Good day,
I’ve installed salt-master 3006.0-55.1 on openSUSE Tumbleweed 20260226 server.
Opensuse based salt-minion clients have no issues communicating with this salt master.
However, Ubuntu clients that run salt-minion 3006.23 (latest at the time of this writing) have the following in the logs:
Mar 01 02:15:10 myhostname salt-minion[517216]: [ERROR ] The master key has changed, the salt master could have been subverted, verify salt master's public key
Mar 01 02:15:10 myhostname salt-minion[517216]: [CRITICAL] The Salt Master server's public key did not authenticate!
Mar 01 02:15:10 myhostname salt-minion[517216]: The master may need to be updated if it is a version of Salt lower than 3006.23, or
Mar 01 02:15:10 myhostname salt-minion[517216]: If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
Mar 01 02:15:10 myhostname salt-minion[517216]: The master public key can be found at:
Mar 01 02:15:10 myhostname salt-minion[517216]: /etc/salt/pki/minion/minion_master.pub
Mar 01 02:15:10 myhostname salt-minion[517216]: [ERROR ] Error while bringing up minion for multi-master. Is master at 192.x.x.x responding? The error message was Unable to sign_in to master: Invalid master key
What I have tried:
- Confirmed salt-master pub key matches
- Removed the /etc/salt/pki dir on the client, removed minion key on the master, re-registered. That works until minion service restart
- Downgraded to several earlier 3006.x versions
I happen to use salt-master at work with SLES as well and have seen this behaviour with Windows based clients. It always comes down to bringing the version of salt-master to the same version as the client. However, I have no idea what salt-master 3006.0-55.1 maps to, compared to saltstack project version.
Any suggestions?