I recently installed The Foreman on a server, and moved our Salt Master
also on it ( previous master was on a RedHat 6.6 ). I'm trying to get the
salt reports on foreman and having issues with configuration.
Some features require using the Salt API - such as listing environments
and retrieving state info
:use_api: true
:api_url: https://testserver:9191
:api_auth: pam
:api_username: root
:api_password: <removed>
The important lines in proxy log file /var/log/foreman-proxy/proxy.log :
W, [2017-02-08T16:10:55.438461 ] WARN – : TCPServer Error: Address
already in use - bind(2)
…
E, [2017-02-08T16:31:53.172904 ] ERROR – : Failed to list environments:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
protocol
D, [2017-02-08T16:31:53.173046 ] DEBUG – : Failed to list environments:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
protocol
They don't seem to communicate, probably for authentification reasons. I
tried to replace the saltuser with root user, and to disable security to
see if it works, but still got this error.
I tried to look for different values for api_auth also but couldn't find
any doc
Any idea why ? Or a simple procedure to configure this ? Both run on the
same server, no particular need for a specific Salt user.
Sorry, my fault. Seems we really need to create a saltuser, and the
disable_ssl option was not a good idea.
Works fine now
···
Le mercredi 8 février 2017 16:57:52 UTC+1, fbo a écrit :
>
> Hi,
>
> I recently installed The Foreman on a server, and moved our Salt Master
> also on it ( previous master was on a RedHat 6.6 ). I'm trying to get the
> salt reports on foreman and having issues with configuration.
>
> Here are the config files :
>
> - /etc/salt/master :
> external_auth:
> pam:
> root:
> - '@runner'
>
> rest_cherrypy:
> port: 9191
> host: 10.0.244.110
> disable_ssl: true
> ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/testserver.pem
> ssl_crt: /etc/puppetlabs/puppet/ssl/certs/testserver.pem
> webhook_disable_auth: True
>
> - /etc/foreman-proxy/settings.d/salt.yml :
> :enabled: https
> :autosign_file: /etc/salt/autosign.conf
> :salt_command_user: root
> # Some features require using the Salt API - such as listing environments
> and retrieving state info
> :use_api: true
> :api_url: https://testserver:9191
> :api_auth: pam
> :api_username: root
> :api_password:
>
> The important lines in proxy log file /var/log/foreman-proxy/proxy.log :
>
> W, [2017-02-08T16:10:55.438461 ] WARN -- : TCPServer Error: Address
> already in use - bind(2)
> ...
> E, [2017-02-08T16:31:53.172904 ] ERROR -- : Failed to list environments:
> SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
> protocol
> D, [2017-02-08T16:31:53.173046 ] DEBUG -- : Failed to list environments:
> SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
> protocol
>
> They don't seem to communicate, probably for authentification reasons. I
> tried to replace the saltuser with root user, and to disable security to
> see if it works, but still got this error.
> I tried to look for different values for api_auth also but couldn't find
> any doc
>
> Any idea why ? Or a simple procedure to configure this ? Both run on the
> same server, no particular need for a specific Salt user.
>
> Thanks for your help
>