Hi, Russ. Sorry for the slow follow-up. Any progress?

Two questions:

* If you send an unauthenticated GET request to the root (/) URL do you get
the expected response back from salt-api? I'm curious if only the /login is
broken or the rest of the app as well.

* What wsgi/cgi interface are you using with Nginx? Does that have it's own
daemon or use a separate user from the Nginx user?

I haven't had a chance to set up a server to test this myself yet. In
answer to your settings questions, salt-api only uses sessions for
authentication so no additional server-side authorizations are needed. Do
any errors show up in the Nginx logs? I'm pegged so far this week but I'll
try to carve some time out to test this.
On Saturday, March 14, 2015 at 8:06:34 AM UTC-4, Russ Blaisdell wrote:

I did update the security in /var/run/salt/master to no avail when using
apache. However I am going to move to nginx once I locate a config.

Thanks, Russ

On Friday, March 13, 2015 at 5:34:15 PM UTC-5, Russ Blaisdell wrote:

HI Seth,
The problem I am seeing, specifically, is that a request for token
(/login) works fine through apache. However when I then use this same
token (header or cookie) I get a 401. I see nothing in the logs even with
debug. At the same time if I run just cherrpy then the same requests both
work. I looked at WSGIPassAuthorization on and while that worked well for
my django setup it did not seem to help in this case for salt. I was going
to setup a new apache/mod_wgsi/etc to see if perhaps I had something wrong,
which is more than possible. Then I choose to quit fighting the future and
move to NGINX :). However I could not locate any examples and since I have
never setup nginx before I thought attempting to craft my own nginx config
would only result in failure and frustration :). This is not a pressing
issue and I was just hoping that someone in the group might have already
setup an nginx and could just copy/paste. Setting this up would be great
however I hate to ask anyone to go out of their way. I am actually looking
to create a set of docker files to run salt master in a container with
nginx in a second container and a volume for /var/lib/salt and /etc/salt.
I will do the docker files and can post/share them back if it would help
others. I just need to sort out the nginx piece as I have the other docker
files ready.

Thank you,
On Thursday, March 12, 2015 at 9:35:02 PM UTC-5, Seth House wrote:

Hi, Russ. This may be due to the system user that Nginx is running as
(as compared to the CherryPy server which was probably started as the
root user). Do any log messages of interest show up in the master log
file? It may also be worth bumping the logging level up to 'debug'.
You can also try giving that user account read access to the ipc files
in /var/run/salt/master.

If that doesn't help, I can stand up an Nginx server sometime Monday
to test this.
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 5 of 5 | next ›
Discussion Overview
groupsalt-users @
postedMar 12, '15 at 2:11a
activeMar 25, '15 at 2:57a



site design / logo © 2022 Grokbase