So full disclaimer, I must admit that I have not set up salt with foreman, yet.
That being said, I think I can explain at least some things.
First of all, the plugin guide says that you have to install salt-master on the same machine as your foreman (smart-proxy):
2.1 Smart Proxy
Install the Salt Smart Proxy package for your operating system (see above). The Salt smart proxy needs to run on the same server as your Salt master, and the foreman-proxy user needs to be able to run the ‘salt’ and ‘salt-key’ commands via sudo.
It is possible to have the foreman server and the salt-master on different machines, if you install a foreman smart-proxy on your salt-master machine.
You will have to tell foreman how it can reach your salt-master.
This can be done through additional parameters to the foreman-installer, if your values deviate from the default settings:
= Module foreman_proxy_plugin_salt:
--foreman-proxy-plugin-salt-api Use Salt API (current: true)
--foreman-proxy-plugin-salt-api-auth Salt API auth mechanism (current: "pam")
--foreman-proxy-plugin-salt-api-password Salt API password (current: "password")
--foreman-proxy-plugin-salt-api-url Salt API URL (current: "https://foreman.example.com:9191")
--foreman-proxy-plugin-salt-api-username Salt API username (current: "saltuser")
--foreman-proxy-plugin-salt-autosign-file File to use for salt autosign (current: "/etc/salt/autosign.conf")
--foreman-proxy-plugin-salt-saltfile Path to Saltfile (current: UNDEF)
--foreman-proxy-plugin-salt-user User to run salt commands under (current: "root")
To be precise, the foreman-installer will configure the foreman smart-proxy with these parameters, because that is the service that will send stuff to your hosts and your salt-master.
As a test I have salt and foreman running on the same instance today, so if I can’t get the two system solution to work I’ll stick with the single system.
What is the best way to install the smart-proxy on the separate salt/ master?