yum install returns error due to DNS or transparent proxy

When installing Salt as a pre-installation step (see Install or upgrade Salt), yum might return the following error:

[Error 14] curl#60 – “Peer’s Certificate issuer is not recognized.

In this case, it is likely that you are either experiencing DNS issues or you have a transparent TLS/https proxy in your environment.

To resolve DNS issues, ensure that repo.saltstack.com resolves on your machine or that you can reach that server.

If you have a transparent proxy, add sslverify=0 to the SaltStack yum repo configuration and then retry the installation of the packages. This will workaround the fact that your transparent proxy is interfering with connection certificates and TLS signatures.

Salt masters is not showing the keys for the minion

Sometimes users experience a problem where minion IDs don’t appear when trying to get the Salt master to accept minion keys. To fix this problem, you can specify the IP address of the Salt master in each minion’s etc/salt/minion.d/id.conf file. Edit this file and change the master setting to show the Salt master’s IP address. For example, master:127.0.0.0. For additional methods of connecting the minion to the Salt master, see Configuring the Salt Minion.

Authentication error occurs when applying highstate

During the initial application of the highstate to the first Salt master, you may see the following error message: Authenticationerroroccurred.

This error displays because the Salt master has not yet authenticated to the RaaS node, but the Master Plugin installation state will restart the Salt master service and the issue will be resolved automatically.

Single-node installation script terminates

If both the Salt master and Salt minion are installed, the script skips this step and proceeds with the setup of SaltStack Config.

If either the Salt master service or the minion service packages are installed, but not both, the script will terminate. The script terminates as a safeguard to prevent the user from accidentally disrupting an existing installation.

The solution is to ensure that both the Salt master and minion are installed on the node before running the installation script.

Package installs fail

If the installations of postgres, jemalloc, redis, etc. fail during the single-node installation, one possibility is that yum is configured with a restrictive localpkg_gpgcheck option ensuring local packages’ GPG signatures are checked.

The failure may look similar to this:

[ERROR ] Command '['systemd-run', '--scope', 'yum', '-y', 'install', '/var/cache/salt/minion/files/base/sse/eapi_database/files/postgresql12-libs-12.1-1PGDG.rhel7.x86_64.rpm', '/var/cache/salt/minion/files/base/sse/eapi_database/files/postgresql10-12.1-1PGDG.rhel7.x86_64.rpm', '/var/cache/salt/minion/files/base/sse/eapi_database/files/postgresql12-server-12.1-1PGDG.rhel7.x86_64.rpm', '/var/cache/salt/minion/files/base/sse/eapi_database/files/postgresql12-contrib-12.1-1PGDG.rhel7.x86_64.rpm']' failed with return code: 1

If the option is enabled, the option localpkg_gpgcheck=1 will have been set explicitly in /etc/yum.conf. Set this to localpkg_gpgcheck=0 to allow the single-node installation to complete.