SUSE Support

Here When You Need Us

Duplicate salt key found for salt-minion

This document (000021358) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Manager 4.3

Situation

During the verification that a client is properly registered with the SUSE manager server, the client was found to have two salt packages installed: 
 
1.The salt-minion package
<client-ip/name>:~ # systemctl status salt-minion.service
● salt-minion.service - The Salt Minion
    Active: active (running) since Tue 2024-02-13 14:25:55 CET; 11s ago
...
2. The venv-salt-minion package
<client-ip/name>:~ # systemctl status venv-salt-minion.service
● venv-salt-minion.service - The venvjailed Salt Minion
     Active: active (running) since Fri 2024-02-09 16:56:07 CET; 3 days ago
...
NOTE: Both salt services were configured to use the SUSE Manager server. 

On the SUSE Manager server, two different fingerprints can also be seen for the same client:
susemanager:~ # salt-key -F
Local Keys:
master.pem:  6a:ca:...
master.pub:  6a:e4:...
Accepted Keys:
<client-ip/name>:  97:9c:...
Denied Keys:
<client-ip/name>:  93:85:...

Resolution

1. Go to SUSE Manager CLI and delete both of the keys by running: 
salt-key -d <client-ip/name>
2. After the deletion, on the client CLI stop both salt services and then delete only the salt-minion service:
<client-ip/name>:~ # systemctl stop venv-salt-minion.service
<client-ip/name>:~ # systemctl stop salt-minion.service
<client-ip/name>:~ # zypper rm salt-minion.service
NOTE: Also remove the salt minion configuration located at /etc/salt/minion*

3. After deletion, start the venv-salt-minion service
<client-ip/name>:~ # systemctl start venv-salt-minion.service
4. Accept the newly prompted key on the SUSE Manager server.

 

Cause

The system has both the salt-minion and venv-salt-minion packages installed and enabled. 
Both packages are configured with the same master settings, resulting in two keys/fingerprints being sent to the salt-master (SUSE Manager).
However, SUSE Manager rejects one of the keys/fingerprints and marks it as 'denied', while the other key from the same system is displayed as 'accepted'.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021358
  • Creation Date: 13-Feb-2024
  • Modified Date:15-Feb-2024
    • SUSE Manager Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.