salt.renderer.gpg docs do not work on CentOS 7

Created on 6 Jan 2017  路  1Comment  路  Source: saltstack/salt

Description of Issue/Question

On CentOS 7 when following the instructions for setting up gpg keys I get an error that seems to only happen when using the --homedir option

# gpg --gen-key --homedir /etc/salt/gpgkeys
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Salt
Name must be at least 5 characters long
Real name: Salt Master
Email address: [email protected]
Comment: 
You selected this USER-ID:
    "Salt Master <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.


gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
gpg: Key generation canceled.

Is there a work around for this by perhaps using the users keys (the user that runs salt-master)?

Steps to Reproduce Issue

Follow the gpg documentation on CentOS 7

Versions Report

Salt Version:
Salt: 2016.11.1

Dependency Versions:
cffi: 1.6.0
cherrypy: 3.2.2
dateutil: 2.4.2
gitdb: 0.6.4
gitpython: 1.0.1
ioflo: Not Installed
Jinja2: 2.8
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: 0.21.1
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.8
mysql-python: Not Installed
pycparser: 2.14
pycrypto: 2.6.1
pygit2: Not Installed
Python: 2.7.5 (default, Nov 6 2016, 00:28:07)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: 0.9.0
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4

System Versions:
dist: centos 7.3.1611 Core
machine: x86_64
release: 4.5.5-x86_64-linode69
system: Linux
version: CentOS Linux 7.3.1611 Core

Upstream Bug
Source
picture bfrog

Most helpful comment

There is probably already a gpg-agent running on the system, which your gpg command is unable to connect to.

If you do a pkill -9 gpg-agent and then source <(gpg-agent --daemon) to restart the agent, you should be able to connect to the pinentry-curses for inputting your password.

Thanks,
Daniel

picture gtmanfred on 9 Jan 2017
👍4

>All comments

There is probably already a gpg-agent running on the system, which your gpg command is unable to connect to.

If you do a pkill -9 gpg-agent and then source <(gpg-agent --daemon) to restart the agent, you should be able to connect to the pinentry-curses for inputting your password.

Thanks,
Daniel

gtmanfred picture gtmanfred on 9 Jan 2017
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lhost picture lhost  路  3Comments
layer3switch picture layer3switch  路  3Comments
Oloremo picture Oloremo  路  3Comments
Arguros picture Arguros  路  3Comments
twangboy picture twangboy  路  3Comments