I'm using SaltStack to manage several servers on EC2, including both Linux and MS-Windows installations. The master server is deployable in its entirety (using cloud-init) and when I change the configuration of the master I just trash the old master and recreate it from scratch. The master keys are part of the persistent configuration, and autosign
is used to accept known hosts automatically, so rebuilding is not a problem for the PKI.
After recreating the master, I can see that the minions reconnect - by running salt-key -L
, but are not responding (salt '*' test.ping
does not list any response). Restarting the salt-minion
service on each host solves the problem, though this does require logging manually in to each and every managed host to issue the restart.
Is there some setup that can be done to prevent that problem?