Problem: Clicking import salt states throws 406 error
I can observe that the proxy.log reports an error connecting to the foreman instance (server1116) on port 9191. But that doesn’t make sense as the salt-proxy plugin runs on the salt-master (server1110) on port 9191. The smart-proxy should send the salt states to the foreman instance on port 8443.
proxy.log
E, [2018-08-17T10:19:10.231239 5f5df781] ERROR -- : Failed to list environments: Failed to open TCP connection to server1110.cs.technik.fhnw.ch:9191 (Connection refused - connect(2) for "server1110.cs.technik.fhnw.ch" port 9191)
I, [2018-08-17T10:19:10.294005 5f5df781] INFO -- : 10.35.147.116 - - [17/Aug/2018:10:19:10 +0200] "GET /salt/environments HTTP/1.1" 406 176 0.1107
Uploading reports to the foreman server works, that is why I don’t assume an error in my configuration, however, from what the log says I can’t stop thinking I switched something around.
I found a bug on Redmine that described a fix to install a specific cherrypy version and add “*.” permission for the saltuser in the salt-master config but unfortunately that didn’t solve my issue: Bug #23985: "406 Not Acceptable" when attempting to import salt states - Salt - Foreman
Expected outcome:
Salt states should be imported from the salt-master and sent to Foreman via salt smart-proxy
Foreman and Proxy versions:
foreman instance
foreman/xenial,now 1.17.1-1 amd64
Foreman and Proxy plugin versions:
salt-master:
foreman-proxy/xenial,xenial,now 1.17.1-1 all
ruby-foreman-salt/plugins,plugins,now 10.1.0-1 all
Other relevant data:
/etc/salt/foreman.yaml
:proto: https
:host: server1116.cs.technik.fhnw.ch
:port: 443
# if using http with ssl certificates
:ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem"
:ssl_cert: "/var/lib/puppet/ssl/certs/server1110.cs.technik.fhnw.ch.pem"
:ssl_key: "/var/lib/puppet/ssl/private_keys/server1110.cs.technik.fhnw.ch.pem"
# if using http with username and password instead of https with certicates
#:username: admin
#:password: asdf
:timeout: 10
:salt: /usr/bin/salt
:upload_grains: true
/etc/foreman-proxy/settings.d/salt.yml
:enabled: true
:autosign_file: /etc/salt/autosign.conf
:salt_command_user: root
# Some features require using the Salt API - such as listing
# environments and retrieving state info
:use_api: true
:api_url: https://server1110.cs.technik.fhnw.ch:9191
:api_auth: pam
:api_username: saltuser
:api_password: asdf
/etc/salt/foreman
external_auth:
pam:
saltuser:
- '@runner'
- .*
rest_cherrypy:
port: 9191
host: 0.0.0.0
ssl_key: /var/lib/puppet/ssl/private_keys/server1110.cs.technik.fhnw.ch.pem
ssl_crt: /var/lib/puppet/ssl/certs/server1110.cs.technik.fhnw.ch.pe
CherryPy 3.2.3
pip show cherrypy
---
Metadata-Version: 1.1
Name: CherryPy
Version: 3.2.3