salt: gitfs backend error related to SSH host key checking

After setting up a gitfs backend for a (private) GitHub repo, the following appeared in the master log:

[salt.loaded.int.fileserver.gitfs][WARNING ] GitPython exception caught while
fetching: len(["c179aa10976f1152d37e1deca0736698da8744bd\tnot-for-
merge\tbranch 'master' of git+ssh://xxx\n"]) != len(["Warning: Permanently added the 
RSA host key for IP address 'xxx' to the list of known hosts.", '', ' = [up to date]      
master     -> origin/master'])

Workaround was to add the following to .ssh/config:

Host github.com
User salt
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

Salt 0.17.2, Ubuntu Raring

About this issue

  • Original URL
  • State: closed
  • Created 11 years ago
  • Comments: 22 (12 by maintainers)

Most upvoted comments

In 2014.1.0 an optional config parameter gitfs_ssl_verify was added to allow this to be tuned. Those running earlier versions must upgrade to use this.

Set gitfs_ssl_verify: False in the master config, and then do the following:

  1. Stop the salt-master service
  2. Remove the gitfs cache directory by running rm -rf /var/cache/salt/master/gitfs
  3. Start the salt-master service

This ssl verification setting is only set when the gitfs remote is first initialized, hence the need to remove the gitfs cache. Allowing for this setting to be modified in an existing repo without needing to remove the cachedir is something I’d like to do eventually.

+1
terminalmage on Apr 16, 2014
Read more comments on GitHub
← salt: Getting SaltReqTimeoutError error
salt: GitFS cause extra high CPU usage on the master →