Install NextCloud 11 on Fedora 25 with SaltStack
-
In the default configuration that I have provided here, neither port 22 nor 80 are left open. Port 443 for HTTPS is the sole access to the outside world. This makes our NextCloud system easier to secure and reduces the attack surface. We can improve memory by stopping the OpenSSH process, if we feel that it is warranted.
-
Hey Scott, Drew here (CrimsonKidA) from SW. I think there might be something wrong with my Salt Master install. The salt-master service doesn't auto start at boot, so I manually start it. Also, it didn't seem to make /var/cache/salt/master either, so I manually created it. When I try to run your last command here, this is what I get:
[root@NextCloud /srv/salt]# salt 'NextCloud.ourdomain.com' state.apply nextcloud
No minions matched the target. No command was sent, no jid was assigned.
ERROR: No return receivedAny ideas? Thanks.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
Hey Scott, Drew here (CrimsonKidA) from SW. I think might be wrong with my Salt Master install. The salt-master service doesn't auto start at boot, so I manually start it. Also, it didn't seem to make /var/cache/salt/master either, so I manually created it. When I try to run your last command here, this is what I get:
[root@NextCloud /srv/salt]# salt 'NextCloud.ourdomain.com' state.apply nextcloud
No minions matched the target. No command was sent, no jid was assigned.
ERROR: No return receivedAny ideas? Thanks.
So that error means that the key has not been accepted for that host. Start with this...
salt-key --list-all -
@scottalanmiller [root@NextCloud salt]# salt-key --list-all
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys: -
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller [root@NextCloud salt]# salt-key --list-all
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:There we go. Your minion has not reached out to your master yet. Nothing will work until those two are taking to each other. Is Salt definitely running on the minion and pointing to the master?
-
@scottalanmiller Sorry, I don't follow. I only have one VM and it's the Fedora 25 Server. It's running everything.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Sorry, I don't follow. I only have one VM and it's the Fedora 25 Server. It's running everything.
That's no problem. You just have to configure both sides on one machine. That's standard actually.
Look at /etc/salt/minion
add the line:
master: localhost
-
@scottalanmiller Thanks, I just appended it on to the end of /etc/salt/minion via Nano and restarted salt-minion service. No change though...?
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, I just appended it on to the end of /etc/salt/minion via Nano and restarted salt-minion service. No change though...?
The salt-key --list-all didn't list it?
-
@scottalanmiller Afraid not. I did find where to change the salt master in the /etc/salt/minion file (line 16), so I un-commented it out and changed that to master:localhost and restarted the salt-minion service again, but no change. Also tried restarting salt-master service.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Afraid not. I did find where to change the salt master in the /etc/salt/minion file (line 16), so I un-commented it out and changed that to master:localhost and restarted the salt-minion service again, but no change. Also tried restarting salt-master service.
Make sure that there is a space after the colon.
You can go in /var/log and look in the salt minion logs to see what it is complaining about.
-
@scottalanmiller Thanks, I have DNS lookup failures for 'salt' and master hostname 'salt' not found as a result.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, I have DNS lookup failures for 'salt' and master hostname 'salt' not found as a result.
Something is wrong with your minion file. That means that the minion is looking for a machine named salt rather than for localhost.
In /etc/hosts you can just name the local machine "salt" to resolve that, too.
-
"salt" is the default. so that's why that specific one shows up.
-
@scottalanmiller Perfect, thanks. I just added '127.0.0.0 salt' to my /etc/hosts file and that got the DNS issue cleared up. But then the key was still not accepted. Got that sorted by running:
salt-key -A
from directory /etc/salt -
...just CD'd back to /srv/salt and your scripts are working now!!
-
The script seemed run fine, but I still have no NextCloud installation.
I thought it was just the firewall getting enabled in Fedora, but I turned it off and still nothing is there on 443 at the IP (other than Cockpit at 9090 of course). -
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
The script seemed run fine, but I still have no NextCloud installation.
I thought it was just the firewall getting enabled in Fedora, but I turned it off and still nothing is there on 443 at the IP (other than Cockpit at 9090 of course).What was the feedback from the state.apply? Any errors should be there.
-
@scottalanmiller Thanks, Scott. I ran the your final command again and it worked this time: Succeeded: 19 (changed=5)! The firewall seems to be too aggressive, so I just turned it off since this will be LAN-use only (at least for now).
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, Scott. I ran the your final command again and it worked this time: Succeeded: 19 (changed=5)! The firewall seems to be too aggressive, so I just turned it off since this will be LAN-use only (at least for now).
Should be "just aggressive enough"... shutting off Cockpit and SSH.
