Project

General

Profile

Actions
Copy link

Bug #24250

open

Autosign hosts not working

Added by Michał Matuszak almost 6 years ago. Updated about 5 years ago.

Status:
New
Priority:
Immediate
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Hello,

According to this: https://theforeman.org/plugins/foreman_salt/7.0/index.html I configured foreman salt plugin. Everything works fine except that my host isn't autosigned. I have to manually accept its key into the foreman web gui (salt_keys page).

Here it's some debug information from log after provisioning (the same appears after preseeding):

D, [2018-07-13T10:35:05.441102 ] DEBUG -- : accept: 172.18.0.1:57674
D, [2018-07-13T10:35:05.449991 ] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2018-07-13T10:35:05.451295 0f804661] DEBUG -- : Found salt-key at /usr/bin/salt-key
D, [2018-07-13T10:35:05.451491 0f804661] DEBUG -- : Found salt at /usr/bin/salt
D, [2018-07-13T10:35:05.451762 0f804661] DEBUG -- : Found sudo at /usr/bin/sudo
D, [2018-07-13T10:35:05.451863 0f804661] DEBUG -- : Executing /usr/bin/sudo u root /usr/bin/salt-key --finger-all --output=json
I, [2018-07-13T10:35:09.262949 0f804661] INFO - : 172.18.0.1 - - [13/Jul/2018:10:35:09 +0000] "GET /salt/key HTTP/1.1" 200 2 3.8120

172.18.0.1 - - [13/Jul/2018:10:35:05 UTC] "GET /salt/key HTTP/1.1" 200 2
- > /salt/key
D, [2018-07-13T10:35:09.307187 ] DEBUG - : close: 172.18.0.1:57674

No entry appears in /etc/salt/autosign.conf

VERSIONS:

foreman: 1.17.1
foreman-proxy: 1.17.1
ruby-foreman-salt 10.0.0
ruby-smart-proxy-salt 2.1.9
salt-master 2018.3.2
salt-api 2018.3.2

Actions
Copy link
 #1

Updated by Brent Wells about 5 years ago

This is still an issue with the latest version of foreman/katello.

VERSIONS:

foreman-release-1.20.2
foreman-proxy-1.20.2
tfm-rubygem-foreman_salt-10.1.0-2
salt-master 2019.2.0-1
salt-api 2019.2.0.-1

Actions
Copy link
 #2

Updated by Brent Wells about 5 years ago

  • Priority changed from Normal to Immediate
Actions
Copy link
 #3

Updated by Bernhard Suttner about 5 years ago

AFAIK, the autosign feature is not used for new hosts provisioned with foreman. Currently it (should) work like this:
- host provisioning starts.
- salt-minion is installed on host
- salt-call on host is executed which will tell salt-master (=foreman) that there is a new salt-minion. This will add a unaccepted salt key
- host provisioning ended -> host is built. At this step, the salt key of the host (found by the fqdn) will be accepted automatically

=> There shouldn't be a need to accept the salt key manually and no salt autosign should be necessary for new provisioned hosts.

Which provisioning template / OS did you use?

Actions
Copy link

Also available in: Atom PDF