Salt: Rename salt keys

Created on 26 Aug 2013  路  48Comments  路  Source: saltstack/salt

On rare occasions I need to repurpose a server for something else. It would be practical if it was possible to rename the key.

Core Feature team-core
Source
picture wichert
👍12

Most helpful comment

not stale

picture dafyddj on 15 Jan 2020
👍2

All 48 comments

Ah, so you want a way to change the ID without generating a new key and having to accept it (and delete the key), correct?

This would definitely be useful -- not sure how hard it would be to implement, though.

basepi picture basepi on 27 Aug 2013

Correct: I only want to change the id. The current workaround seems to be a) delete old key on master, b) delete key on minion, c) change id on minion and generate a new key for it, d) accept new key on master.

wichert picture wichert on 27 Aug 2013

Yep, I think you're correct, that's the only way to do it currently.

This would be really cool if we could do it in a secure, consistent way.

basepi picture basepi on 27 Aug 2013

It would be also cool when running in something like AWS EC2 without static IP and specified minion's id, because if we will reload our EC2 instance, it will have a new hostname, based on dynamically assigned IP.

malinoff picture malinoff on 28 Aug 2013

Is the id really tied to the IP address? Based on my understanding of the documentation the ID is just an identifier for the crypto key which is used to identify the remove machine.

wichert picture wichert on 28 Aug 2013

ID is hostname by default. I was talking about Amazon Web Services, which hostname depends on it's ip address.

malinoff picture malinoff on 28 Aug 2013

If the minion ID is set on the configuration file it survives machine restarts.

Pedro Algarvio @ phone

----- Reply message -----
De: "Dmitry Malinovskiy" [email protected]
Para: "saltstack/salt" [email protected]
Assunto: [salt] Rename salt keys (#6896)
Data: qua, Ago 28, 2013 09:36
ID is hostname by default. I was talking about Amazon Web Services, which hostname depends on it's ip address.


Reply to this email directly or view it on GitHub.

s0undt3ch picture s0undt3ch on 28 Aug 2013

:+1:

kamaln7 picture kamaln7 on 8 Dec 2013
👍1

This would be great to have. :+1:

sepulworld picture sepulworld on 17 Mar 2014

:+1:

gtmacdonald picture gtmacdonald on 17 Apr 2014

:+1:

Nucklez picture Nucklez on 23 Apr 2014

:+1: I was just searching for this feature :)

webwurst picture webwurst on 26 Sep 2014

:+1:

Vehyla picture Vehyla on 6 Jan 2015

:+1:

sirshurf picture sirshurf on 10 Feb 2015

:thumbsup:

marclop picture marclop on 27 Feb 2015

:+1:

MrMarvin picture MrMarvin on 5 Mar 2015

:+1:

tkent-xetus picture tkent-xetus on 25 Mar 2015

+1

ghostsquad picture ghostsquad on 26 Apr 2015

:+1:

iamfil picture iamfil on 2 Jun 2015

:+1:

badele picture badele on 14 Aug 2015

+1

CosminG picture CosminG on 19 Aug 2015

@SaltDBray let's try to get thin into boron.

thatch45 picture thatch45 on 20 Aug 2015

:+1:

rhansen picture rhansen on 15 Oct 2015

:+1:

dhpowrhost picture dhpowrhost on 15 Oct 2015

Very +1!!! It would be great to have a way to "rename" a server (change it's hostname) without this hassle:

{quote}
a) delete old key on master, b) delete key on minion, c) change id on minion and generate a new key for it, d) accept new key on master.
{quote}

zerthimon picture zerthimon on 16 Oct 2015

:+1:

zzzuzik picture zzzuzik on 14 Jul 2016

馃憤

taogogo picture taogogo on 8 Aug 2016

馃憤馃徎

lubyou picture lubyou on 5 Jan 2017

+1

kemadz picture kemadz on 23 Feb 2017

:+1:

jdnlab picture jdnlab on 16 Mar 2017

馃憤

kissifrot picture kissifrot on 21 Apr 2017

馃憤

ryanmaclean picture ryanmaclean on 11 Jun 2017

馃憤

joadha picture joadha on 20 Oct 2017

:+1:

Reiner030 picture Reiner030 on 22 Nov 2017

馃憤

Moulde picture Moulde on 30 Jan 2018

馃憤

LumbaJack picture LumbaJack on 7 Feb 2018

+1

christianvv picture christianvv on 7 Mar 2018

馃憤

jcalderin picture jcalderin on 21 Mar 2018

+1

markuskramerIgitt picture markuskramerIgitt on 21 Mar 2018
  • 1
gfraetis picture gfraetis on 28 Jun 2018

+100500

m000v picture m000v on 4 Sep 2018

+1

Helmi-helmutson picture Helmi-helmutson on 21 Dec 2018

+1

adamsewell picture adamsewell on 13 Jan 2019

+1

jfoboss picture jfoboss on 14 Feb 2019

Workaround script:

#!/bin/bash

function usage() {
    cat << EOF

Usage: $0 old-id new-id

EOF
}

if [ $# -eq 0 ] ; then
    usage
    exit 1
fi

OLD=$1
NEW=$2

salt $OLD test.ping && salt $OLD cmd.run "echo $NEW > /etc/salt/minion_id"
salt $OLD service.restart salt-minion
mv -f /etc/salt/pki/master/minions/$OLD /etc/salt/pki/master/minions/$NEW
echo "Waiting 10 sec..."
sleep 10
salt $NEW test.ping # check if new host works
jfoboss picture jfoboss on 14 Feb 2019
1 👍1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] picture stale[bot] on 9 Jan 2020

not stale

dafyddj picture dafyddj on 15 Jan 2020
👍2

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] picture stale[bot] on 15 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sagetherage picture sagetherage  路  3Comments
sfozz picture sfozz  路  3Comments
lhost picture lhost  路  3Comments
erwindon picture erwindon  路  3Comments
twangboy picture twangboy  路  3Comments