Auto host creation of Salt-minion in Foreman

OmniByte · July 30, 2018, 1:10pm

Problem:
In Salt 2015 salt-minions were added to Foreman hosts automatically after running upload-salt-reports. After upgrading to 2018 this doesn’t seem to work anymore.

Expected outcome:
After configuring a new salt-minion and running high state on that host the results of the jobs can be sent to Foreman by using upload-salt-reports. The results are sent and received by the Foreman server, which is visible in the logs:

But a new host doesn’t appear in the Foreman host list.

In general the connection from Foreman to proxy seems to be ok, e.g I can reject and delete keys from the Foreman UI (log output). This is why I believe that my configuration is fine.

I, [2018-07-30T15:04:29.513916 9c4495dc]  INFO -- : Result: The following keys are going to be rejected:
Unaccepted Keys:
server0238.cs.technik.fhnw.ch
Key for minion server0238.cs.technik.fhnw.ch rejected.
I, [2018-07-30T15:04:29.514903 9c4495dc]  INFO -- : 10.35.147.116 - - [30/Jul/2018:15:04:29 +0200] "DELETE /salt/key/reject/server0238.cs.technik.fhnw.ch HTTP/1.1" 200 - 0.6348
I, [2018-07-30T15:04:30.063156 9c4495dc]  INFO -- : 10.35.147.116 - - [30/Jul/2018:15:04:30 +0200] "GET /salt/key HTTP/1.1" 200 826 0.4939
I, [2018-07-30T15:05:02.227820 9c4495dc]  INFO -- : Result: The following keys are going to be deleted:
Rejected Keys:
server0238.cs.technik.fhnw.ch
Key for minion server0238.cs.technik.fhnw.ch deleted.
I, [2018-07-30T15:05:02.228756 9c4495dc]  INFO -- : 10.35.147.116 - - [30/Jul/2018:15:05:02 +0200] "DELETE /salt/key/server0238.cs.technik.fhnw.ch HTTP/1.1" 200 - 0.5242
I, [2018-07-30T15:05:02.778139 9c4495dc]  INFO -- : 10.35.147.116 - - [30/Jul/2018:15:05:02 +0200] "GET /salt/key HTTP/1.1" 200 661 0.4977

Foreman and Proxy versions:
Foreman version

foreman-installer/xenial,xenial,now 1.17.1-1 all [installed]

salt-master

salt-common/unknown,unknown,now 2018.3.2+ds-1 all [installed,automatic]
salt-master/unknown,unknown,now 2018.3.2+ds-1 all [installed]
ruby-foreman-salt/plugins,plugins,now 10.1.0-1 all [installed]

Other relevant data:
foreman server production log:

2018-07-30T14:39:20 9e52e424 [app] [I] Started POST "/salt/api/v2/jobs/upload" for 10.35.147.110 at 2018-07-30 14:39:20 +0200
2018-07-30T14:39:20 9e52e424 [app] [I] Processing by ForemanSalt::Api::V2::JobsController#upload as JSON
2018-07-30T14:39:20 9e52e424 [app] [I]   Parameters: {"job"=>{"function"=>"state.highstate", "result"=>{"server1117.cs.technik.fhnw.ch"=>{"user_|-support2_|-support2_|-present"=>{"comment"=>"User support2 is present and up to date", "name"=>"support2", "start_time"=>"14:38:30.499847", "result"=>true, "duration"=>1.454, "__run_num__"=>1, "__sls__"=>"users/init", "changes"=>{}, "__id__"=>"support2"}, "pkg_|-install_network_packages_|-install_network_packages_|-installed"=>{"comment"=>"All specified packages are already installed", "name"=>"curl", "start_time"=>"14:38:29.825810", "result"=>true, "duration"=>673.05, "__run_num__"=>0, "__sls__"=>"nettools", "changes"=>{}, "__id__"=>"install_network_packages"}}}, "job_id"=>"20180730143824794936"}, "apiv"=>"v2"}
2018-07-30T14:39:20 9e52e424 [app] [I] Current user: foreman_api_admin (administrator)
2018-07-30T14:39:20 9e52e424 [app] [I] Processing job 20180730143824794936 from Salt.
2018-07-30T14:39:20 9e52e424 [app] [I] Completed 200 OK in 64ms (Views: 0.2ms | ActiveRecord: 11.5ms)

Salt-Master version:

support@server1110:/srv/salt$ salt-master --version
salt-master 2018.3.2 (Oxygen)

Salt-Minion version:

salt-common/unknown,unknown,now 2018.3.2+ds-1 all [installed,automatic]
salt-minion/unknown,unknown,now 2018.3.2+ds-1 all [installed]

Im using Ubuntu 16.04 on all systems (Foreman, Salt-master, salt-minions)

The foreman-proxy on the salt master is up and running (no errors in the logs):

foreman-proxy.service - Foreman Proxy
Loaded: loaded (/lib/systemd/system/foreman-proxy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-07-30 14:38:11 CEST; 21min ago
Jul 30 14:38:09 server1110 systemd[1]: Starting Foreman Proxy...
Jul 30 14:38:11 server1110 systemd[1]: Started Foreman Proxy.

And so ist the Foreman host:

foreman.service
Loaded: loaded (/etc/init.d/foreman; bad; vendor preset: enabled)
Active: active (running) since Mon 2018-07-16 16:49:36 CEST; 1 weeks 6 days a
Jul 16 16:49:25 server1116 systemd[1]: Stopped foreman.service.
Jul 16 16:49:25 server1116 systemd[1]: Starting foreman.service...
Jul 16 16:49:36 server1116 systemd[1]: Started foreman.service.

Does anyone have experience with Foreman-Salt proxy plugin in Version 2018?

Cheers,
Nic

Gwmngilfen · July 31, 2018, 10:14am

Hmm, that’s working for me on 2018.3.2 / 1.18 / 10.1.0, so something odd is going on. There was an issue with grain uploads in 10.0.0 but I thought that was fixed.

Are you using the ENC / grain upload functions (that’s the default config)? Or just report uploads via the proxy cronjob?

OmniByte · July 31, 2018, 12:14pm

So far I have only used the upload reports command manually: upload-salt-reports

Which grain upload functions are you referring to? the CLI commands like salt ‘*’ grains.add etc.?

Gwmngilfen · July 31, 2018, 12:31pm

I’m referring to the master_tops configuration here:

https://theforeman.org/plugins/foreman_salt/7.0/index.html#2.1.2SaltMasterConfiguration

That uses foreman-node, which uploads grains to Foreman as part of it’s operation. That’s what was broken in #24108, but if you’re not using it, this may be a new bug

OmniByte · August 2, 2018, 11:35am

@Gwmngilfen Thanks for the hint, I got it working after adding the master tops and ext pillar directives to the master config - I did’nt notice they were overwritten during the update, apologies for the noise!

Now the Salt-Foreman-Icinga chain works again hot stuff!

Gwmngilfen · August 2, 2018, 11:54am

Ah cool. Technically host creation from reports should work too - can you raise a bug about it and I’ll try to reproduce it.

OmniByte · August 2, 2018, 12:39pm

Sure thing, filed a bug in your redmine.

Cheers, N