUO7bik/TW5nT/3Q8QQ00r/IJ4fVHF6436i89R5FY5R+DNIsILf1s13q
TZO7AoIBADQPbMfLM3EhfZdXTIkIjOLH3FHmChS+KnsO3JaWZ45SNXciIjD0xAQQ
KCRyQiZq7WKDYJ5JcLTkEaIXvJTInAh8CcSz4/t1W1XMzLPAPK9IR6xs1oiqM8Es
4DNL1VtgfWCNPBd9sIn668kczF2wCdJqhphkt38zMwQQPqgzXlkqs2RCmJ/q+w3U
jjUqSld2HSaPQ2Q8BN2PJq+p9awY5yF6IySER0KDSAxH4ScXeyxxJbOnQKwh70rT
fs+vclSa+OsACyEe6KiSWatc/FrMBvXw93/9zzemCqYbvmjQQtHDr6ZlHQr5aIEB
YTO7pBDb1TZG3WymfrV/QhVyjXr/KaECggEAfszQ6Wry8CCiDpgUpqNeM9SKES/z
Is0vXx6iXHLmbV2t0bxQWcqejsvFsWpG+CkizxtRjLEqD2MU2WHM0wINNaWL8FK6
P4NzDheCXxfKV+jiFt3IT57A0ejRWwrQQbFKw/WC4Pn6dsgawk/lSSrP/ngKCQWs
M5VvrxjB5uUptFumoniwFL1Fyx/eVIBBVKCpLqrlCHLPJ0GN9ZW4Hs5jq5r6D8CN
PUC3LosfC0qYhQpNR+4pTXATChXWQfuJnKJxqeixmhyIRaOPiTCa7gEvvu6VWz15
XwAL7nNeiO5goFDf7X+NUfFcGYUu3C93MBahfSMHwNrxB1to33Ddg1/GUw==
-----END RSA PRIVATE KEY-----
[INFO ] The Private key is already in the correct state
[INFO ] Completed state [/salt/pki/ca.key] at time 18:23:49.184916 duration_in_ms=4.39
[INFO ] Running state [/salt/pki/ca.crt] at time 18:23:49.187321
[INFO ] Executing state x509.certificate_managed for /salt/pki/ca.crt
[INFO ] Determining if input is PEM text or a file: /salt/pki/ca.crt
[INFO ] Determining if input is PEM text or a file: -----BEGIN CERTIFICATE-----
MIIGODCCBCCgAwIBAgIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQAwajELMAkGA1UE
BhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAw
DgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24u
YmUwHhcNMTYwMzI1MTcyMzIzWhcNMjYwMzIzMTcyMzIzWjBqMQswCQYDVQQGEwJC
RTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV
BAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMftZI+2tOD5kjVKoqFAz6j1
sbQMpadAZvJEsoTowUNXNFMbhSj7173jRYeJsUx9jmHnJNoHMyWbHsDPa7j5fCzG
4S0h/wLr7BVVacnT3r6zPpLRCdHjr7AsX+GlGB6mZUpwjEf9IIrZ/WoQ7rHkmDgt
nmhcQa8rMK2emKh60LW+15jkCK/8eRwKKsEMUaVZnBnExqDokg1O+pR78F8/bdiO
FM3bc2fswKkv/WaQEM1T0ePdcanuG4iG7BORj3TIhnuC4cF2JlI3lYv0Sqf1LZ1P
D9TAjQKWNAZVAIQDCUOMBHnDM2Vw6zj3WfSWuo0gNCGHOAc5ISMmsCdSzYdSUTcN
DvJ6wgCphMa28YhJWE/cagan1UWvsAmyiTQJkmBy8C5SF8ek6pAy+Abfj4NfK5u/
H4qp2DR7lVMS4FoGy7Q45e7ZoHJ+WLttc7KufCrqRxPs+5SoptQiL+NN+S5V8/Fl
2CPZ+c6gIho6qx5W9siSMvF2KlyOUoYyXaaxrKffcWkuP2SBo5UvkO67dcgpgEUN
CV0JgZkxPH7VLFPui7oyPewKtaIp4IswkCwtvG6AzNQEiY1lMA9+Gie77Wi+1bJj
lYLBGtYMKv+vtgnDu9/O1F4ZgVdmxak4d7nxhP+iJyhsh7DqyxucxTBW1mBm1zoN
hCWgzqrAj31QDTB27McJAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHsMCjcREQLNF8or9HMICIX9xOhYMIGbBgNV
HSMEgZMwgZCAFHsMCjcREQLNF8or9HMICIX9xOhYoW6kbDBqMQswCQYDVQQGEwJC
RTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV
BAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYII
WGgENbAtzcgwDQYJKoZIhvcNAQELBQADggIBAD3dGVEXAoFLyC542oV0ph9v8RSG
WM07fJFvcRh7Hfvdq6MnIGpMuh6DeJ+QIJqUJ3MZZ1gq9PPrHHGw4J2eecSauE8W
fZDJplvwzdtIvTIoe5jKbLiZCYdoDcQdjUWBcTA7Dwutuz6yEuBYE2dv8hkgScaa
9drWV5GVAejJlJSaVZbwl20jJsWpo2v9Q3cikpI7IW9MX5EH9i2LP2iU6ijaecqA
UNh5w3BJNLMlEyABTCNdqZaxHQFd8OHWO3C6jHXpRJ7Q70O1XW8FtsxuOjLuMxVd
TaWwDaq/lcWLrQVGUxzhpWnhGGDHslpkKa+U/VtYFEJnpD6UQpSgtWDl2L/pNLV3
2wyJmEo/Ywc4MzldLyEPW1WxUN8T8SieBNBMNu6dGJvbKOW6jju4nEVzyler+iCQ
BmcqFNDjGF4lFK84TSGqWYbF+OKZaYtHbIyKnnNckcen99RAA9QwZD/VjwX/klO5
iqHRYq34zjl/WEZRSWV8HK15gIlU6Lm0MQkPPOSkZi+jIHKYSQqDi1i2iTUHWGYG
aZGprEKQmylHf1hTh4i21amx0RIGUKuKIhbUwNC0lLx9tjZcHPm3MSQKO+tyxR2z
VzYmm9LoieuMyTpQR6SvGhgW6zSMdl5SPgv/4ptDSF3dOid6Bq/cauAe1gQHXMBB
xBudTRe48fC/If4Q
-----END CERTIFICATE-----
[INFO ] Determining if input is PEM text or a file: /salt/pki/ca.key
[INFO ] Determining if input is PEM text or a file: -----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAx+1kj7a04PmSNUqioUDPqPWxtAylp0Bm8kSyhOjBQ1c0UxuF
KPvXveNFh4mxTH2OYeck2gczJZsewM9ruPl8LMbhLSH/AuvsFVVpydPevrM+ktEJ
0eOvsCxf4aUYHqZlSnCMR/0gitn9ahDuseSYOC2eaFxBryswrZ6YqHrQtb7XmOQI
r/x5HAoqwQxRpVmcGcTGoOiSDU76lHvwXz9t2I4UzdtzZ+zAqS/9ZpAQzVPR491x
qe4biIbsE5GPdMiGe4LhwXYmUjeVi/RKp/UtnU8P1MCNApY0BlUAhAMJQ4wEecMz
ZXDrOPdZ9Ja6jSA0IYc4BzkhIyawJ1LNh1JRNw0O8nrCAKmExrbxiElYT9xqBqfV
Ra+wCbKJNAmSYHLwLlIXx6TqkDL4Bt+Pg18rm78fiqnYNHuVUxLgWgbLtDjl7tmg
cn5Yu21zsq58KupHE+z7lKim1CIv4035LlXz8WXYI9n5zqAiGjqrHlb2yJIy8XYq
XI5ShjJdprGsp99xaS4/ZIGjlS+Q7rt1yCmARQ0JXQmBmTE8ftUsU+6LujI97Aq1
oingizCQLC28boDM1ASJjWUwD34aJ7vtaL7VsmOVgsEa1gwq/6+2CcO7387UXhmB
V2bFqTh3ufGE/6InKGyHsOrLG5zFMFbWYGbXOg2EJaDOqsCPfVANMHbsxwkCAwEA
AQKCAgAM4TA/SefxLmLK6Bn+BWzbV6ixDreFRNLc/Kv7f/sjWXTXfchgUYkehIuw
JaC0aspHaFqpaRlUbN/YUASCkB/9ynorLCt/hq9Y2H3OMMYCxw1a6/iT+vUQhmtO
4BHjt5iC6SlAYgA8sbpvoNOfxjhANkAkPP1GSaQDK1puUCst6jN9eANPQxaSRd1n
PmHsIw+5YUHij9kI3nOqKSndGPr8nnqcoGyY31myDJNojhNnBuVYpqVx6xL/AqIm
yJPTVC/FuTLOAcyKM2aA86XzmAnuPm+opxbuebq0RbmYx5FLNrP7HCYtfM7KhrTW
2vb9rHtvRYTIgleuKgnjHqR6+USeCASBUQeRVLu/ENnHM2aTM4ob6Hf/JuSKEo/3
4IGAamh2kymAIZDgRlEPyAOmtY6cAdJSHD0dO9bTZ+D4EymBHzN69AeRH3obcj8i
EcY0g9teQ8/YVDogalTCGv8cVo+UOOd9jTMc7DZAghfZSUk1lrloEgDdu3hqYbad
KGKPN5x3635Bmb9t6PTBqJG+fWfpyJ4PbXUGK2/NOwqDeWcI/9kkz24Rm4ar8HaA
YPU++P6K511rydw7Kv2w9LAPb1bWxaHY9NETQs7CH2H6qnE5QXGtyot5QVlWJ1bK
VVew6if4+TUCVQl6c2yxvvg7xJzWUL2HfkMIeS+EcMfxGFl62QKCAQEA+GqAKB7W
20bJVceeUlw7VYXdX+qgRMdxtfcrq21WjqIipl+mKEAl22iptbyZdmaEkGsweo7R
/aMJ0+rzRLUPPk3k9mQ5HdJqo7AwmSaMmQ0WH1jw86C96ciOs1YugyU3G/8pBbvp
M/sfTfIYpP88Sd3Dcq2sCDrEnypYS/WcTNBtIHQlUmtb3jMia0V5oY9H+CKFrxRQ
5Ct/epK3bl1ST/aqOtT6z9qGrUnObkDTN7iEtjrfG9vRddiffqD8Yb63j/dLL6Uw
NnYprSlaAr0oW4/hqaNFAipNuxvdDaF+QFcOFajeC7hg8o6NvYdCeJLC6GUbNiAb
8JMH/ATntbXhZwKCAQEAzgftj5US/RuuwrwKZL9JotM3jkI5zC96VH0GwzMr2k62
rv0tEG6joVUG/yvhtf/PuoImnHnsrnNc2U/fDLHaLGYv/vl0vF9VAti2DY557sNC
2vfiKBS4sZodrw66HQeOPQKrPAIaVkClSZf0CtPXeUPpSiFjvWH7aap2HPhvAOHF
XRfxsWaR0jxKWmlcSTh3Kvt0Tia55xSYWE+6GHcFmh1CBQ/DwNfYqmsPUcG0X6o0
gswf9abiw3Gt7mlmNx2kk06/9McD02aulrwZmL197ZJjMwjkYcgi0Ns3Olo2cl9/
CvTsNsM1F6Z+90tQFcO9/fXqiRavDo/SzxkG40GeDwKCAQADFtf3J8MGQRAZ5/yZ
C5qVSq/hFHrfwBcy6xr468gqx+tkZEYdtAaEfv21S94gsc+uOBcHPyVvYQqrPv29
ef7xiGhzg/WN4GMBHBzOmsMe2CHRS/rbHMGf2aWkp0q2yMyxpW+uKZMR2WqfPoZ9
7sqiJIbcszozc/+j9xPYBfrmnaTtxWP9bWZcEgi4ismjb7O2az98WOVUoRHZxV9Q
mQqAAhJF3wYrdY09NHDDwDygMcQ8u+iwYQBu1b3OBlR9JrEDslCWDBjYZInKJHyB
EjchRF3LDUO7bik/TW5nT/3Q8QQ00r/IJ4fVHF6436i89R5FY5R+DNIsILf1s13q
TZO7AoIBADQPbMfLM3EhfZdXTIkIjOLH3FHmChS+KnsO3JaWZ45SNXciIjD0xAQQ
KCRyQiZq7WKDYJ5JcLTkEaIXvJTInAh8CcSz4/t1W1XMzLPAPK9IR6xs1oiqM8Es
4DNL1VtgfWCNPBd9sIn668kczF2wCdJqhphkt38zMwQQPqgzXlkqs2RCmJ/q+w3U
jjUqSld2HSaPQ2Q8BN2PJq+p9awY5yF6IySER0KDSAxH4ScXeyxxJbOnQKwh70rT
fs+vclSa+OsACyEe6KiSWatc/FrMBvXw93/9zzemCqYbvmjQQtHDr6ZlHQr5aIEB
YTO7pBDb1TZG3WymfrV/QhVyjXr/KaECggEAfszQ6Wry8CCiDpgUpqNeM9SKES/z
Is0vXx6iXHLmbV2t0bxQWcqejsvFsWpG+CkizxtRjLEqD2MU2WHM0wINNaWL8FK6
P4NzDheCXxfKV+jiFt3IT57A0ejRWwrQQbFKw/WC4Pn6dsgawk/lSSrP/ngKCQWs
M5VvrxjB5uUptFumoniwFL1Fyx/eVIBBVKCpLqrlCHLPJ0GN9ZW4Hs5jq5r6D8CN
PUC3LosfC0qYhQpNR+4pTXATChXWQfuJnKJxqeixmhyIRaOPiTCa7gEvvu6VWz15
XwAL7nNeiO5goFDf7X+NUfFcGYUu3C93MBahfSMHwNrxB1to33Ddg1/GUw==
-----END RSA PRIVATE KEY-----
[INFO ] Determining if input is PEM text or a file: /salt/pki/ca.key
[INFO ] Determining if input is PEM text or a file: -----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAx+1kj7a04PmSNUqioUDPqPWxtAylp0Bm8kSyhOjBQ1c0UxuF
KPvXveNFh4mxTH2OYeck2gczJZsewM9ruPl8LMbhLSH/AuvsFVVpydPevrM+ktEJ
0eOvsCxf4aUYHqZlSnCMR/0gitn9ahDuseSYOC2eaFxBryswrZ6YqHrQtb7XmOQI
r/x5HAoqwQxRpVmcGcTGoOiSDU76lHvwXz9t2I4UzdtzZ+zAqS/9ZpAQzVPR491x
qe4biIbsE5GPdMiGe4LhwXYmUjeVi/RKp/UtnU8P1MCNApY0BlUAhAMJQ4wEecMz
ZXDrOPdZ9Ja6jSA0IYc4BzkhIyawJ1LNh1JRNw0O8nrCAKmExrbxiElYT9xqBqfV
Ra+wCbKJNAmSYHLwLlIXx6TqkDL4Bt+Pg18rm78fiqnYNHuVUxLgWgbLtDjl7tmg
cn5Yu21zsq58KupHE+z7lKim1CIv4035LlXz8WXYI9n5zqAiGjqrHlb2yJIy8XYq
XI5ShjJdprGsp99xaS4/ZIGjlS+Q7rt1yCmARQ0JXQmBmTE8ftUsU+6LujI97Aq1
oingizCQLC28boDM1ASJjWUwD34aJ7vtaL7VsmOVgsEa1gwq/6+2CcO7387UXhmB
V2bFqTh3ufGE/6InKGyHsOrLG5zFMFbWYGbXOg2EJaDOqsCPfVANMHbsxwkCAwEA
AQKCAgAM4TA/SefxLmLK6Bn+BWzbV6ixDreFRNLc/Kv7f/sjWXTXfchgUYkehIuw
JaC0aspHaFqpaRlUbN/YUASCkB/9ynorLCt/hq9Y2H3OMMYCxw1a6/iT+vUQhmtO
4BHjt5iC6SlAYgA8sbpvoNOfxjhANkAkPP1GSaQDK1puUCst6jN9eANPQxaSRd1n
PmHsIw+5YUHij9kI3nOqKSndGPr8nnqcoGyY31myDJNojhNnBuVYpqVx6xL/AqIm
yJPTVC/FuTLOAcyKM2aA86XzmAnuPm+opxbuebq0RbmYx5FLNrP7HCYtfM7KhrTW
2vb9rHtvRYTIgleuKgnjHqR6+USeCASBUQeRVLu/ENnHM2aTM4ob6Hf/JuSKEo/3
4IGAamh2kymAIZDgRlEPyAOmtY6cAdJSHD0dO9bTZ+D4EymBHzN69AeRH3obcj8i
EcY0g9teQ8/YVDogalTCGv8cVo+UOOd9jTMc7DZAghfZSUk1lrloEgDdu3hqYbad
KGKPN5x3635Bmb9t6PTBqJG+fWfpyJ4PbXUGK2/NOwqDeWcI/9kkz24Rm4ar8HaA
YPU++P6K511rydw7Kv2w9LAPb1bWxaHY9NETQs7CH2H6qnE5QXGtyot5QVlWJ1bK
VVew6if4+TUCVQl6c2yxvvg7xJzWUL2HfkMIeS+EcMfxGFl62QKCAQEA+GqAKB7W
20bJVceeUlw7VYXdX+qgRMdxtfcrq21WjqIipl+mKEAl22iptbyZdmaEkGsweo7R
/aMJ0+rzRLUPPk3k9mQ5HdJqo7AwmSaMmQ0WH1jw86C96ciOs1YugyU3G/8pBbvp
M/sfTfIYpP88Sd3Dcq2sCDrEnypYS/WcTNBtIHQlUmtb3jMia0V5oY9H+CKFrxRQ
5Ct/epK3bl1ST/aqOtT6z9qGrUnObkDTN7iEtjrfG9vRddiffqD8Yb63j/dLL6Uw
NnYprSlaAr0oW4/hqaNFAipNuxvdDaF+QFcOFajeC7hg8o6NvYdCeJLC6GUbNiAb
8JMH/ATntbXhZwKCAQEAzgftj5US/RuuwrwKZL9JotM3jkI5zC96VH0GwzMr2k62
rv0tEG6joVUG/yvhtf/PuoImnHnsrnNc2U/fDLHaLGYv/vl0vF9VAti2DY557sNC
2vfiKBS4sZodrw66HQeOPQKrPAIaVkClSZf0CtPXeUPpSiFjvWH7aap2HPhvAOHF
XRfxsWaR0jxKWmlcSTh3Kvt0Tia55xSYWE+6GHcFmh1CBQ/DwNfYqmsPUcG0X6o0
gswf9abiw3Gt7mlmNx2kk06/9McD02aulrwZmL197ZJjMwjkYcgi0Ns3Olo2cl9/
CvTsNsM1F6Z+90tQFcO9/fXqiRavDo/SzxkG40GeDwKCAQADFtf3J8MGQRAZ5/yZ
C5qVSq/hFHrfwBcy6xr468gqx+tkZEYdtAaEfv21S94gsc+uOBcHPyVvYQqrPv29
ef7xiGhzg/WN4GMBHBzOmsMe2CHRS/rbHMGf2aWkp0q2yMyxpW+uKZMR2WqfPoZ9
7sqiJIbcszozc/+j9xPYBfrmnaTtxWP9bWZcEgi4ismjb7O2az98WOVUoRHZxV9Q
mQqAAhJF3wYrdY09NHDDwDygMcQ8u+iwYQBu1b3OBlR9JrEDslCWDBjYZInKJHyB
EjchRF3LDUO7bik/TW5nT/3Q8QQ00r/IJ4fVHF6436i89R5FY5R+DNIsILf1s13q
TZO7AoIBADQPbMfLM3EhfZdXTIkIjOLH3FHmChS+KnsO3JaWZ45SNXciIjD0xAQQ
KCRyQiZq7WKDYJ5JcLTkEaIXvJTInAh8CcSz4/t1W1XMzLPAPK9IR6xs1oiqM8Es
4DNL1VtgfWCNPBd9sIn668kczF2wCdJqhphkt38zMwQQPqgzXlkqs2RCmJ/q+w3U
jjUqSld2HSaPQ2Q8BN2PJq+p9awY5yF6IySER0KDSAxH4ScXeyxxJbOnQKwh70rT
fs+vclSa+OsACyEe6KiSWatc/FrMBvXw93/9zzemCqYbvmjQQtHDr6ZlHQr5aIEB
YTO7pBDb1TZG3WymfrV/QhVyjXr/KaECggEAfszQ6Wry8CCiDpgUpqNeM9SKES/z
Is0vXx6iXHLmbV2t0bxQWcqejsvFsWpG+CkizxtRjLEqD2MU2WHM0wINNaWL8FK6
P4NzDheCXxfKV+jiFt3IT57A0ejRWwrQQbFKw/WC4Pn6dsgawk/lSSrP/ngKCQWs
M5VvrxjB5uUptFumoniwFL1Fyx/eVIBBVKCpLqrlCHLPJ0GN9ZW4Hs5jq5r6D8CN
PUC3LosfC0qYhQpNR+4pTXATChXWQfuJnKJxqeixmhyIRaOPiTCa7gEvvu6VWz15
XwAL7nNeiO5goFDf7X+NUfFcGYUu3C93MBahfSMHwNrxB1to33Ddg1/GUw==
-----END RSA PRIVATE KEY-----
[INFO ] Determining if input is PEM text or a file: /salt/pki/ca.crt
[INFO ] Determining if input is PEM text or a file: -----BEGIN CERTIFICATE-----
MIIGODCCBCCgAwIBAgIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQAwajELMAkGA1UE
BhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAw
DgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24u
YmUwHhcNMTYwMzI1MTcyMzIzWhcNMjYwMzIzMTcyMzIzWjBqMQswCQYDVQQGEwJC
RTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV
BAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMftZI+2tOD5kjVKoqFAz6j1
sbQMpadAZvJEsoTowUNXNFMbhSj7173jRYeJsUx9jmHnJNoHMyWbHsDPa7j5fCzG
4S0h/wLr7BVVacnT3r6zPpLRCdHjr7AsX+GlGB6mZUpwjEf9IIrZ/WoQ7rHkmDgt
nmhcQa8rMK2emKh60LW+15jkCK/8eRwKKsEMUaVZnBnExqDokg1O+pR78F8/bdiO
FM3bc2fswKkv/WaQEM1T0ePdcanuG4iG7BORj3TIhnuC4cF2JlI3lYv0Sqf1LZ1P
D9TAjQKWNAZVAIQDCUOMBHnDM2Vw6zj3WfSWuo0gNCGHOAc5ISMmsCdSzYdSUTcN
DvJ6wgCphMa28YhJWE/cagan1UWvsAmyiTQJkmBy8C5SF8ek6pAy+Abfj4NfK5u/
H4qp2DR7lVMS4FoGy7Q45e7ZoHJ+WLttc7KufCrqRxPs+5SoptQiL+NN+S5V8/Fl
2CPZ+c6gIho6qx5W9siSMvF2KlyOUoYyXaaxrKffcWkuP2SBo5UvkO67dcgpgEUN
CV0JgZkxPH7VLFPui7oyPewKtaIp4IswkCwtvG6AzNQEiY1lMA9+Gie77Wi+1bJj
lYLBGtYMKv+vtgnDu9/O1F4ZgVdmxak4d7nxhP+iJyhsh7DqyxucxTBW1mBm1zoN
hCWgzqrAj31QDTB27McJAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHsMCjcREQLNF8or9HMICIX9xOhYMIGbBgNV
HSMEgZMwgZCAFHsMCjcREQLNF8or9HMICIX9xOhYoW6kbDBqMQswCQYDVQQGEwJC
RTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNV
BAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYII
WGgENbAtzcgwDQYJKoZIhvcNAQELBQADggIBAD3dGVEXAoFLyC542oV0ph9v8RSG
WM07fJFvcRh7Hfvdq6MnIGpMuh6DeJ+QIJqUJ3MZZ1gq9PPrHHGw4J2eecSauE8W
fZDJplvwzdtIvTIoe5jKbLiZCYdoDcQdjUWBcTA7Dwutuz6yEuBYE2dv8hkgScaa
9drWV5GVAejJlJSaVZbwl20jJsWpo2v9Q3cikpI7IW9MX5EH9i2LP2iU6ijaecqA
UNh5w3BJNLMlEyABTCNdqZaxHQFd8OHWO3C6jHXpRJ7Q70O1XW8FtsxuOjLuMxVd
TaWwDaq/lcWLrQVGUxzhpWnhGGDHslpkKa+U/VtYFEJnpD6UQpSgtWDl2L/pNLV3
2wyJmEo/Ywc4MzldLyEPW1WxUN8T8SieBNBMNu6dGJvbKOW6jju4nEVzyler+iCQ
BmcqFNDjGF4lFK84TSGqWYbF+OKZaYtHbIyKnnNckcen99RAA9QwZD/VjwX/klO5
iqHRYq34zjl/WEZRSWV8HK15gIlU6Lm0MQkPPOSkZi+jIHKYSQqDi1i2iTUHWGYG
aZGprEKQmylHf1hTh4i21amx0RIGUKuKIhbUwNC0lLx9tjZcHPm3MSQKO+tyxR2z
VzYmm9LoieuMyTpQR6SvGhgW6zSMdl5SPgv/4ptDSF3dOid6Bq/cauAe1gQHXMBB
xBudTRe48fC/If4Q
-----END CERTIFICATE-----
[INFO ] Determining if input is PEM text or a file: -----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx+1kj7a04PmSNUqioUDP
qPWxtAylp0Bm8kSyhOjBQ1c0UxuFKPvXveNFh4mxTH2OYeck2gczJZsewM9ruPl8
LMbhLSH/AuvsFVVpydPevrM+ktEJ0eOvsCxf4aUYHqZlSnCMR/0gitn9ahDuseSY
OC2eaFxBryswrZ6YqHrQtb7XmOQIr/x5HAoqwQxRpVmcGcTGoOiSDU76lHvwXz9t
2I4UzdtzZ+zAqS/9ZpAQzVPR491xqe4biIbsE5GPdMiGe4LhwXYmUjeVi/RKp/Ut
nU8P1MCNApY0BlUAhAMJQ4wEecMzZXDrOPdZ9Ja6jSA0IYc4BzkhIyawJ1LNh1JR
Nw0O8nrCAKmExrbxiElYT9xqBqfVRa+wCbKJNAmSYHLwLlIXx6TqkDL4Bt+Pg18r
m78fiqnYNHuVUxLgWgbLtDjl7tmgcn5Yu21zsq58KupHE+z7lKim1CIv4035LlXz
8WXYI9n5zqAiGjqrHlb2yJIy8XYqXI5ShjJdprGsp99xaS4/ZIGjlS+Q7rt1yCmA
RQ0JXQmBmTE8ftUsU+6LujI97Aq1oingizCQLC28boDM1ASJjWUwD34aJ7vtaL7V
smOVgsEa1gwq/6+2CcO7387UXhmBV2bFqTh3ufGE/6InKGyHsOrLG5zFMFbWYGbX
Og2EJaDOqsCPfVANMHbsxwkCAwEAAQ==
-----END PUBLIC KEY-----
[INFO ] Determining if input is PEM text or a file: -----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx+1kj7a04PmSNUqioUDP
qPWxtAylp0Bm8kSyhOjBQ1c0UxuFKPvXveNFh4mxTH2OYeck2gczJZsewM9ruPl8
LMbhLSH/AuvsFVVpydPevrM+ktEJ0eOvsCxf4aUYHqZlSnCMR/0gitn9ahDuseSY
OC2eaFxBryswrZ6YqHrQtb7XmOQIr/x5HAoqwQxRpVmcGcTGoOiSDU76lHvwXz9t
2I4UzdtzZ+zAqS/9ZpAQzVPR491xqe4biIbsE5GPdMiGe4LhwXYmUjeVi/RKp/Ut
nU8P1MCNApY0BlUAhAMJQ4wEecMzZXDrOPdZ9Ja6jSA0IYc4BzkhIyawJ1LNh1JR
Nw0O8nrCAKmExrbxiElYT9xqBqfVRa+wCbKJNAmSYHLwLlIXx6TqkDL4Bt+Pg18r
m78fiqnYNHuVUxLgWgbLtDjl7tmgcn5Yu21zsq58KupHE+z7lKim1CIv4035LlXz
8WXYI9n5zqAiGjqrHlb2yJIy8XYqXI5ShjJdprGsp99xaS4/ZIGjlS+Q7rt1yCmA
RQ0JXQmBmTE8ftUsU+6LujI97Aq1oingizCQLC28boDM1ASJjWUwD34aJ7vtaL7V
smOVgsEa1gwq/6+2CcO7387UXhmBV2bFqTh3ufGE/6InKGyHsOrLG5zFMFbWYGbX
Og2EJaDOqsCPfVANMHbsxwkCAwEAAQ==
-----END PUBLIC KEY-----
[INFO ] The certificate is already in the correct state
[INFO ] Completed state [/salt/pki/ca.crt] at time 18:23:49.219597 duration_in_ms=32.276
[INFO ] Running state [/salt/pki/issued/] at time 18:23:49.220092
[INFO ] Executing state file.directory for /salt/pki/issued/
[INFO ] Directory /salt/pki/issued is in the correct state
[INFO ] Completed state [/salt/pki/issued/] at time 18:23:49.223908 duration_in_ms=3.816
[INFO ] Running state [/salt/config/minion.d/signing_policies.conf] at time 18:23:49.224349
[INFO ] Executing state file.managed for /salt/config/minion.d/signing_policies.conf
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_files/policies.conf' to resolve 'salt://role/certificate/_files/policies.conf'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_files/policies.conf' to resolve 'salt://role/certificate/_files/policies.conf'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_files/policies.conf'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_files/policies.conf' to resolve 'salt://role/certificate/_files/policies.conf'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_files/policies.conf' to resolve 'salt://role/certificate/_files/policies.conf'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_files/policies.conf'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[INFO ] File /salt/config/minion.d/signing_policies.conf is in the correct state
[INFO ] Completed state [/salt/config/minion.d/signing_policies.conf] at time 18:23:49.276927 duration_in_ms=52.578
[INFO ] Running state [/salt/config/master.d/certificate_signing_peering.conf] at time 18:23:49.277460
[INFO ] Executing state file.managed for /salt/config/master.d/certificate_signing_peering.conf
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_files/peering.conf' to resolve 'salt://role/certificate/_files/peering.conf'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_files/peering.conf' to resolve 'salt://role/certificate/_files/peering.conf'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_files/peering.conf'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_files/peering.conf' to resolve 'salt://role/certificate/_files/peering.conf'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_files/peering.conf' to resolve 'salt://role/certificate/_files/peering.conf'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_files/peering.conf'
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[INFO ] File /salt/config/master.d/certificate_signing_peering.conf is in the correct state
[INFO ] Completed state [/salt/config/master.d/certificate_signing_peering.conf] at time 18:23:49.317555 duration_in_ms=40.095
[DEBUG ] LazyLoaded module.run
[DEBUG ] LazyLoaded service.running
[INFO ] Running state [salt:master] at time 18:23:49.325566
[INFO ] Executing state service.running for salt:master
[INFO ] Executing command '/usr/bin/svcs -H -o FMRI salt:master' in directory '/root'
[DEBUG ] output: svc:/network/salt:master
[INFO ] Executing command '/usr/bin/svcs -aH -o FMRI,STATE -s FMRI' in directory '/root'
[DEBUG ] output: lrc:/etc/rc2_d/S99net_tune legacy_run
svc:/milestone/devices:default online
svc:/milestone/multi-user-server:default online
svc:/milestone/multi-user:default online
svc:/milestone/name-services:default online
svc:/milestone/network:default online
svc:/milestone/single-user:default online
svc:/milestone/sysconfig:default online
svc:/network/datalink-management:default online
svc:/network/dns/client:default online
svc:/network/dns/install:default disabled
svc:/network/dns/multicast:default disabled
svc:/network/inetd-upgrade:default disabled
svc:/network/inetd:default online
svc:/network/initial:default online
svc:/network/install:default disabled
svc:/network/ip-interface-management:default online
svc:/network/ipfilter:default disabled
svc:/network/ipqos:default disabled
svc:/network/ipsec/ike:default disabled
svc:/network/ipsec/ipsecalgs:default online
svc:/network/ipsec/manual-key:default disabled
svc:/network/ipsec/policy:default online
svc:/network/iptun:default online
svc:/network/ipv4-forwarding:default disabled
svc:/network/ipv6-forwarding:default disabled
svc:/network/ldap/client:default disabled
svc:/network/loadbalancer/ilb:default disabled
svc:/network/location:default disabled
svc:/network/login:eklogin disabled
svc:/network/login:klogin disabled
svc:/network/login:rlogin disabled
svc:/network/loopback:default online
svc:/network/netcfg:default disabled
svc:/network/netmask:default disabled
svc:/network/nfs/cbd:default disabled
svc:/network/nfs/client:default disabled
svc:/network/nfs/mapid:default disabled
svc:/network/nfs/nlockmgr:default disabled
svc:/network/nfs/rquota:default disabled
svc:/network/nfs/status:default disabled
svc:/network/nis/client:default disabled
svc:/network/physical:default online
svc:/network/physical:nwam disabled
svc:/network/rexec:default disabled
svc:/network/routing-setup:default online
svc:/network/routing/legacy-routing:ipv4 disabled
svc:/network/routing/legacy-routing:ipv6 disabled
svc:/network/routing/ndp:default online
svc:/network/routing/rdisc:default disabled
svc:/network/routing/ripng:default disabled
svc:/network/routing/route:default disabled
svc:/network/rpc/bind:default disabled
svc:/network/rpc/gss:default disabled
svc:/network/rpc/keyserv:default disabled
svc:/network/rpc/rex:default disabled
svc:/network/salt:master online
svc:/network/salt:minion online
svc:/network/security/ktkt_warn:default disabled
svc:/network/sendmail-client:default disabled
svc:/network/service:default online
svc:/network/shares/group:default disabled
svc:/network/shell:default disabled
svc:/network/shell:kshell disabled
svc:/network/slp:default disabled
svc:/network/smb/client:default disabled
svc:/network/smb/server:default disabled
svc:/network/smtp:sendmail disabled
svc:/network/ssh:default online
svc:/network/vrrp:default disabled
svc:/pkgsrc/postfix:default disabled
svc:/pkgsrc/rsyslog:default online
svc:/smartdc/mdata:execute online
svc:/smartdc/mdata:fetch online
svc:/system/auditd:default disabled
svc:/system/auditset:default disabled
svc:/system/boot-archive:default online
svc:/system/consadm:default disabled
svc:/system/console-login:default online
svc:/system/console-login:ttya disabled
svc:/system/console-login:ttyb disabled
svc:/system/console-login:ttyc disabled
svc:/system/console-login:ttyd disabled
svc:/system/console-login:vt2 disabled
svc:/system/console-login:vt3 disabled
svc:/system/console-login:vt4 disabled
svc:/system/console-login:vt5 disabled
svc:/system/console-login:vt6 disabled
svc:/system/coreadm:default online
svc:/system/cron:default online
svc:/system/cryptosvc:default online
svc:/system/device/allocate:default disabled
svc:/system/device/local:default online
svc:/system/device/mpxio-upgrade:default disabled
svc:/system/early-manifest-import:default online
svc:/system/extended-accounting:flow disabled
svc:/system/extended-accounting:net disabled
svc:/system/extended-accounting:process disabled
svc:/system/extended-accounting:task disabled
svc:/system/filesystem/autofs:default disabled
svc:/system/filesystem/local:default online
svc:/system/filesystem/minimal:default online
svc:/system/filesystem/reparse:default disabled
svc:/system/filesystem/root:default online
svc:/system/filesystem/smartdc:default online
svc:/system/filesystem/usr:default online
svc:/system/fm/notify-params:default disabled
svc:/system/fm/smtp-notify:default disabled
svc:/system/fm/snmp-notify:default disabled
svc:/system/fmd:default disabled
svc:/system/hostid:default online
svc:/system/hotplug:default disabled
svc:/system/identity:domain online
svc:/system/identity:node online
svc:/system/idmap:default disabled
svc:/system/keymap:default online
svc:/system/logadm-upgrade:default online
svc:/system/manifest-import:default online
svc:/system/name-service-cache:default online
svc:/system/pfexec:default online
svc:/system/rbac:default online
svc:/system/rcap:default disabled
svc:/system/rmtmpfiles:default online
svc:/system/sac:default online
svc:/system/sar:default disabled
svc:/system/svc/global:default disabled
svc:/system/svc/restarter:default online
svc:/system/sysidtool:net online
svc:/system/sysidtool:system online
svc:/system/system-log:default disabled
svc:/system/utmp:default online
svc:/system/vtdaemon:default disabled
svc:/system/zoneinit:default online
[INFO ] Executing command '/usr/bin/svcs -H -o STATE salt:master' in directory '/root'
[DEBUG ] output: online
[INFO ] Executing command '/usr/bin/svcs -H -o FMRI salt:master' in directory '/root'
[DEBUG ] output: svc:/network/salt:master
[INFO ] Executing command '/usr/sbin/svccfg -s svc:/network/salt:master listprop general/enabled' in directory '/root'
[DEBUG ] output: general/enabled boolean true
[INFO ] The service salt:master is already running
[INFO ] Completed state [salt:master] at time 18:23:50.071170 duration_in_ms=745.604
[INFO ] Running state [salt:minion] at time 18:23:50.075918
[INFO ] Executing state service.running for salt:minion
[INFO ] Executing command '/usr/bin/svcs -H -o FMRI salt:minion' in directory '/root'
[DEBUG ] output: svc:/network/salt:minion
[INFO ] Executing command '/usr/bin/svcs -aH -o FMRI,STATE -s FMRI' in directory '/root'
[DEBUG ] output: lrc:/etc/rc2_d/S99net_tune legacy_run
svc:/milestone/devices:default online
svc:/milestone/multi-user-server:default online
svc:/milestone/multi-user:default online
svc:/milestone/name-services:default online
svc:/milestone/network:default online
svc:/milestone/single-user:default online
svc:/milestone/sysconfig:default online
svc:/network/datalink-management:default online
svc:/network/dns/client:default online
svc:/network/dns/install:default disabled
svc:/network/dns/multicast:default disabled
svc:/network/inetd-upgrade:default disabled
svc:/network/inetd:default online
svc:/network/initial:default online
svc:/network/install:default disabled
svc:/network/ip-interface-management:default online
svc:/network/ipfilter:default disabled
svc:/network/ipqos:default disabled
svc:/network/ipsec/ike:default disabled
svc:/network/ipsec/ipsecalgs:default online
svc:/network/ipsec/manual-key:default disabled
svc:/network/ipsec/policy:default online
svc:/network/iptun:default online
svc:/network/ipv4-forwarding:default disabled
svc:/network/ipv6-forwarding:default disabled
svc:/network/ldap/client:default disabled
svc:/network/loadbalancer/ilb:default disabled
svc:/network/location:default disabled
svc:/network/login:eklogin disabled
svc:/network/login:klogin disabled
svc:/network/login:rlogin disabled
svc:/network/loopback:default online
svc:/network/netcfg:default disabled
svc:/network/netmask:default disabled
svc:/network/nfs/cbd:default disabled
svc:/network/nfs/client:default disabled
svc:/network/nfs/mapid:default disabled
svc:/network/nfs/nlockmgr:default disabled
svc:/network/nfs/rquota:default disabled
svc:/network/nfs/status:default disabled
svc:/network/nis/client:default disabled
svc:/network/physical:default online
svc:/network/physical:nwam disabled
svc:/network/rexec:default disabled
svc:/network/routing-setup:default online
svc:/network/routing/legacy-routing:ipv4 disabled
svc:/network/routing/legacy-routing:ipv6 disabled
svc:/network/routing/ndp:default online
svc:/network/routing/rdisc:default disabled
svc:/network/routing/ripng:default disabled
svc:/network/routing/route:default disabled
svc:/network/rpc/bind:default disabled
svc:/network/rpc/gss:default disabled
svc:/network/rpc/keyserv:default disabled
svc:/network/rpc/rex:default disabled
svc:/network/salt:master online
svc:/network/salt:minion online
svc:/network/security/ktkt_warn:default disabled
svc:/network/sendmail-client:default disabled
svc:/network/service:default online
svc:/network/shares/group:default disabled
svc:/network/shell:default disabled
svc:/network/shell:kshell disabled
svc:/network/slp:default disabled
svc:/network/smb/client:default disabled
svc:/network/smb/server:default disabled
svc:/network/smtp:sendmail disabled
svc:/network/ssh:default online
svc:/network/vrrp:default disabled
svc:/pkgsrc/postfix:default disabled
svc:/pkgsrc/rsyslog:default online
svc:/smartdc/mdata:execute online
svc:/smartdc/mdata:fetch online
svc:/system/auditd:default disabled
svc:/system/auditset:default disabled
svc:/system/boot-archive:default online
svc:/system/consadm:default disabled
svc:/system/console-login:default online
svc:/system/console-login:ttya disabled
svc:/system/console-login:ttyb disabled
svc:/system/console-login:ttyc disabled
svc:/system/console-login:ttyd disabled
svc:/system/console-login:vt2 disabled
svc:/system/console-login:vt3 disabled
svc:/system/console-login:vt4 disabled
svc:/system/console-login:vt5 disabled
svc:/system/console-login:vt6 disabled
svc:/system/coreadm:default online
svc:/system/cron:default online
svc:/system/cryptosvc:default online
svc:/system/device/allocate:default disabled
svc:/system/device/local:default online
svc:/system/device/mpxio-upgrade:default disabled
svc:/system/early-manifest-import:default online
svc:/system/extended-accounting:flow disabled
svc:/system/extended-accounting:net disabled
svc:/system/extended-accounting:process disabled
svc:/system/extended-accounting:task disabled
svc:/system/filesystem/autofs:default disabled
svc:/system/filesystem/local:default online
svc:/system/filesystem/minimal:default online
svc:/system/filesystem/reparse:default disabled
svc:/system/filesystem/root:default online
svc:/system/filesystem/smartdc:default online
svc:/system/filesystem/usr:default online
svc:/system/fm/notify-params:default disabled
svc:/system/fm/smtp-notify:default disabled
svc:/system/fm/snmp-notify:default disabled
svc:/system/fmd:default disabled
svc:/system/hostid:default online
svc:/system/hotplug:default disabled
svc:/system/identity:domain online
svc:/system/identity:node online
svc:/system/idmap:default disabled
svc:/system/keymap:default online
svc:/system/logadm-upgrade:default online
svc:/system/manifest-import:default online
svc:/system/name-service-cache:default online
svc:/system/pfexec:default online
svc:/system/rbac:default online
svc:/system/rcap:default disabled
svc:/system/rmtmpfiles:default online
svc:/system/sac:default online
svc:/system/sar:default disabled
svc:/system/svc/global:default disabled
svc:/system/svc/restarter:default online
svc:/system/sysidtool:net online
svc:/system/sysidtool:system online
svc:/system/system-log:default disabled
svc:/system/utmp:default online
svc:/system/vtdaemon:default disabled
svc:/system/zoneinit:default online
[INFO ] Executing command '/usr/bin/svcs -H -o STATE salt:minion' in directory '/root'
[DEBUG ] output: online
[INFO ] Executing command '/usr/bin/svcs -H -o FMRI salt:minion' in directory '/root'
[DEBUG ] output: svc:/network/salt:minion
[INFO ] Executing command '/usr/sbin/svccfg -s svc:/network/salt:minion listprop general/enabled' in directory '/root'
[DEBUG ] output: general/enabled boolean true
[INFO ] The service salt:minion is already running
[INFO ] Completed state [salt:minion] at time 18:23:50.816864 duration_in_ms=740.946
[DEBUG ] File /var/cache/salt/minion/accumulator/18446741324877741648 does not exist, no need to cleanup.
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] LazyLoaded highstate.output
local:
----------
ID: salt.minion::config
Function: file.managed
Name: /salt/config/minion
Result: True
Comment: File /salt/config/minion is in the correct state
Started: 18:23:43.375987
Duration: 186.919 ms
Changes:
----------
ID: salt.minion::config.d
Function: file.directory
Name: /salt/config/minion.d
Result: True
Comment: Directory /salt/config/minion.d is in the correct state
Started: 18:23:43.563533
Duration: 4.057 ms
Changes:
----------
ID: salt.minion::wrapper
Function: file.symlink
Name: /usr/local/bin/salt-call
Result: True
Comment: Symlink /usr/local/bin/salt-call is present and owned by root:root
Started: 18:23:43.568164
Duration: 9.625 ms
Changes:
----------
ID: salt.minion::schedule-apply
Function: schedule.present
Result: True
Comment: Job salt.minion::schedule-apply in correct state
Started: 18:23:43.579656
Duration: 25.175 ms
Changes:
----------
ID: salt.master::packages
Function: pkg.installed
Name: git-base
Result: True
Comment: Package git-base is already installed
Started: 18:23:45.985937
Duration: 495.219 ms
Changes:
----------
ID: salt.master::packages
Function: pip.installed
Name: progressbar
Result: True
Comment: Python package progressbar was already installed
All packages were successfully installed
Started: 18:23:46.851400
Duration: 1836.945 ms
Changes:
----------
ID: salt.master::config
Function: file.managed
Name: /salt/config/master
Result: True
Comment: File /salt/config/master is in the correct state
Started: 18:23:48.690029
Duration: 122.32 ms
Changes:
----------
ID: salt.master::config.d
Function: file.directory
Name: /salt/config/master.d
Result: True
Comment: Directory /salt/config/master.d is in the correct state
Started: 18:23:48.812890
Duration: 4.101 ms
Changes:
----------
ID: salt.master::wrapper
Function: file.symlink
Name: /usr/local/bin/salt
Result: True
Comment: Symlink /usr/local/bin/salt is present and owned by root:root
Started: 18:23:48.817531
Duration: 7.404 ms
Changes:
----------
ID: salt.master::wrapper
Function: file.symlink
Name: /usr/local/bin/salt-key
Result: True
Comment: Symlink /usr/local/bin/salt-key is present and owned by root:root
Started: 18:23:48.825435
Duration: 7.208 ms
Changes:
----------
ID: salt.master::repo
Function: git.config_set
Name: user.email
Result: True
Comment: 'user.email' is already set to 'salt@cronos.acheron.be'
Started: 18:23:48.946137
Duration: 110.222 ms
Changes:
----------
ID: salt.master::repo
Function: git.config_set
Name: user.name
Result: True
Comment: 'user.name' is already set to 'salt'
Started: 18:23:49.057424
Duration: 110.966 ms
Changes:
----------
ID: certificate.authority::directory
Function: file.directory
Name: /salt/pki
Result: True
Comment: Directory /salt/pki is in the correct state
Started: 18:23:49.174642
Duration: 4.53 ms
Changes:
----------
ID: certificate.authority::private-key
Function: x509.private_key_managed
Name: /salt/pki/ca.key
Result: True
Comment: The Private key is already in the correct state
Started: 18:23:49.180526
Duration: 4.39 ms
Changes:
----------
ID: certificate.authority::certificate
Function: x509.certificate_managed
Name: /salt/pki/ca.crt
Result: True
Comment: The certificate is already in the correct state
Started: 18:23:49.187321
Duration: 32.276 ms
Changes:
----------
ID: certificate.authority::directory-issued
Function: file.directory
Name: /salt/pki/issued/
Result: True
Comment: Directory /salt/pki/issued is in the correct state
Started: 18:23:49.220092
Duration: 3.816 ms
Changes:
----------
ID: certificate.authority::policies
Function: file.managed
Name: /salt/config/minion.d/signing_policies.conf
Result: True
Comment: File /salt/config/minion.d/signing_policies.conf is in the correct state
Started: 18:23:49.224349
Duration: 52.578 ms
Changes:
----------
ID: certificate.authority::peering
Function: file.managed
Name: /salt/config/master.d/certificate_signing_peering.conf
Result: True
Comment: File /salt/config/master.d/certificate_signing_peering.conf is in the correct state
Started: 18:23:49.277460
Duration: 40.095 ms
Changes:
----------
ID: mine.send
Function: module.run
Result: True
Comment: State was not run because none of the onchanges reqs changed
Started:
Duration:
Changes:
----------
ID: salt.master::service
Function: service.running
Name: salt:master
Result: True
Comment: The service salt:master is already running
Started: 18:23:49.325566
Duration: 745.604 ms
Changes:
----------
ID: salt.minion::service
Function: service.running
Name: salt:minion
Result: True
Comment: The service salt:minion is already running
Started: 18:23:50.075918
Duration: 740.946 ms
Changes:
Summary for local
-------------
Succeeded: 21
Failed: 0
-------------
Total states run: 21[root@cronos /salt/states/role/certificate/_files]# salt-call -l debug state.apply role.certificate pillar='{ "certificate": { "managed": { "test.acheron.be": None }}}'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Configuration file path: /opt/local/etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/_schedule.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/_schedule.conf
[DEBUG ] Including configuration from '/opt/local/etc/salt/minion.d/signing_policies.conf'
[DEBUG ] Reading configuration from /opt/local/etc/salt/minion.d/signing_policies.conf
[DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain.
[DEBUG ] Connecting to master. Attempt 1 of 1
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (2291)
[DEBUG ] Setting zmq_reconnect_ivl to '2291ms'
[DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'clear')
[DEBUG ] Decrypting the current master AES key
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] LazyLoaded state.apply
[DEBUG ] LazyLoaded saltutil.is_running
[DEBUG ] LazyLoaded grains.get
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[INFO ] Determining pillar cache
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[INFO ] Loading fresh modules for state activity
[DEBUG ] LazyLoaded jinja.render
[DEBUG ] LazyLoaded yaml.render
[DEBUG ] Could not find file from saltenv 'base', 'salt://role/certificate.sls'
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/init.sls' to resolve 'salt://role/certificate/init.sls'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/init.sls' to resolve 'salt://role/certificate/init.sls'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/init.sls'
[DEBUG ] compile template: /var/cache/salt/minion/files/base/role/certificate/init.sls
[DEBUG ] Jinja search path: '['/var/cache/salt/minion/files/base']'
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/config.jinja' to resolve 'salt://role/certificate/config.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/config.jinja'
[DEBUG ] In saltenv 'base', looking at rel_path '_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/_macros/common.jinja' to resolve 'salt://_macros/common.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://_macros/common.jinja'
[DEBUG ] LazyLoaded grains.filter_by
[DEBUG ] In saltenv 'base', looking at rel_path 'role/certificate/_macros/cert.jinja' to resolve 'salt://role/certificate/_macros/cert.jinja'
[DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/role/certificate/_macros/cert.jinja' to resolve 'salt://role/certificate/_macros/cert.jinja'
[INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://role/certificate/_macros/cert.jinja'
[DEBUG ] LazyLoaded mine.get
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/init.sls' using 'jinja' renderer: 0.213230133057
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/role/certificate/init.sls:
######
## certificate state
## -----------------------------------
######
## import
## variables
## publish authority root cert
certificate::truststore:
file.directory:
- name: /opt/local/etc/openssl/certs
x509.pem_managed:
- name: /opt/local/etc/openssl/certs/internal-ca.crt
- text: -----BEGIN CERTIFICATE-----MIIGODCCBCCgAwIBAgIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQAwajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwHhcNMTYwMzI1MTcyMzIzWhcNMjYwMzIzMTcyMzIzWjBqMQswCQYDVQQGEwJCRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMftZI+2tOD5kjVKoqFAz6j1sbQMpadAZvJEsoTowUNXNFMbhSj7173jRYeJsUx9jmHnJNoHMyWbHsDPa7j5fCzG4S0h/wLr7BVVacnT3r6zPpLRCdHjr7AsX+GlGB6mZUpwjEf9IIrZ/WoQ7rHkmDgtnmhcQa8rMK2emKh60LW+15jkCK/8eRwKKsEMUaVZnBnExqDokg1O+pR78F8/bdiOFM3bc2fswKkv/WaQEM1T0ePdcanuG4iG7BORj3TIhnuC4cF2JlI3lYv0Sqf1LZ1PD9TAjQKWNAZVAIQDCUOMBHnDM2Vw6zj3WfSWuo0gNCGHOAc5ISMmsCdSzYdSUTcNDvJ6wgCphMa28YhJWE/cagan1UWvsAmyiTQJkmBy8C5SF8ek6pAy+Abfj4NfK5u/H4qp2DR7lVMS4FoGy7Q45e7ZoHJ+WLttc7KufCrqRxPs+5SoptQiL+NN+S5V8/Fl2CPZ+c6gIho6qx5W9siSMvF2KlyOUoYyXaaxrKffcWkuP2SBo5UvkO67dcgpgEUNCV0JgZkxPH7VLFPui7oyPewKtaIp4IswkCwtvG6AzNQEiY1lMA9+Gie77Wi+1bJjlYLBGtYMKv+vtgnDu9/O1F4ZgVdmxak4d7nxhP+iJyhsh7DqyxucxTBW1mBm1zoNhCWgzqrAj31QDTB27McJAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHsMCjcREQLNF8or9HMICIX9xOhYMIGbBgNVHSMEgZMwgZCAFHsMCjcREQLNF8or9HMICIX9xOhYoW6kbDBqMQswCQYDVQQGEwJCRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQADggIBAD3dGVEXAoFLyC542oV0ph9v8RSGWM07fJFvcRh7Hfvdq6MnIGpMuh6DeJ+QIJqUJ3MZZ1gq9PPrHHGw4J2eecSauE8WfZDJplvwzdtIvTIoe5jKbLiZCYdoDcQdjUWBcTA7Dwutuz6yEuBYE2dv8hkgScaa9drWV5GVAejJlJSaVZbwl20jJsWpo2v9Q3cikpI7IW9MX5EH9i2LP2iU6ijaecqAUNh5w3BJNLMlEyABTCNdqZaxHQFd8OHWO3C6jHXpRJ7Q70O1XW8FtsxuOjLuMxVdTaWwDaq/lcWLrQVGUxzhpWnhGGDHslpkKa+U/VtYFEJnpD6UQpSgtWDl2L/pNLV32wyJmEo/Ywc4MzldLyEPW1WxUN8T8SieBNBMNu6dGJvbKOW6jju4nEVzyler+iCQBmcqFNDjGF4lFK84TSGqWYbF+OKZaYtHbIyKnnNckcen99RAA9QwZD/VjwX/klO5iqHRYq34zjl/WEZRSWV8HK15gIlU6Lm0MQkPPOSkZi+jIHKYSQqDi1i2iTUHWGYGaZGprEKQmylHf1hTh4i21amx0RIGUKuKIhbUwNC0lLx9tjZcHPm3MSQKO+tyxR2zVzYmm9LoieuMyTpQR6SvGhgW6zSMdl5SPgv/4ptDSF3dOid6Bq/cauAe1gQHXMBBxBudTRe48fC/If4Q-----END CERTIFICATE-----
- require:
- file: certificate::truststore
cmd.wait:
- name: /opt/local/bin/c_rehash
- watch:
- x509: certificate::truststore
certificate::keystore:
file.directory:
- name: /opt/local/etc/pki
certificate.key::test.acheron.be:
x509.private_key_managed:
- name: /opt/local/etc/pki/test.acheron.be.key
- bits: 2048
- require:
- file: certificate::keystore
certificate.crt::test.acheron.be:
x509.certificate_managed:
- ca_server: cronos
- signing_policy: default
- public_key: /opt/local/etc/pki/test.acheron.be.key
- path: /opt/local/etc/pki/test.acheron.be.crt
- CN: test.acheron.be
- days_valid: 90
- days_remaining: 30
- backup: True
- require:
- x509: certificate.key::test.acheron.be
# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2
[DEBUG ] LazyLoaded config.get
[DEBUG ] Results of YAML rendering:
OrderedDict([('certificate::truststore', OrderedDict([('file.directory', [OrderedDict([('name', '/opt/local/etc/openssl/certs')])]), ('x509.pem_managed', [OrderedDict([('name', '/opt/local/etc/openssl/certs/internal-ca.crt')]), OrderedDict([('text', '-----BEGIN CERTIFICATE-----MIIGODCCBCCgAwIBAgIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQAwajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwHhcNMTYwMzI1MTcyMzIzWhcNMjYwMzIzMTcyMzIzWjBqMQswCQYDVQQGEwJCRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMftZI+2tOD5kjVKoqFAz6j1sbQMpadAZvJEsoTowUNXNFMbhSj7173jRYeJsUx9jmHnJNoHMyWbHsDPa7j5fCzG4S0h/wLr7BVVacnT3r6zPpLRCdHjr7AsX+GlGB6mZUpwjEf9IIrZ/WoQ7rHkmDgtnmhcQa8rMK2emKh60LW+15jkCK/8eRwKKsEMUaVZnBnExqDokg1O+pR78F8/bdiOFM3bc2fswKkv/WaQEM1T0ePdcanuG4iG7BORj3TIhnuC4cF2JlI3lYv0Sqf1LZ1PD9TAjQKWNAZVAIQDCUOMBHnDM2Vw6zj3WfSWuo0gNCGHOAc5ISMmsCdSzYdSUTcNDvJ6wgCphMa28YhJWE/cagan1UWvsAmyiTQJkmBy8C5SF8ek6pAy+Abfj4NfK5u/H4qp2DR7lVMS4FoGy7Q45e7ZoHJ+WLttc7KufCrqRxPs+5SoptQiL+NN+S5V8/Fl2CPZ+c6gIho6qx5W9siSMvF2KlyOUoYyXaaxrKffcWkuP2SBo5UvkO67dcgpgEUNCV0JgZkxPH7VLFPui7oyPewKtaIp4IswkCwtvG6AzNQEiY1lMA9+Gie77Wi+1bJjlYLBGtYMKv+vtgnDu9/O1F4ZgVdmxak4d7nxhP+iJyhsh7DqyxucxTBW1mBm1zoNhCWgzqrAj31QDTB27McJAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHsMCjcREQLNF8or9HMICIX9xOhYMIGbBgNVHSMEgZMwgZCAFHsMCjcREQLNF8or9HMICIX9xOhYoW6kbDBqMQswCQYDVQQGEwJCRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQADggIBAD3dGVEXAoFLyC542oV0ph9v8RSGWM07fJFvcRh7Hfvdq6MnIGpMuh6DeJ+QIJqUJ3MZZ1gq9PPrHHGw4J2eecSauE8WfZDJplvwzdtIvTIoe5jKbLiZCYdoDcQdjUWBcTA7Dwutuz6yEuBYE2dv8hkgScaa9drWV5GVAejJlJSaVZbwl20jJsWpo2v9Q3cikpI7IW9MX5EH9i2LP2iU6ijaecqAUNh5w3BJNLMlEyABTCNdqZaxHQFd8OHWO3C6jHXpRJ7Q70O1XW8FtsxuOjLuMxVdTaWwDaq/lcWLrQVGUxzhpWnhGGDHslpkKa+U/VtYFEJnpD6UQpSgtWDl2L/pNLV32wyJmEo/Ywc4MzldLyEPW1WxUN8T8SieBNBMNu6dGJvbKOW6jju4nEVzyler+iCQBmcqFNDjGF4lFK84TSGqWYbF+OKZaYtHbIyKnnNckcen99RAA9QwZD/VjwX/klO5iqHRYq34zjl/WEZRSWV8HK15gIlU6Lm0MQkPPOSkZi+jIHKYSQqDi1i2iTUHWGYGaZGprEKQmylHf1hTh4i21amx0RIGUKuKIhbUwNC0lLx9tjZcHPm3MSQKO+tyxR2zVzYmm9LoieuMyTpQR6SvGhgW6zSMdl5SPgv/4ptDSF3dOid6Bq/cauAe1gQHXMBBxBudTRe48fC/If4Q-----END CERTIFICATE-----')]), OrderedDict([('require', [OrderedDict([('file', 'certificate::truststore')])])])]), ('cmd.wait', [OrderedDict([('name', '/opt/local/bin/c_rehash')]), OrderedDict([('watch', [OrderedDict([('x509', 'certificate::truststore')])])])])])), ('certificate::keystore', OrderedDict([('file.directory', [OrderedDict([('name', '/opt/local/etc/pki')])])])), ('certificate.key::test.acheron.be', OrderedDict([('x509.private_key_managed', [OrderedDict([('name', '/opt/local/etc/pki/test.acheron.be.key')]), OrderedDict([('bits', 2048)]), OrderedDict([('require', [OrderedDict([('file', 'certificate::keystore')])])])])])), ('certificate.crt::test.acheron.be', OrderedDict([('x509.certificate_managed', [OrderedDict([('ca_server', 'cronos')]), OrderedDict([('signing_policy', 'default')]), OrderedDict([('public_key', '/opt/local/etc/pki/test.acheron.be.key')]), OrderedDict([('path', '/opt/local/etc/pki/test.acheron.be.crt')]), OrderedDict([('CN', 'test.acheron.be')]), OrderedDict([('days_valid', 90)]), OrderedDict([('days_remaining', 30)]), OrderedDict([('backup', True)]), OrderedDict([('require', [OrderedDict([('x509', 'certificate.key::test.acheron.be')])])])])]))])
[PROFILE ] Time (in seconds) to render '/var/cache/salt/minion/files/base/role/certificate/init.sls' using 'yaml' renderer: 0.0574162006378
[DEBUG ] LazyLoaded file.directory
[INFO ] Running state [/opt/local/etc/openssl/certs] at time 18:33:01.756165
[INFO ] Executing state file.directory for /opt/local/etc/openssl/certs
[DEBUG ] LazyLoaded file.stats
[INFO ] Directory /opt/local/etc/openssl/certs is in the correct state
[INFO ] Completed state [/opt/local/etc/openssl/certs] at time 18:33:01.775147 duration_in_ms=18.982
[DEBUG ] LazyLoaded x509.get_pem_entry
[DEBUG ] LazyLoaded x509.pem_managed
[INFO ] Running state [/opt/local/etc/openssl/certs/internal-ca.crt] at time 18:33:01.871813
[INFO ] Executing state x509.pem_managed for /opt/local/etc/openssl/certs/internal-ca.crt
[INFO ] Determining if input is PEM text or a file: -----BEGIN CERTIFICATE-----MIIGODCCBCCgAwIBAgIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQAwajELMAkGA1UEBhMCQkUxEzARBgNVBAMMCmFjaGVyb24tY2ExETAPBgNVBAcMCEthcGVsbGVuMRAwDgYDVQQIDAdBbnR3ZXJwMSEwHwYJKoZIhvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwHhcNMTYwMzI1MTcyMzIzWhcNMjYwMzIzMTcyMzIzWjBqMQswCQYDVQQGEwJCRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMftZI+2tOD5kjVKoqFAz6j1sbQMpadAZvJEsoTowUNXNFMbhSj7173jRYeJsUx9jmHnJNoHMyWbHsDPa7j5fCzG4S0h/wLr7BVVacnT3r6zPpLRCdHjr7AsX+GlGB6mZUpwjEf9IIrZ/WoQ7rHkmDgtnmhcQa8rMK2emKh60LW+15jkCK/8eRwKKsEMUaVZnBnExqDokg1O+pR78F8/bdiOFM3bc2fswKkv/WaQEM1T0ePdcanuG4iG7BORj3TIhnuC4cF2JlI3lYv0Sqf1LZ1PD9TAjQKWNAZVAIQDCUOMBHnDM2Vw6zj3WfSWuo0gNCGHOAc5ISMmsCdSzYdSUTcNDvJ6wgCphMa28YhJWE/cagan1UWvsAmyiTQJkmBy8C5SF8ek6pAy+Abfj4NfK5u/H4qp2DR7lVMS4FoGy7Q45e7ZoHJ+WLttc7KufCrqRxPs+5SoptQiL+NN+S5V8/Fl2CPZ+c6gIho6qx5W9siSMvF2KlyOUoYyXaaxrKffcWkuP2SBo5UvkO67dcgpgEUNCV0JgZkxPH7VLFPui7oyPewKtaIp4IswkCwtvG6AzNQEiY1lMA9+Gie77Wi+1bJjlYLBGtYMKv+vtgnDu9/O1F4ZgVdmxak4d7nxhP+iJyhsh7DqyxucxTBW1mBm1zoNhCWgzqrAj31QDTB27McJAgMBAAGjgeEwgd4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHsMCjcREQLNF8or9HMICIX9xOhYMIGbBgNVHSMEgZMwgZCAFHsMCjcREQLNF8or9HMICIX9xOhYoW6kbDBqMQswCQYDVQQGEwJCRTETMBEGA1UEAwwKYWNoZXJvbi1jYTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZYIIWGgENbAtzcgwDQYJKoZIhvcNAQELBQADggIBAD3dGVEXAoFLyC542oV0ph9v8RSGWM07fJFvcRh7Hfvdq6MnIGpMuh6DeJ+QIJqUJ3MZZ1gq9PPrHHGw4J2eecSauE8WfZDJplvwzdtIvTIoe5jKbLiZCYdoDcQdjUWBcTA7Dwutuz6yEuBYE2dv8hkgScaa9drWV5GVAejJlJSaVZbwl20jJsWpo2v9Q3cikpI7IW9MX5EH9i2LP2iU6ijaecqAUNh5w3BJNLMlEyABTCNdqZaxHQFd8OHWO3C6jHXpRJ7Q70O1XW8FtsxuOjLuMxVdTaWwDaq/lcWLrQVGUxzhpWnhGGDHslpkKa+U/VtYFEJnpD6UQpSgtWDl2L/pNLV32wyJmEo/Ywc4MzldLyEPW1WxUN8T8SieBNBMNu6dGJvbKOW6jju4nEVzyler+iCQBmcqFNDjGF4lFK84TSGqWYbF+OKZaYtHbIyKnnNckcen99RAA9QwZD/VjwX/klO5iqHRYq34zjl/WEZRSWV8HK15gIlU6Lm0MQkPPOSkZi+jIHKYSQqDi1i2iTUHWGYGaZGprEKQmylHf1hTh4i21amx0RIGUKuKIhbUwNC0lLx9tjZcHPm3MSQKO+tyxR2zVzYmm9LoieuMyTpQR6SvGhgW6zSMdl5SPgv/4ptDSF3dOid6Bq/cauAe1gQHXMBBxBudTRe48fC/If4Q-----END CERTIFICATE-----
[INFO ] The file is already in the correct state
[INFO ] Completed state [/opt/local/etc/openssl/certs/internal-ca.crt] at time 18:33:01.874750 duration_in_ms=2.937
[DEBUG ] LazyLoaded cmd.wait
[INFO ] Running state [/opt/local/bin/c_rehash] at time 18:33:01.877747
[INFO ] Executing state cmd.wait for /opt/local/bin/c_rehash
[INFO ] No changes made for /opt/local/bin/c_rehash
[INFO ] Completed state [/opt/local/bin/c_rehash] at time 18:33:01.879654 duration_in_ms=1.907
[INFO ] Running state [/opt/local/etc/pki] at time 18:33:01.880274
[INFO ] Executing state file.directory for /opt/local/etc/pki
[INFO ] Directory /opt/local/etc/pki is in the correct state
[INFO ] Completed state [/opt/local/etc/pki] at time 18:33:01.883270 duration_in_ms=2.996
[INFO ] Running state [/opt/local/etc/pki/test.acheron.be.key] at time 18:33:01.884869
[INFO ] Executing state x509.private_key_managed for /opt/local/etc/pki/test.acheron.be.key
[INFO ] Determining if input is PEM text or a file: /opt/local/etc/pki/test.acheron.be.key
[INFO ] Determining if input is PEM text or a file: -----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA3+vZc0HgAYPONSa4p7NdDN75h3h60WVXD4T2kzG732pgInxe
MyqDcoWP+IGBCZOQN9b+7LbnCzBJFShbUCzHx5m5iIgH2qnAg1eFDnOn06N1REts
Y8frMKjIy1CB45V2CnxMSV179A3+ohUFGsIKY0AWppP/0TcWPNP4TIl9DdxscvYS
KtEWaBGPFgYlVJrsf6ccVfwg3IlotKfx5rz7eJfeAbbvCkoeKEwwT9xSBMpoUslx
IhYLqE9qkEcfiaLVrQtrxtQkGbmZ/kW75HsTseKbWJXn6iFZSx0FfV7xfUTWduMP
+3f54ldwMf+BUIA6Hn8f3x3d4JCp/NyQaKO2awIDAQABAoIBAQCZz27BrflJ8Ri/
B8cFYr5C7hKnDIoItby0q1eYSixLzc0VQyqNqOE71CTNxV82jccdpC/dt9FCrTs2
Lk9y5h+gqqZ380C54aqcTYzXHXildn1BmTFt5NBXz0iF59og0vSPRUw9hNp1DPvg
p+GmvKzX+hjU+YpaUqWSyOOg5zwgPQTAU/DO/S7g85+Q1WwPR8H/iVa1V78OOzG/
xiQIuxsIYVfNE5erOCd+adDWSOPTFVWyMMqdME59xh/yK3Kdbr8m43KViiihjSxi
MGnSrTIgz82YmqGHpshCH4mWB2ffPegZxHr21aMf1kKTo5wP7XL2kiiA/WfsX3Sb
cY5fqNcpAoGBAPRD1bwBOePVVY4XCO7FEVee7vmccTjV2TKL0S/SeqG/Ja4sNFIX
PpiIBE+5Uo9M5+j7kD7OVKSUvL5QRiwEYZdH3+UxlFVm7KpFPlt2tZu7U2QdPy6O
sGVlVQoK3bZLQX2181FrWJxvieR90dagzZvWTo+Wa82TVmidIXzJMGxHAoGBAOqt
z8QcPPppAJJYtu5qKkr+dvbWGUzRa1EafevDgECDJxBg1ruYp7/vSO8A2+Y3D+bQ
TAsmvVx27CfCN2oVhQyR7sEoELbsf9MX+c1nPi0tP8xQJS+jyUHHLSJI1RmPb6Sd
231fw8ZNtjjXyDG57lLxpfAAmX3kYQQsf3yAjwq9AoGBAMRfEKJPXgnjBR/xNtY2
CgYmGLsFYSSvDykKrIbEsJ/+Or22fe2NEF6x4r1xIIVh74MnUsSbPgL+LGrXwEI8
13Q2bTIl1Ll/wD324vXHDqN/SsBOnu+/+OHbQC2NpMab46+7qjxHj3pcVUAjQqJI
rmNdO9VFua8Qh0QdJsHaQJqbAoGBALtfR3HHMhClYaV3W6eD8HysK4PtcYnZ8xtw
UXW6RF492STEjO5/dgBTJyJcxzZKZFHfobeNmMeI1AjykpgK0o40vjJOsPm8XlrG
29ZaRlR/ul6A5w/gb8IrKygiirK7yWHf/+1cVs2wInvEHb1GPLjQ47J6aBMSEzvn
42oeoxbpAoGAC0GWP2PV/GPcnIJtE4dv9yrF6garQ4qrxYj2/qD+gMtTjy66UKcU
1IYEt2vst8Lo2Cxgs2P033pc5+mc+SjUpPgB/C5xC+Z8r7X9JTD1xoRm1wZGDGvz
Q04lBgw4cJ+07It8OdBpUwBUdHl66dKldH8cfmHiO2cgMyQbX7+hcOU=
-----END RSA PRIVATE KEY-----
[INFO ] The Private key is already in the correct state
[INFO ] Completed state [/opt/local/etc/pki/test.acheron.be.key] at time 18:33:01.888601 duration_in_ms=3.732
[INFO ] Running state [certificate.crt::test.acheron.be] at time 18:33:01.890475
[INFO ] Executing state x509.certificate_managed for certificate.crt::test.acheron.be
[INFO ] Determining if input is PEM text or a file: /opt/local/etc/pki/test.acheron.be.key
[INFO ] Determining if input is PEM text or a file: -----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA3+vZc0HgAYPONSa4p7NdDN75h3h60WVXD4T2kzG732pgInxe
MyqDcoWP+IGBCZOQN9b+7LbnCzBJFShbUCzHx5m5iIgH2qnAg1eFDnOn06N1REts
Y8frMKjIy1CB45V2CnxMSV179A3+ohUFGsIKY0AWppP/0TcWPNP4TIl9DdxscvYS
KtEWaBGPFgYlVJrsf6ccVfwg3IlotKfx5rz7eJfeAbbvCkoeKEwwT9xSBMpoUslx
IhYLqE9qkEcfiaLVrQtrxtQkGbmZ/kW75HsTseKbWJXn6iFZSx0FfV7xfUTWduMP
+3f54ldwMf+BUIA6Hn8f3x3d4JCp/NyQaKO2awIDAQABAoIBAQCZz27BrflJ8Ri/
B8cFYr5C7hKnDIoItby0q1eYSixLzc0VQyqNqOE71CTNxV82jccdpC/dt9FCrTs2
Lk9y5h+gqqZ380C54aqcTYzXHXildn1BmTFt5NBXz0iF59og0vSPRUw9hNp1DPvg
p+GmvKzX+hjU+YpaUqWSyOOg5zwgPQTAU/DO/S7g85+Q1WwPR8H/iVa1V78OOzG/
xiQIuxsIYVfNE5erOCd+adDWSOPTFVWyMMqdME59xh/yK3Kdbr8m43KViiihjSxi
MGnSrTIgz82YmqGHpshCH4mWB2ffPegZxHr21aMf1kKTo5wP7XL2kiiA/WfsX3Sb
cY5fqNcpAoGBAPRD1bwBOePVVY4XCO7FEVee7vmccTjV2TKL0S/SeqG/Ja4sNFIX
PpiIBE+5Uo9M5+j7kD7OVKSUvL5QRiwEYZdH3+UxlFVm7KpFPlt2tZu7U2QdPy6O
sGVlVQoK3bZLQX2181FrWJxvieR90dagzZvWTo+Wa82TVmidIXzJMGxHAoGBAOqt
z8QcPPppAJJYtu5qKkr+dvbWGUzRa1EafevDgECDJxBg1ruYp7/vSO8A2+Y3D+bQ
TAsmvVx27CfCN2oVhQyR7sEoELbsf9MX+c1nPi0tP8xQJS+jyUHHLSJI1RmPb6Sd
231fw8ZNtjjXyDG57lLxpfAAmX3kYQQsf3yAjwq9AoGBAMRfEKJPXgnjBR/xNtY2
CgYmGLsFYSSvDykKrIbEsJ/+Or22fe2NEF6x4r1xIIVh74MnUsSbPgL+LGrXwEI8
13Q2bTIl1Ll/wD324vXHDqN/SsBOnu+/+OHbQC2NpMab46+7qjxHj3pcVUAjQqJI
rmNdO9VFua8Qh0QdJsHaQJqbAoGBALtfR3HHMhClYaV3W6eD8HysK4PtcYnZ8xtw
UXW6RF492STEjO5/dgBTJyJcxzZKZFHfobeNmMeI1AjykpgK0o40vjJOsPm8XlrG
29ZaRlR/ul6A5w/gb8IrKygiirK7yWHf/+1cVs2wInvEHb1GPLjQ47J6aBMSEzvn
42oeoxbpAoGAC0GWP2PV/GPcnIJtE4dv9yrF6garQ4qrxYj2/qD+gMtTjy66UKcU
1IYEt2vst8Lo2Cxgs2P033pc5+mc+SjUpPgB/C5xC+Z8r7X9JTD1xoRm1wZGDGvz
Q04lBgw4cJ+07It8OdBpUwBUdHl66dKldH8cfmHiO2cgMyQbX7+hcOU=
-----END RSA PRIVATE KEY-----
[DEBUG ] LazyLoaded publish.publish
[INFO ] Publishing 'x509.sign_remote_certificate' to tcp://[2001:6f8:1480:30::130]:4506
[DEBUG ] Re-using SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] Loaded minion key: /opt/local/etc/salt/pki/minion/minion.pem
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[INFO ] Determining if input is PEM text or a file: {'Issuer Public Key': '-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx+1kj7a04PmSNUqioUDP\nqPWxtAylp0Bm8kSyhOjBQ1c0UxuFKPvXveNFh4mxTH2OYeck2gczJZsewM9ruPl8\nLMbhLSH/AuvsFVVpydPevrM+ktEJ0eOvsCxf4aUYHqZlSnCMR/0gitn9ahDuseSY\nOC2eaFxBryswrZ6YqHrQtb7XmOQIr/x5HAoqwQxRpVmcGcTGoOiSDU76lHvwXz9t\n2I4UzdtzZ+zAqS/9ZpAQzVPR491xqe4biIbsE5GPdMiGe4LhwXYmUjeVi/RKp/Ut\nnU8P1MCNApY0BlUAhAMJQ4wEecMzZXDrOPdZ9Ja6jSA0IYc4BzkhIyawJ1LNh1JR\nNw0O8nrCAKmExrbxiElYT9xqBqfVRa+wCbKJNAmSYHLwLlIXx6TqkDL4Bt+Pg18r\nm78fiqnYNHuVUxLgWgbLtDjl7tmgcn5Yu21zsq58KupHE+z7lKim1CIv4035LlXz\n8WXYI9n5zqAiGjqrHlb2yJIy8XYqXI5ShjJdprGsp99xaS4/ZIGjlS+Q7rt1yCmA\nRQ0JXQmBmTE8ftUsU+6LujI97Aq1oingizCQLC28boDM1ASJjWUwD34aJ7vtaL7V\nsmOVgsEa1gwq/6+2CcO7387UXhmBV2bFqTh3ufGE/6InKGyHsOrLG5zFMFbWYGbX\nOg2EJaDOqsCPfVANMHbsxwkCAwEAAQ==\n-----END PUBLIC KEY-----\n', 'Not After': '2016-06-23 17:33:02', 'Subject Hash': '6D:5E:51:36', 'Serial Number': 'C4:31:E2:2D:3A:D7:84:78', 'SHA1 Finger Print': 'AD:20:61:22:C7:CA:E4:5F:82:DA:37:F5:78:53:DB:D3:46:E1:0C:50', 'SHA-256 Finger Print': 'AE:F2:D4:8A:9C:F1:7A:4E:FD:73:E3:FA:A7:16:EC:C1:CA:A0:7E:C4:E0:93:C9:04:C7:7F:BE:F5:40:5B:C6:1B', 'MD5 Finger Print': '17:B0:B2:B2:BC:27:35:51:CF:7E:21:89:50:75:33:3B', 'Version': 3, 'Public Key': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+vZc0HgAYPONSa4p7Nd\nDN75h3h60WVXD4T2kzG732pgInxeMyqDcoWP+IGBCZOQN9b+7LbnCzBJFShbUCzH\nx5m5iIgH2qnAg1eFDnOn06N1REtsY8frMKjIy1CB45V2CnxMSV179A3+ohUFGsIK\nY0AWppP/0TcWPNP4TIl9DdxscvYSKtEWaBGPFgYlVJrsf6ccVfwg3IlotKfx5rz7\neJfeAbbvCkoeKEwwT9xSBMpoUslxIhYLqE9qkEcfiaLVrQtrxtQkGbmZ/kW75HsT\nseKbWJXn6iFZSx0FfV7xfUTWduMP+3f54ldwMf+BUIA6Hn8f3x3d4JCp/NyQaKO2\nawIDAQAB\n-----END PUBLIC KEY-----\n', 'X509v3 Extensions': {'subjectKeyIdentifier': 'A8:99:00:9A:98:61:EB:F2:3D:20:B7:B3:AF:15:6A:88:E5:E1:73:38', 'keyUsage': 'critical Digital Signature, Key Encipherment', 'authorityKeyIdentifier': 'keyid:7B:0C:0A:37:11:11:02:CD:17:CA:2B:F4:73:08:08:85:FD:C4:E8:58\nDirName:/C=BE/CN=acheron-ca/L=Kapellen/ST=Antwerp/emailAddress=certadm@acheron.be\nserial:58:68:04:35:B0:2D:CD:C8\n', 'basicConstraints': 'critical CA:FALSE'}, 'Key Size': 2048, 'Issuer': {'C': 'BE', 'SP': 'Antwerp', 'emailAddress': 'certadm@acheron.be', 'CN': 'acheron-ca', 'L': 'Kapellen'}, 'Issuer Hash': '69:72:5C:41', 'Not Before': '2016-03-25 17:33:02', 'Subject': {'C': 'BE', 'SP': 'Antwerp', 'emailAddress': 'certadm@acheron.be', 'CN': 'test.acheron.be', 'L': 'Kapellen'}}
[ERROR ] An exception occurred in this state: Traceback (most recent call last):
File "/opt/salt/lib/python2.7/site-packages/salt/state.py", line 1703, in call
**cdata['kwargs'])
File "/opt/salt/lib/python2.7/site-packages/salt/loader.py", line 1607, in wrapper
return f(*args, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/states/x509.py", line 429, in certificate_managed
new = __salt__['x509.create_certificate'](testrun=True, **kwargs)
File "/var/cache/salt/minion/extmods/modules/x509.py", line 1100, in create_certificate
pem_type='CERTIFICATE')
File "/var/cache/salt/minion/extmods/modules/x509.py", line 629, in write_pem
text = get_pem_entry(text, pem_type=pem_type)
File "/var/cache/salt/minion/extmods/modules/x509.py", line 351, in get_pem_entry
text = _text_or_file(text)
File "/var/cache/salt/minion/extmods/modules/x509.py", line 268, in _text_or_file
if os.path.isfile(input_):
File "/opt/local/lib/python2.7/genericpath.py", line 37, in isfile
st = os.stat(path)
TypeError: coercing to Unicode: need string or buffer, dict found
[INFO ] Completed state [certificate.crt::test.acheron.be] at time 18:33:02.290050 duration_in_ms=399.575
[DEBUG ] File /var/cache/salt/minion/accumulator/18446741324877745488 does not exist, no need to cleanup.
[DEBUG ] LazyLoaded config.option
[DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506', 'aes')
[DEBUG ] Initializing new SAuth for ('/opt/local/etc/salt/pki/minion', 'cronos', 'tcp://[2001:6f8:1480:30::130]:4506')
[DEBUG ] LazyLoaded highstate.output
local:
----------
ID: certificate::truststore
Function: file.directory
Name: /opt/local/etc/openssl/certs
Result: True
Comment: Directory /opt/local/etc/openssl/certs is in the correct state
Started: 18:33:01.756165
Duration: 18.982 ms
Changes:
----------
ID: certificate::truststore
Function: x509.pem_managed
Name: /opt/local/etc/openssl/certs/internal-ca.crt
Result: True
Comment: The file is already in the correct state
Started: 18:33:01.871813
Duration: 2.937 ms
Changes:
----------
ID: certificate::truststore
Function: cmd.wait
Name: /opt/local/bin/c_rehash
Result: True
Comment:
Started: 18:33:01.877747
Duration: 1.907 ms
Changes:
----------
ID: certificate::keystore
Function: file.directory
Name: /opt/local/etc/pki
Result: True
Comment: Directory /opt/local/etc/pki is in the correct state
Started: 18:33:01.880274
Duration: 2.996 ms
Changes:
----------
ID: certificate.key::test.acheron.be
Function: x509.private_key_managed
Name: /opt/local/etc/pki/test.acheron.be.key
Result: True
Comment: The Private key is already in the correct state
Started: 18:33:01.884869
Duration: 3.732 ms
Changes:
----------
ID: certificate.crt::test.acheron.be
Function: x509.certificate_managed
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/opt/salt/lib/python2.7/site-packages/salt/state.py", line 1703, in call
**cdata['kwargs'])
File "/opt/salt/lib/python2.7/site-packages/salt/loader.py", line 1607, in wrapper
return f(*args, **kwargs)
File "/opt/salt/lib/python2.7/site-packages/salt/states/x509.py", line 429, in certificate_managed
new = __salt__['x509.create_certificate'](testrun=True, **kwargs)
File "/var/cache/salt/minion/extmods/modules/x509.py", line 1100, in create_certificate
pem_type='CERTIFICATE')
File "/var/cache/salt/minion/extmods/modules/x509.py", line 629, in write_pem
text = get_pem_entry(text, pem_type=pem_type)
File "/var/cache/salt/minion/extmods/modules/x509.py", line 351, in get_pem_entry
text = _text_or_file(text)
File "/var/cache/salt/minion/extmods/modules/x509.py", line 268, in _text_or_file
if os.path.isfile(input_):
File "/opt/local/lib/python2.7/genericpath.py", line 37, in isfile
st = os.stat(path)
TypeError: coercing to Unicode: need string or buffer, dict found
Started: 18:33:01.890475
Duration: 399.575 ms
Changes:
Summary for local
------------
Succeeded: 5
Failed: 1
------------
Total states run: 6I also added includes to my minion and master role so the services get restarted on the peering and policies config being dropped in minion.d and master.d, output is a bit longer due to the include.
sjorge
commented
8 years ago hold on, I'm stupid. I did not grab the raw file.
Edit: updated
clinta
commented
8 years ago certificate.crt::test.acheron.be:
x509.certificate_managed:
- ca_server: cronos
- signing_policy: default
- public_key: /opt/local/etc/pki/test.acheron.be.key
- path: /opt/local/etc/pki/test.acheron.be.crt
- CN: test.acheron.be
- days_valid: 90
- days_remaining: 30
- backup: True
- require:
- x509: certificate.key::test.acheron.beThe state expects the path to be specified as -name: rather than -path:. Though since the documentation says that the state should accept any of the keywords that the module does, it should accept it and work as expected.
Fix is in #32175. But if you want to work around for now, just change -path to -name.
sjorge
commented
8 years ago Dropping a patched x509.py in my _states folder, will update after testing. Back to a different error now. One that I though I fixed already. My reply may take a while.
Fixed with #32175, closing.
clinta
commented
8 years ago Do you have your peer.conf setup correctly? And have you restarted the salt-master service since putting it in place?
sjorge
commented
8 years ago Yeah I double checked all that, posted, tripple checked because I was 100% sure I had this before.
It was a stray ' at the end of the peer file. The salt-master should really complain on bad/incorrect peer configs.
All good now :) thanks for tracking this one down.
Description of Issue/Question
I am trying to setup remote singing according to: https://docs.saltstack.com/en/develop/ref/states/all/salt.states.x509.html#module-salt.states.x509
Setup
role.certificate is split into 2 states, authority.sls (the ca) and init.sls for all the clients.
role/certificate/authority.sls
role/certificate/init.sls
role/certificate/config.jinja
role/certificate/_files/signing_policies.conf
role/certificate/_macros/cert.jinja
cronos is both the CA (that work is working) and to keep it simple the client that will request the test certificate.
salt-call pillar.get certificate
Trying to get a simple cert to work before I start adding subject altnames and such but I keep hitting a exception as mentioned above.
Steps to Reproduce Issue
Try to apply the state
Versions Report