Closed
Description
Description
The salt minion keeps looping with "NameError: name 'rsa' is not defined" on MacOSX 15.x arm64
Setup
Newly installed MacOSX 15.5 on a MacbookPro M4
Freshly installed salt-minion and configured with proper minion name and salt master parameters
one dir packaging from
https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.10/salt-3006.10-py3-arm64.pkg
Steps to Reproduce the behavior
- Install onedir package in a MacBook with 15.5, all default settings
- use salt-config.sh to setup minion id and salt server
Expected behavior
Salt minion should contact master with no problems (worked with previous versions up to 3006.4 to my memory)
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)# salt --versions-report
Salt Version:
Salt: 3006.10
Python Version:
Python: 3.10.16 (main, Mar 6 2025, 02:21:35) [Clang 16.0.0 (clang-1600.0.26.3)]
Dependency Versions:
cffi: 1.14.6
cherrypy: unknown
cryptography: 42.0.5
dateutil: 2.8.0
docker-py: Not Installed
gitdb: 4.0.7
gitpython: 3.1.41
Jinja2: 3.1.6
libgit2: Not Installed
looseversion: 1.0.2
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.2
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 22.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: Not Installed
python-gnupg: 0.4.8
PyYAML: 6.0.1
PyZMQ: 25.1.2
relenv: 0.18.1
smmap: 4.0.0
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.4
System Versions:
dist: darwin 24.5.0
locale: utf-8
machine: arm64
release: 24.5.0
system: Darwin
version: 15.5 arm64Additional context
/var/log/salt/minion logs keep filling/looping with:
2025-05-16 11:52:31,109 [salt.minion :1184][CRITICAL][7540] Unexpected error while connecting to sm-pkf.[REDACTED]
Traceback (most recent call last):
File "/opt/salt/lib/python3.10/site-packages/salt/minion.py", line 1154, in _connect_minion
yield minion.connect_master(failed=failed)
File "/opt/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1056, in run
value = future.result()
File "/opt/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
raise_exc_info(self._exc_info)
File "<string>", line 4, in raise_exc_info
File "/opt/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1064, in run
yielded = self.gen.throw(*exc_info)
File "/opt/salt/lib/python3.10/site-packages/salt/minion.py", line 1395, in connect_master
master, self.pub_channel = yield self.eval_master(
File "/opt/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 1056, in run
value = future.result()
File "/opt/salt/lib/python3.10/site-packages/salt/ext/tornado/concurrent.py", line 249, in result
raise_exc_info(self._exc_info)
File "<string>", line 4, in raise_exc_info
File "/opt/salt/lib/python3.10/site-packages/salt/ext/tornado/gen.py", line 309, in wrapper
yielded = next(result)
File "/opt/salt/lib/python3.10/site-packages/salt/minion.py", line 821, in eval_master
pub_channel = salt.channel.client.AsyncPubChannel.factory(
File "/opt/salt/lib/python3.10/site-packages/salt/channel/client.py", line 392, in factory
auth = salt.crypt.AsyncAuth(opts, io_loop=io_loop)
File "/opt/salt/lib/python3.10/site-packages/salt/crypt.py", line 601, in __new__
auth.__singleton_init__(opts, io_loop=io_loop)
File "/opt/salt/lib/python3.10/site-packages/salt/crypt.py", line 637, in __singleton_init__
self.get_keys()
File "/opt/salt/lib/python3.10/site-packages/salt/crypt.py", line 1003, in get_keys
gen_keys(
File "/opt/salt/lib/python3.10/site-packages/salt/crypt.py", line 147, in gen_keys
gen = rsa.generate_private_key(e, keysize)
NameError: name 'rsa' is not defined
stopping the service with
sudo launchctl stop com.saltstack.salt.miniondoes not stop the flood of logs. I need to actively unload the service to avoid the disk being filled:
launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist
Cryptography is already installed in onedir, but now I wonder if the daemon is started with the wrong environment. I am no mac expert unfortunately and I have no idea how the environment is brought up in a launchctl unit.
# salt-pip install cryptography
WARNING: The directory '/Users/macdrift/Library/Caches/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you should use sudo's -H flag.
Requirement already satisfied: cryptography in ./lib/python3.10/site-packages (42.0.5)
Requirement already satisfied: cffi>=1.12 in ./lib/python3.10/site-packages (from cryptography) (1.14.6)
Requirement already satisfied: pycparser in ./lib/python3.10/site-packages (from cffi>=1.12->cryptography) (2.21)
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager, possibly rendering your system unusable. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv. Use the --root-user-action option if you know what you are doing and want to suppress this warning.This happened already in two machines I installed.