RFC: Provide Salt Master example configuration via foreman-installer


I’m currently working on the Foreman Salt plugin and I would like to discuss a possible improvement concerning the installation:

Right after the installation via foreman-installer --enable-foreman-proxy-plugin-salt, a couple of steps have to be performed which add content to the /etc/salt/master configuration. You can see them here in the plugin manual. I summarized these steps in an example configuration which you can find on GitHub here.

Most of the changes which are made manually by now are actually known in the foreman-installer already. Therefore, I want to make the proposal of writing this configuration file as /etc/salt/master.d/foreman.conf.example during the plugin installation. This would accelerate the installation process since the admin just has to check the .example file and can start using it directly, if it seems alright for the setup. Moroever, it would minimize the plugin installation manual.
A disadvantage could be the growing complexity of foreman-installer. So, I have a couple of questions:

  • Is it appropriate to use the foreman-installer for writing/adding configurations like I want to?
  • Is the foreman-installer used to write configurations in /etc/some_software already? - do we have another plugin which does something similar?
  • I believe, I would have to make changes to puppet-foreman_proxy. Would you either:
    • Ship some foreman.conf.example.erb template within puppet-foreman_proxy or
    • Ship it within smart_proxy_salt via foreman-packaging or
    • Go a different way, I didn’t think of by now?

Looking forward to your feedback!


I could be wrong, but my understanding is that the foreman-installer currently does everything under the Sun and more.

The one thing I think you may want to put some thought into, is whether the salt master must always run on the Foreman instance. I believe there is a scenario where a pre-existing salt master can be combined with a Foreman instance, by installing the relevant smart proxy component on the salt master host. (Not sure how often that actually happens though).

A bit late to the party, but I’d be open to this. I don’t know how to manage salt myself, but can review patches.

To address @quba42’s concern you can add options to point to a remote instance and detect that you don’t need to manage salt. This can be like an optional URL and empty means installing the Salt master. It can also be an explicit boolean, depending on what makes most sense for Salt.