Problem:
When configuring Salt plugin for Foreman it is required to configure root as the SALT_COMMAND_USER in /
When I used the dedicated user recommended by the documentation I received an error in the UI (see details at the end) but when I switched to root, it worked fine. A while ago I had a similar issue when importing Salt states and I discovered a reported bug in Foreman redmine. Note that this bug was caused by Cherrypy 3.5.0 which had to be downgraded.
Seems the problem is with the saltuser not having access to /var/log/salt/master (which is owned by root).
/usr/bin/sudo -u saltuser /usr/bin/salt --async myServer state.highstate
No permissions to access "/var/log/salt/master", are you running as the correct user?
Is that expected or should salt have installed a user and group that govern the salt related files?
I wouldn’t mind to create such a group and user by hand but I guess future upgrades will revert the changes?
Expected outcome:
Foreman UI should be able to “run Salt” for a host with the saltuser user that was created during plugin installation.
Foreman and Proxy versions:
Foreman 1.18.1
ruby-foreman-salt/plugins,plugins,now 10.1.0-1 all [installed]
Salt and Proxy plugin versions:
ruby-smart-proxy-salt/plugins,plugins,now 2.1.9-1 all [installed]
ruby-foreman-salt/plugins,plugins,now 10.1.0-1 all [installed]
salt-api/unknown,unknown,now 2018.3.2+ds-1 all [installed]
Other relevant data:
/var/log/proxy/proxy.log
I, [2018-08-23T10:33:49.974925 af125ff0] INFO -- : Will run state.highstate for myServer. Full command: /usr/bin/sudo -u saltuser /usr/bin/salt --async myServer h state.highstate
I, [2018-08-23T10:33:50.124926 af125ff0] INFO -- : Result:
W, [2018-08-23T10:33:50.125083 af125ff0] WARN -- : Non-null exit code when executing '["/usr/bin/sud o", "-u", "saltuser", "/usr/bin/salt", "--async", "myServer", "state.highstate"] '
E, [2018-08-23T10:33:50.125326 af125ff0] ERROR -- : Failed salt run for myServer
: Check Log files
The files in /var/log/salt/master are owned by root and only writeable by the owner:
$ ls -la /var/log/salt/
total 146684
drwxr-s--- 2 root adm 4096 Aug 19 06:25 .
drwxr-xr-x 14 root syslog 4096 Aug 23 06:25 ..
-rw-r----- 1 root adm 120168209 Aug 20 11:28 api
-rw-r--r-- 1 root adm 0 Jul 20 09:35 key
-rw-r----- 1 root adm 6052 Aug 21 10:21 master
-rw-r----- 1 root adm 213 Aug 17 09:57 master.1.gz
-rw-r----- 1 root adm 2110459 Aug 7 20:57 master.2.gz
-rw-r----- 1 root adm 5519892 Aug 5 06:25 master.3.gz
-rw-r----- 1 root adm 16319 Jul 26 15:00 master.4.gz
-rw-r----- 1 root adm 2753 Jul 20 16:00 master.5.gz
-rw-r----- 1 root adm 0 Aug 5 06:25 minion
-rw-r----- 1 root adm 220 Jul 30 13:06 minion.1.gz
-rw-r----- 1 root adm 218 Jul 26 14:29 minion.2.gz
-rw-r----- 1 root adm 83047 Jul 20 14:28 minion.3.gz
-rw-r----- 1 root adm 22254107 Aug 23 10:45 syndic