Plugins » Salt

To improve the integration of saltstack, it would be nice to see the key-state of a minion in its host-properties on the "Hosts"-page. The state is always on of:

accepted
pre
denied
rejected

Storing that state as a host-property and offering an API-call to update it, would also be required to keep that info up-to-date. Keeping it up to date can be achieved in several ways.

- on the salt-master using an "auth"-reactor with a foreman-api-runner
- a cronjob on a master that syncs the key-store via the salt-api and the foreman-api
- a foreman-task which refreshes the keystore of a smart-proxy-salt periodically
- and probably more...

The proper way is for the user to decide depending on his environment.

Even though that key-state-information is already available in foreman within the smart-proxy-salt, it is not really usable for environments with multiple salt-masters and thousands of minions, where minions might also switch to a different master if configured to failover (master_type: failover).
In an environment like this it will also be necessary to keep the smart-proxy-id of a minion up to date using the approaches described above.

If both settings (key-state and smart-proxy-id) are kept up to date properly, foreman can be an awesome interface for managing salt-states and -keys and can also be used for external clients to retrieve minion-master-mapping information for Multimaster-setups.