verify crt and key differently in checkmine

2025-12-06 17:22:49 +01:00 · 2023-10-18 15:53:12 -04:00
parent e58c1e189c
commit ac28e1b967
1 changed files with 4 additions and 1 deletions
--- a/salt/salt/engines/master/checkmine.py
+++ b/salt/salt/engines/master/checkmine.py
@@ -53,17 +53,20 @@ def start(interval=60):
                    ca_crt = x509[minion]['/etc/pki/ca.crt']
                    log.debug('checkmine engine: found minion %s has ca_crt: %s' % (minion, ca_crt))
                    # since the cert is defined, make sure it is valid
-                    if not __salt__['x509.verify_private_key'](private_key='/etc/pki/ca.key', public_key='/etc/pki/ca.crt'):
+                    import salt.modules.x509_v2 as x509_v2
+                    if not x509_v2.verify_private_key('/etc/pki/ca.key', '/etc/pki/ca.crt'):
                        log.error('checkmine engine: found minion %s does\'t have a valid ca_crt in the mine' % (minion))
                        log.error('checkmine engine: %s: ca_crt: %s' % (minion, ca_crt))
                        mine_delete(minion, 'x509.get_pem_entries')
                        mine_update(minion)
+                        continue
                    else:
                        log.debug('checkmine engine: found minion %s has a valid ca_crt in the mine' % (minion))
                except IndexError:
                    log.error('checkmine engine: found minion %s does\'t have a ca_crt in the mine' % (minion))
                    mine_delete(minion, 'x509.get_pem_entries')
                    mine_update(minion)
+                    continue

            # Update the mine if the ip in the mine doesn't match returned from manage.alived
            network_ip_addrs = __salt__['saltutil.runner']('mine.get', tgt=minion, fun='network.ip_addrs')