Hi,

I recently installed The Foreman on a server, and moved our Salt Master
also on it ( previous master was on a RedHat 6.6 ). I'm trying to get the
salt reports on foreman and having issues with configuration.

Here are the config files :

• /etc/salt/master :
  external_auth:
  pam:
  root:
  - '@runner'

rest_cherrypy:
port: 9191
host: 10.0.244.110
disable_ssl: true
ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/testserver.pem
ssl_crt: /etc/puppetlabs/puppet/ssl/certs/testserver.pem
webhook_disable_auth: True

• /etc/foreman-proxy/settings.d/salt.yml :
  :enabled: https
  :autosign_file: /etc/salt/autosign.conf
  :salt_command_user: root

Some features require using the Salt API - such as listing environments

and retrieving state info
:use_api: true
:api_url: https://testserver:9191
:api_auth: pam
:api_username: root
:api_password: <removed>

The important lines in proxy log file /var/log/foreman-proxy/proxy.log :

W, [2017-02-08T16:10:55.438461 ] WARN – : TCPServer Error: Address
already in use - bind(2)
…
E, [2017-02-08T16:31:53.172904 ] ERROR – : Failed to list environments:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
protocol
D, [2017-02-08T16:31:53.173046 ] DEBUG – : Failed to list environments:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown
protocol

They don't seem to communicate, probably for authentification reasons. I
tried to replace the saltuser with root user, and to disable security to
see if it works, but still got this error.
I tried to look for different values for api_auth also but couldn't find
any doc

Any idea why ? Or a simple procedure to configure this ? Both run on the
same server, no particular need for a specific Salt user.

Thanks for your help

Sorry, my fault. Seems we really need to create a saltuser, and the
disable_ssl option was not a good idea.

Works fine now