17

I am playing around with salt and what my problem is launching instance from Amazon EC2 AMI results minion keys being the same. How do I refresh individual minion to get it's new identity (key)?

James Lin
  • 273

5 Answers5

23

  1. Stop the minion service.

    service salt-minion stop

  2. Delete old identity

    rm /etc/salt/pki/minion/minion.pem
rm /etc/salt/pki/minion/minion.pub
cat /dev/null > /etc/salt/minion_id

  3. Make sure salt will begin on startup

    chkconfig salt-minion on

  4. Create your a new AMI

user325017
  • 246
4

Give the following command a try:

sudo salt 'name_of_host_whose_keys_you_wish_to_regenerate' saltutil.regen_keys

Source: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.regen_keys

Gilles 'SO- stop being evil'
  • 72,151
darnold0714
  • 41
1

Based on user325017's answer.

I adapted this for Ubuntu Bionic Beaver 18.04, since it has systemd:

#!/usr/bin/env bash

systemctl stop salt-minion
rm /etc/salt/pki/minion/minion.pem
rm /etc/salt/pki/minion/minion.pub
cat /dev/null > /etc/salt/minion_id
systemctl enable salt-minion
systemctl start salt-minion
0

On Debian 10 and possibly others, the files have changed location. Do this:

# Stop the service.
service salt-minion stop

Delete key files.


rm /var/lib/salt/pki/minion/minion.pub
rm /var/lib/salt/pki/minion/minion.pem


Edit minion_id to the desired name you want to appear in saltstack.


Or you can rm this file and the minion will create it containing the hostname.


vi /etc/salt/minion_id


Start the service.


service salt-minion start
little_birdie
  • 101
-1

Following @user325017 answer for Windows, tweak step 2 with:

Remove C:\salt\conf\pki\minion\minion.pem Remove C:\salt\conf\pki\minion\minion.pub Edit c:\salt\conf\minion, and update the line with "id:"

raider33
  • 99