TLS Module In SaltStack Not Available (Fixed)

Published on Wednesday, May 7, 2014

I was trying to install HALite, the WebUI for SaltStack, using the provided instructions. However, I kept getting the following errors when trying to create the certificates using Salt:

'tls.create_ca_signed_cert' is not available.
'tls.create_ca' is not available.


Basically, the 'tls' module in Salt simply didn't appear to work. The reason for this is detailed on intothesaltmind.org:

Note: Use of the tls module within Salt requires the pyopenssl python extension.

That makes sense. We can fix this with something like:

apt-get install libffi-dev
pip install -U pyOpenSSL
/etc/init.d/salt-minion restart


Or, better yet, with Salt alone:

salt '*' cmd.run 'apt-get install libffi-dev'
salt '*' pip.install pyOpenSSL
salt '*' cmd.run "service salt-minion restart"


The commands to create the PKI key should work now:

Created Private Key: "/etc/pki/salt/salt_ca_cert.key." Created CA "salt": "/etc/pki/salt/salt_ca_cert.crt."