Sorry, my fault. Seems we really need to create a saltuser, and the disable_ssl option was not a good idea.
Works fine now Le mercredi 8 février 2017 16:57:52 UTC+1, fbo a écrit : > > Hi, > > I recently installed The Foreman on a server, and moved our Salt Master > also on it ( previous master was on a RedHat 6.6 ). I'm trying to get the > salt reports on foreman and having issues with configuration. > > Here are the config files : > > - /etc/salt/master : > external_auth: > pam: > root: > - '@runner' > > rest_cherrypy: > port: 9191 > host: 10.0.244.110 > disable_ssl: true > ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/testserver.pem > ssl_crt: /etc/puppetlabs/puppet/ssl/certs/testserver.pem > webhook_disable_auth: True > > - /etc/foreman-proxy/settings.d/salt.yml : > :enabled: https > :autosign_file: /etc/salt/autosign.conf > :salt_command_user: root > # Some features require using the Salt API - such as listing environments > and retrieving state info > :use_api: true > :api_url: https://testserver:9191 > :api_auth: pam > :api_username: root > :api_password: <removed> > > The important lines in proxy log file /var/log/foreman-proxy/proxy.log : > > W, [2017-02-08T16:10:55.438461 ] WARN -- : TCPServer Error: Address > already in use - bind(2) > ... > E, [2017-02-08T16:31:53.172904 ] ERROR -- : Failed to list environments: > SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown > protocol > D, [2017-02-08T16:31:53.173046 ] DEBUG -- : Failed to list environments: > SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown > protocol > > They don't seem to communicate, probably for authentification reasons. I > tried to replace the saltuser with root user, and to disable security to > see if it works, but still got this error. > I tried to look for different values for api_auth also but couldn't find > any doc > > Any idea why ? Or a simple procedure to configure this ? Both run on the > same server, no particular need for a specific Salt user. > > Thanks for your help > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
