Error importing Salt states

Problem: Clicking import salt states throws 406 error
I can observe that the proxy.log reports an error connecting to the foreman instance (server1116) on port 9191. But that doesn’t make sense as the salt-proxy plugin runs on the salt-master (server1110) on port 9191. The smart-proxy should send the salt states to the foreman instance on port 8443.


E, [2018-08-17T10:19:10.231239 5f5df781] ERROR -- : Failed to list environments: Failed to open TCP connection to (Connection refused - connect(2) for "" port 9191)
I, [2018-08-17T10:19:10.294005 5f5df781]  INFO -- : - - [17/Aug/2018:10:19:10 +0200] "GET /salt/environments HTTP/1.1" 406 176 0.1107

Uploading reports to the foreman server works, that is why I don’t assume an error in my configuration, however, from what the log says I can’t stop thinking I switched something around.

I found a bug on Redmine that described a fix to install a specific cherrypy version and add “*.” permission for the saltuser in the salt-master config but unfortunately that didn’t solve my issue: Bug #23985: "406 Not Acceptable" when attempting to import salt states - Salt - Foreman

Expected outcome:
Salt states should be imported from the salt-master and sent to Foreman via salt smart-proxy

Foreman and Proxy versions:
foreman instance

foreman/xenial,now 1.17.1-1 amd64

Foreman and Proxy plugin versions:

foreman-proxy/xenial,xenial,now 1.17.1-1 all 
ruby-foreman-salt/plugins,plugins,now 10.1.0-1 all

Other relevant data:


:proto: https
:port: 443
# if using http with ssl certificates
:ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem"
:ssl_cert: "/var/lib/puppet/ssl/certs/"
:ssl_key: "/var/lib/puppet/ssl/private_keys/"
# if using http with username and password instead of https with certicates
#:username: admin
#:password: asdf
:timeout:  10
:salt:  /usr/bin/salt
:upload_grains:  true


:enabled: true
:autosign_file: /etc/salt/autosign.conf
:salt_command_user: root
# Some features require using the Salt API - such as listing
# environments and retrieving state info
:use_api: true
:api_auth: pam
:api_username: saltuser
:api_password: asdf


          - '@runner'
          - .*

  port: 9191
  ssl_key: /var/lib/puppet/ssl/private_keys/
  ssl_crt: /var/lib/puppet/ssl/certs/

CherryPy 3.2.3

pip show cherrypy
Metadata-Version: 1.1
Name: CherryPy
Version: 3.2.3

the error tells you smart proxy tried to ask the rest_cherrypi for a list of states and the connection was refused. Is the salt-api service running on the server1110 machine?


Hi @aruzicka

Good catch! It’s a riddle to me why the api wasn’t running as I didn’t restart the server - but that was the culprit.

I’ll keep in mind to have a look at netstat -tuna next time :wink:


PS: Sorry for the late answer.