Hi all,
Problem: I have no reports from my Minion.
And also Foreman doesn’t add the minion to Hosts by itself as soon as the key is accepted.
Foreman and Proxy versions:
I’m using Salt Master - 2018.3.2 version
Salt Minion - 2018.3.2
Foreman-installer - 1.17.1-1
Salt API - 2018.3.2
CherryPy as a REST API for Salt.
I can accept/delete the key from the Foreman interface. Here I don’ have the host of Minion automatically added… If I create it by myself - I can run “Run Salt” command to apply the states.
I think that the problem is in the certificates. I am a little bit confused, which certificate where I need to put in config files.
I have one machine with Foreman and Salt Master – 10.11.49.117, dns: cosmoforeman.cosmo-foreman.com
Another is Salt minion
I have generated the TLS key as it is mentioned there: https://salt-api.readthedocs.io/en/latest/ref/netapis/all/saltapi.netapi.rest_cherrypy.html#a-rest-api-for-salt
So, in /etc/salt/master I have:
interface: 10.11.49.117
external_auth:
pam:
saltuser:
- .*
- ‘@runner’
rest_cherrypy:
port: 9191
host: 0.0.0.0
ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/cosmoforeman.cosmo-foreman.com.pem
ssl_crt: /etc/puppetlabs/puppet/ssl/certs/cosmoforeman.cosmo-foreman.com.pem
In /etc/foreman-proxy/settings.d/salt.yml :
:enabled: https
:autosign_file: /etc/salt/autosign.conf
:salt_command_user: root
:use_api: true
:api_url: https://cosmoforeman.cosmo-foreman.com:9191
:api_auth: pam
in /etc/salt/foreman.yaml
:proto: https
:host: cosmoforeman.cosmo-foreman.com
:port: 443
:ssl_ca: “/etc/puppetlabs/puppet/ssl/certs/ca.pem”
:ssl_cert: “/etc/puppetlabs/puppet/ssl/private_keys/cosmoforeman.cosmo-foreman.com.pem”
:ssl_key: “/etc/puppetlabs/puppet/ssl/certs/cosmoforeman.cosmo-foreman.com.pem”
:timeout: 10
:salt: /usr/bin/salt
:upload_grains: true
Do you see the problem?
Could it be because I am using Salt 2018.3.2 version?
Thank you in advance!