Skip to content
  • There are no suggestions because the search field is empty.

Reinstalling salt-minion in NetWitness breaks connectivity with salt-master showing error BSAFELIB

Issue

- Never try re-installing salt-minion for whatever reason as this will break the connectivity between the Minion and the Master. 
- Checking the status of salt-minion using below command, shows the error below:

systemctl status salt-minion

Error:

Jun 08 10:26:45 broker python[9559]: OWB:ERROR:BSAFELIB:func(133):reason(109):b_rsa.c:273

Cause

When re-installing the salt-minion there is a python script /usr/lib/python3.6/site-packages/salt/utils/rsax931.py that contains a parameter "RSA_X931_PADDING" which will revert back to 5, hence the connectivity issue.

In 12.x, the path for the file is: /opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/rsax931.py


Resolution

In case salt-minion rpm package was re-installed, follow steps below to fix in NetWitness appliance :

  1. Stop salt-minion: 
    systemctl stop salt-minion
  2. Modify the script using vi command:
    1. 11.x: vi /usr/lib/python3.6/site-packages/salt/utils/rsax931.py 
    2. 12.x: vi /opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/rsax931.py
  3. Find the parameter “RSA_X931_PADDING” and change it from “5” to “1”, then save & exit.
  4. Start salt-minion:
    systemctl start salt-minion
  5. Check the status and ensure the error above no longer exists, which indicates the connectivity issue is now cleared and the minion communicates with master successfully, using command:
    systemctl status salt-minion

sample output:

salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/salt-minion.service.d
           └─salt-minion-opts-managed.conf
   Active: active (running) since Mon 2020-06-08 10:46:15 UTC; 4s ago
     Docs: man:salt-minion(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 11256 (salt-minion)
   CGroup: /system.slice/salt-minion.service
           ├─11256 /usr/bin/python /usr/bin/salt-minion
           ├─11260 /usr/bin/python /usr/bin/salt-minion
           ├─11262 /usr/bin/python /usr/bin/salt-minion



 


Product Details

NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: Any NW Appliance
NetWitness Version/Condition: 12.x
Platform: CentOS 7 / Alma

Summary

During upgrades, salt-minion, salt-master & salt-api are upgraded first, sometimes this causes rsa931.py to be updated with the wrong RSA_X931_PADDING setting.


Approval Reviewer Queue

Technical approval queue