Foreman and salt installation issues


I’ve got a brand new Foreman 2.0 install on server A
I’ve got a brand new Salt 3000.3 install on server B

Foreman can build a machine successfully
Salt can add a state to the newly built machine

Therefore, I conclude both systems are working properly on their own. I know want Foreman to control Salt.

On my foreman server A, I’ve run

foreman-installer --enable-foreman-plugin-salt --enable-foreman-proxy-plugin-salt

I can now see salt listed within the Foreman GUI.

What do I need to do on my new Salt server B? I’m finding the plugin guild a little confusing. Is there a guide/tutorial on this?

I’ve installed on the Salt server, but files, groups etc are missing.

yum install tfm-rubygem-smart_proxy_salt
yum install tfm-rubygem-smart_proxy_salt_core

Apologies, if this is obvious.

So full disclaimer, I must admit that I have not set up salt with foreman, yet.
That being said, I think I can explain at least some things.

First of all, the plugin guide says that you have to install salt-master on the same machine as your foreman (smart-proxy):

2.1 Smart Proxy
Install the Salt Smart Proxy package for your operating system (see above). The Salt smart proxy needs to run on the same server as your Salt master, and the foreman-proxy user needs to be able to run the ‘salt’ and ‘salt-key’ commands via sudo.

It is possible to have the foreman server and the salt-master on different machines, if you install a foreman smart-proxy on your salt-master machine.

You will have to tell foreman how it can reach your salt-master.
This can be done through additional parameters to the foreman-installer, if your values deviate from the default settings:

= Module foreman_proxy_plugin_salt:
    --foreman-proxy-plugin-salt-api  Use Salt API (current: true)
    --foreman-proxy-plugin-salt-api-auth  Salt API auth mechanism (current: "pam")
    --foreman-proxy-plugin-salt-api-password  Salt API password (current: "password")
    --foreman-proxy-plugin-salt-api-url  Salt API URL (current: "")
    --foreman-proxy-plugin-salt-api-username  Salt API username (current: "saltuser")
    --foreman-proxy-plugin-salt-autosign-file  File to use for salt autosign (current: "/etc/salt/autosign.conf")
    --foreman-proxy-plugin-salt-saltfile  Path to Saltfile (current: UNDEF)
    --foreman-proxy-plugin-salt-user  User to run salt commands under (current: "root")

To be precise, the foreman-installer will configure the foreman smart-proxy with these parameters, because that is the service that will send stuff to your hosts and your salt-master.

Thanks Markus, much appreciated help.

As a test I have salt and foreman running on the same instance today, so if I can’t get the two system solution to work I’ll stick with the single system.

What is the best way to install the smart-proxy on the separate salt/ master?

Many thanks,

should work :slight_smile:

However I prefer the installation instructions for the SmartProxy that includes Content handling, which you will need if you want to provide Katello ContentViews over the proxy:

The latter is IMHO also easier (to understand what has to be done).