Project

General

Profile

Actions

Feature #12196

open

Improve salt-integration

Added by Volker None about 9 years ago. Updated about 9 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

To improve the integration of saltstack, it would be nice to see the key-state of a minion in its host-properties on the "Hosts"-page. The state is always on of:

accepted
pre
denied
rejected

Storing that state as a host-property and offering an API-call to update it, would also be required to keep that info up-to-date. Keeping it up to date can be achieved in several ways.

- on the salt-master using an "auth"-reactor with a foreman-api-runner
- a cronjob on a master that syncs the key-store via the salt-api and the foreman-api
- a foreman-task which refreshes the keystore of a smart-proxy-salt periodically
- and probably more...

The proper way is for the user to decide depending on his environment.

Even though that key-state-information is already available in foreman within the smart-proxy-salt, it is not really usable for environments with multiple salt-masters and thousands of minions, where minions might also switch to a different master if configured to failover (master_type: failover).
In an environment like this it will also be necessary to keep the smart-proxy-id of a minion up to date using the approaches described above.

If both settings (key-state and smart-proxy-id) are kept up to date properly, foreman can be an awesome interface for managing salt-states and -keys and can also be used for external clients to retrieve minion-master-mapping information for Multimaster-setups.

Actions

Also available in: Atom PDF