I've updated from Fedora 38 to Fedora 40 and salt stopped completely working. salt '*' state.highstate /usr/lib/python3.12/site-packages/salt/ext/tornado/gen.py:1064: DeprecationWarning: the (type, exc, tb) signature of throw() is deprecated, use the single-arg signature instead. yielded = self.gen.throw(*exc_info) There is no current event loop in thread 'Thread-2 (_target)'. $ rpm -q salt salt-3006.7-1.fc40.noarch It looks like something is wrong with the communication between the minion and the master. 2024-05-06 14:59:31,335 [salt.minion :284 ][ERROR ][1390315] Error while bringing up minion for multi-master. Is master at localhost responding? The error message was Unable to sign_in to master: Attempt to authenticate with the salt master failed with timeout error ==> /var/log/salt/master <== 2024-05-06 14:59:41,407 [salt.channel.server:284 ][INFO ][1390378] Authentication request from krikkit 2024-05-06 14:59:41,407 [salt.channel.server:284 ][INFO ][1390378] Authentication accepted from krikkit 2024-05-06 14:59:41,407 [salt.crypt :284 ][DEBUG ][1390378] salt.crypt.get_rsa_pub_key: Loading public key 2024-05-06 14:59:41,444 [salt.utils.event :284 ][DEBUG ][1390378] Sending event: tag = salt/auth; data = {'result': True, 'act': 'accept', 'id': 'krikkit', 'pub': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvRa8zjOS0iQoAZIVhnk\nek3DfDzbD1YegK0BUkeG6PDfhsMQf/BSQuyEABnx8qqTwr6Eh18g2Wv3+NeyZDAO\nESkFZn0vCJHxXQT+MEnAhKewYHTdy9I8W9GGhX8GyLc5/gU4YqUwgAsgclGgmeq1\nxYSpyHQ3Uj2sppr6B3JFsnrmOwzttHdiI/6HUCqvGUb8uk+ZfFzre+VnTa4dq4px\nk3sZjQzH58sUXoIuTk1xYLph4d5ed8SXvoOVtT0ckRWDD6mDMSh3yuDuIwNbQhTX\nehsoBQ+NE/ywTqhmXmrzpHWvzHijUViPdAt2BP23QKxc5adG1LrMEpASaSh3tBiW\noQIDAQAB\n-----END PUBLIC KEY-----', '_stamp': '2024-05-06T12:59:41.444633'} 2024-05-06 14:59:41,445 [salt.crypt :284 ][DEBUG ][1390378] salt.crypt.get_rsa_key: Loading private key 2024-05-06 14:59:41,445 [salt.crypt :284 ][DEBUG ][1390378] salt.crypt.sign_message: Signing message. 2024-05-06 14:59:56,005 [salt.master :284 ][DEBUG ][1390373] Performing fileserver updates for items with an update interval of 60 2024-05-06 14:59:56,006 [salt.master :284 ][DEBUG ][1390373] Updating roots fileserver cache 2024-05-06 14:59:56,012 [salt.master :284 ][DEBUG ][1390373] Completed fileserver updates for items with an update interval of 60, waiting 60 seconds Reproducible: Always
I've removed the keys and recreated them. It doesn't fix the issue.
Does this behavior happen when running in masterless mode? (ie salt-call --local grains.items)
Upstream issue: https://github.com/saltstack/salt/issues/65702
salt-call --local grains.items works for me.
The upstream issue you linked looks like we wont get salt working till Fedora 41.
Can confirm upgrading to Fedora 40 breaks Saltstack completely. Upstream claims python 3.12 is the culprit, and the short-term solution is to use vendor provided packages which ship python 3.10 independently I guess? https://github.com/saltstack/salt/issues/65844 This is a deal breaker for Fedora 39/40 for me, so I'm pausing my upgrade cycle until this is resolved.
Correct, upstream is nowhere near ready to support Python 3.12.
I guess this is still true? I've installed Fedora 41 on my new notebook and salt doesn't work. So it will take me a lot of time to configure it manually without salt :-(
I've found https://github.com/saltstack/salt/issues/66898
Also f41 doesn't package 3006.9 :-(
I've updated the package to 3006.9. Then you need to set the encryption and signing algorithm to use sha2: https://docs.saltproject.io/en/master/ref/configuration/minion.html#encryption-algorithm However the minion is not able to connect to the master, it says it can't find the master public key :-(
Fix: cp /etc/salt/pki/minion/minion.pub /etc/salt/pki/minion/minion_master.pub
2024-11-06 19:54:59,750 [salt.channel.server:284 ][WARNING ][397089] 2 Token failed to decrypt: ValueError('Decryption failed'), enc_algo: OAEP-SHA224 It can't decrypt the token, it looks like it uses the right sha2 encryption algorithm, but something is still wrong with it.
Oh, there is also 3007.1 will package that and try.
Until we get salt sorted out in the Fedora repos, putting this here just as a reference. Upstream is still shipping a bundled Python 3.10 (as of this comment). None of the linked issues seem to show forward progress in supporting newer Python yet. https://docs.saltproject.io/salt/install-guide/en/latest/topics/install-by-operating-system/linux-rpm.html
With 3007.1 everything works for me PR: https://src.fedoraproject.org/rpms/salt/pull-request/11
FEDORA-2024-9a4722dcc2 (salt-3007.1-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2024-9a4722dcc2
FEDORA-2024-9a4722dcc2 (salt-3007.1-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
Keeping this open until we do updates for f40+
When the update is planned to land in F40 and F41?
FEDORA-2025-8a524cd065 (salt-3007.1-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-8a524cd065
I've set the update to 14 days unless 3 people test and validate this fix for F41. Please help test. We are not going to be able to do an update for F40 without cryptography updates and those are unlikely to happen. ERROR No match for argument: python3dist(cryptography) >= 42 ERROR No match for argument: python3dist(pyopenssl) >= 24
FEDORA-2025-8a524cd065 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-8a524cd065` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-8a524cd065 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-8a524cd065 (salt-3007.1-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.