It would be nice to use Salt and Chef similar to Ansible:
@dLobatog / @Marek_Hulan, how can we add this functionality to salt / chef? Is this something we can adapt from ansible? Is it possible to reuse the functionality from salt / move it to Foreman core or to remote execution so that it doesn’t need to be copied?
Best regards
Bernhard
In fact one can run chef-client on demand already thanks to https://github.com/theforeman/foreman_chef/tree/v0.8.1/app/views/job_templates and see it’s output. That same could be achieved with Salt as long as you’re fine with triggering the run via SSH.
If you think more in terms of chef push jobs, then it would be interesting to add a new REX provider, that would be using knife exec to run such jobs. In that case, job template could be written as a chef job. I suppose for Salt there’s something similar based on some messaging queue.
If you decide to implement new REX provider, I think it should exist in foreman_chef / foreman_salt like with foreman_ansible.
This would we the best way to go.
Ansible would be a good starting point. I know next to nothing about chef, but I’ve used salt a bit, I think implementing an initial POC should be pretty straight forward.
If you need a hand feel free to reach out to me, I wouldn’t mind doing some happy hacking on this.
Thanks @aruzicka for your offer. Very appreciated. I added a PR to support REX on foreman_salt: https://github.com/theforeman/foreman_salt/pull/100
Right now, it would use the REX way if REX plugin is available. Otherwise, it will run salt apply.highstate on the smart proxy (which was used previously). I don’t know if this make sense or if there should be a option on salt to let the user decide, if REX or smart proxy salt run should be used.
I guess, if REX Salt Provider would exist, this would mean, that the salt run would be again started from the smart proxy and not via salt-call on the host itself.
The PR makes it behave in a way similar to Puppet Run Once[1], but I’m not sure if there’s a need for this in salt. In puppet there is no way (as far as I know) to “push” the job to the client. Not sure if this brings any value in Salt, apart from live outputs and progress tracking, where we have the ability to push from proxy to the minions.
Yes, having a REX provider for Salt would mean the users could use REX job templates which would then get translated into one (or more) salt $HOSTNAME $FUNCTION $ARGS calls on the proxy.