set up eapi plugin on salt-master manualy

Products

VCF Operations/Automation (formerly VMware Aria Suite) VMware SaltStack

Issue/Introduction

Instructions provided here cover how to set up the eapi plugin on salt-master manually.

Eapi plugin fails to install with

salt-call pip.install /sse-installer/salt/sse/eapi_plugin/files/SSEAPE-8.17.0.6-py3-none-any.whl
[ERROR   ] Command '/opt/saltstack/salt/salt-pip' failed with return code: 1
[ERROR   ] stdout: Processing /sse-installer/salt/sse/eapi_plugin/files/SSEAPE-8.17.0.6-py3-none-any.whl
Requirement already satisfied: cryptography>=3.1.1 in /opt/saltstack/salt/lib/python3.10/site-packages (from SSEAPE==8.17.0.6) (42.0.3)
INFO: pip is looking at multiple versions of sseape to determine which version is compatible with other requirements. This could take a while.
[ERROR   ] stderr: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c3550>: Failed to                                                                                                                      establish a new connection: [Errno -2] Name or service not known')': /simple/pika/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c3700>: Failed to establish a new con                                                                                                                     nection: [Errno -2] Name or service not known')': /simple/pika/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014bbff970>: Failed to establish a new con                                                                                                                     nection: [Errno -2] Name or service not known')': /simple/pika/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c23e0>: Failed to establish a new con                                                                                                                     nection: [Errno -2] Name or service not known')': /simple/pika/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c1990>: Failed to establish a new con                                                                                                                     nection: [Errno -2] Name or service not known')': /simple/pika/
ERROR: Could not find a version that satisfies the requirement pika<1.4,>=1.2.0 (from sseape) (from versions: none)
ERROR: No matching distribution found for pika<1.4,>=1.2.0
[ERROR   ] retcode: 1
local:
    ----------
    pid:
        375172
    retcode:
        1
    stderr:
        WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c3550>: Failed to establish a                                                                                                                      new connection: [Errno -2] Name or service not known')': /simple/pika/
        WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c3700>: Failed to establish a                                                                                                                      new connection: [Errno -2] Name or service not known')': /simple/pika/
        WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014bbff970>: Failed to establish a                                                                                                                      new connection: [Errno -2] Name or service not known')': /simple/pika/
        WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c23e0>: Failed to establish a                                                                                                                      new connection: [Errno -2] Name or service not known')': /simple/pika/
        WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f014b7c1990>: Failed to establish a                                                                                                                      new connection: [Errno -2] Name or service not known')': /simple/pika/
        ERROR: Could not find a version that satisfies the requirement pika<1.4,>=1.2.0 (from sseape) (from versions: none)
        ERROR: No matching distribution found for pika<1.4,>=1.2.0
    stdout:
        Processing /sse-installer/salt/sse/eapi_plugin/files/SSEAPE-8.17.0.6-py3-none-any.whl
        Requirement already satisfied: cryptography>=3.1.1 in /opt/saltstack/salt/lib/python3.10/site-packages (from SSEAPE==8.17.0.6) (42.0.3)
        INFO: pip is looking at multiple versions of sseape to determine which version is compatible with other requirements. This could take a while.

Environment

salt 3006.x
salt-master 3006.x

Resolution

Eapi plugin has the below pip dependency. If the salt-master does not have access to pypi, the below dependency will need to be installed prior to installing the eapi_plugin egg. you may stage the whl files in /tmp directory

cryptography >=3.1.1
- https://pypi.org/project/cryptography/#files
pika <1.4,>=1.2.0
- https://pypi.org/project/pika/#files
pyjwt >=2.3.0
- https://pypi.org/project/PyJWT/#files

Installing dependency:

salt-call pip.install /tmp/pika-1.3.2-py3-none-any.whl 
salt-call pip.install /tmp/PyJWT-2.10.1-py3-none-any.whl 
salt-call pip.install /tmp/cryptography-45.0.4-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl

Install eapi_egg: (whl file can be found in the sse installer path: ( sse-installer-tar.gz > sse-installer/salt/sse/eapi_plugin/files/SSEAPE-8.17.0.6-py3-none-any.whl. stage this to the /tmp dir)

salt-call pip.install /tmp/SSEAPE-8.17.0.6-py3-none-any.whl

Generate configs: (sseapi-config is typically located in /opt/saltstack/salt/extras-%version%/bin/)

./sseapi-config --default-conf > /etc/salt/master.d/raas.conf
./sseapi-config --ext-modules > /etc/salt/master.d/eAPIMasterPaths.conf

Edit the raas confg and edit/modify the below: (vi /etc/salt/master.d/raas.conf)

sseapi_server:  https://FQDN_of_RAAS
sseapi_ssl_validate_cert: false

# Key authentication settings
sseapi_pubkey_path: /etc/salt/pki/master/sseapi_key.pub  # Path to public key for authenticating to eAPI server
sseapi_key_check: 15                       # Keyauth engine interval, in seconds
sseapi_key_test: 300                       # How often to test master authentication key, in seconds
sseapi_key_rotation: 86400                 # Authentication key rotation interval, in seconds

start/restart salt-master

systemctl stop salt-master && systemctl start salt-master

Review salt-config UI > administration > master and accept the master key

If masterkey does not show up, review master logs to troubleshoot further.

Monitor logs for errors ( /var/log/salt/master)