Salt Stack Installation
Salt Master Installation
We will perform these install processes on both the Master server and the Minion server. The first step is to make sure our system packages are up to date
# apt-get update
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease
Ign:1 https://pkg.jenkins.io/debian-stable binary/ InRelease
Hit:3 https://download.docker.com/linux/ubuntu bionic InRelease
Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:5 https://pkg.jenkins.io/debian-stable binary/ Release [2,044 B]
Get:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:7 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:21 http://archive.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1,126 kB]
Get:22 http://archive.ubuntu.com/ubuntu bionic-security/universe Translation-en [254 kB]
Get:23 http://archive.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [19.2 kB]
Fetched 9,091 kB in 12s (765 kB/s)
Reading package lists... Done
we need to download the repository key for SaltStack and import it into our system.
# wget -O- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
--2021-05-24 07:21:50-- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub
Resolving repo.saltstack.com (repo.saltstack.com)... 52.84.49.74, 52.84.49.124, 52.84.49.42, ...
Connecting to repo.saltstack.com (repo.saltstack.com)|52.84.49.74|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
HTTP request sent, awaiting response... 200 OK
Length: 1727 (1.7K) [application/octet-stream]
Saving to: ‘STDOUT’
- 100%[============================================================================>] 1.69K --.-KB/s in 0s
2021-05-24 07:21:51 (46.1 MB/s) - written to stdout [1727/1727]
OK
Next, we can add the repository itself.
# echo "deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main" | sudo tee /etc/apt/sources.list.d/saltstack.list
deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main
Now, we need to update our repo list so our available system packages are up to date.
#apt-get update
Let's install SaltStack Master packages.
#apt -y install salt-API salt-cloud salt-master salt-ssh salt-syndic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
default-jdk-headless linux-modules-4.15.0-46-generic openjdk-11-jdk-headless
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
ieee-data libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-cherrypy3 python3-contextvars python3-croniter python3-crypto python3-dateutil python3-distro
python3-git python3-gitdb python3-gnupg python3-immutables python3-libcloud python3-lockfile python3-msgpack python3-netaddr python3-psutil
python3-pycryptodome python3-repoze.lru python3-routes python3-simplejson python3-smmap python3-tz python3-webob python3-zmq salt-common
Suggested packages:
python-crypto-doc python-git-doc python-lockfile-doc ipython3 python-netaddr-docs python-psutil-doc python3-paste python3-nose python-webob-doc
python3-botocore ifupdown python3-pycurl
The following NEW packages will be installed:
ieee-data libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-cherrypy3 python3-contextvars python3-croniter python3-crypto python3-dateutil python3-distro
python3-git python3-gitdb python3-gnupg python3-immutables python3-libcloud python3-lockfile python3-msgpack python3-netaddr python3-psutil
python3-pycryptodome python3-repoze.lru python3-routes python3-simplejson python3-smmap python3-tz python3-webob python3-zmq salt-api salt-cloud
salt-common salt-master salt-ssh salt-syndic
0 upgraded, 34 newly installed, 0 to remove and 134 not upgraded.
Need to get 17.3 MB of archives.
.
.
.
Setting up libzmq5:amd64 (4.2.5-1ubuntu0.2) ...
Setting up python3-git (2.1.8-1) ...
Setting up python3-croniter (0.3.12-2) ...
Setting up python3-zmq (17.1.2-3ubuntu1) ...
Setting up salt-common (3003+ds-1) ...
Setting up salt-cloud (3003+ds-1) ...
Setting up salt-ssh (3003+ds-1) ...
Setting up salt-master (3003+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /lib/systemd/system/salt-master.service.
Setting up salt-api (3003+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-api.service → /lib/systemd/system/salt-api.service.
Setting up salt-syndic (3003+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /lib/systemd/system/salt-syndic.service.
Processing triggers for libc-bin (2.27-3ubuntu1.2) ...
Processing triggers for systemd (237-3ubuntu10.38) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for ufw (0.35-5) ...
Salt Master Configuration
Using text editor, open the file /etc/salt/master and find the following line #interface: 0.0.0.0 and replace the master ip
interface: 192.168.1.23
Once you have updated the configuration file, you need to restart the Salt Master with the given below command.
#systemctl restart salt-master.service
Let's create a key that will be used by the minions to connect to the master nodes
# salt-key -F master
Local Keys:
master.pem: 7d:15:a4:72ed:7c:a8:48:fa:5a:08:9c:61:c0:99:d5:29:0b:5b:6f:45:4b:2b:5c:d4:26:e4:ba:e8:e9:0d:86
master.pub: fd:0f:be:e2:3e:03:6f:e3:b6:fc:4c:6d:a0:04:fc:c5:c2:13:13:a2:6d:06:d6:e3:a8:63:bf:aa:1d:46:c5:94
Make note of the master.pub key as we will need to add it into the configuration on the salt minion,By default, Salt uses ports 4505 and 4506.
#ufw allow proto tcp from any to any port 4505,4506
Rules updated
Rules updated (v6)
Salt Minion Installation
Install the software on our minion server.
# apt -y install salt-minion
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
dctrl-tools debconf debconf-i18n debconf-utils libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-croniter python3-crypto python3-dateutil python3-debconf
python3-msgpack python3-psutil python3-tornado python3-tz python3-zmq salt-common
Suggested packages:
debtags debconf-doc libterm-readline-gnu-perl libgtk3-perl libnet-ldap-perl libqtgui4-perl libqtcore4-perl python-crypto-doc python-psutil-doc
python3-pycurl python-tornado-doc python3-mako salt-doc python3-augeas
Recommended packages:
sfdisk
The following NEW packages will be installed:
dctrl-tools debconf-utils libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-croniter python3-crypto python3-dateutil python3-msgpack python3-psutil
python3-tornado python3-tz python3-zmq salt-common salt-minion
The following packages will be upgraded:
debconf debconf-i18n python3-debconf
3 upgraded, 16 newly installed, 0 to remove, and 138 not upgraded.
Need to get 5,139 kB of archives.
Selecting previously unselected package libnorm1:amd64.
Preparing to unpack .../02-libnorm1_1.5r6+dfsg1-6_amd64.deb ...
Unpacking libnorm1:amd64 (1.5r6+dfsg1-6) ...
Selecting previously unselected package libpgm-5.2-0:amd64.
Preparing to unpack .../03-libpgm-5.2-0_5.2.122~dfsg-2_amd64.deb ...
Unpacking libpgm-5.2-0:amd64 (5.2.122~dfsg-2) ...
Selecting previously unselected package libsodium23:amd64.
Preparing to unpack .../04-libsodium23_1.0.16-2_amd64.deb ...
Unpacking libsodium23:amd64 (1.0.16-2) ...
Selecting previously unselected package libzmq5:amd64.
Preparing to unpack .../05-libzmq5_4.2.5-1ubuntu0.2_amd64.deb ...
Unpacking libzmq5:amd64 (4.2.5-1ubuntu0.2) ...
Selecting previously unselected package python3-dateutil.
Preparing to unpack .../06-python3-dateutil_2.6.1-1_all.deb ...
Unpacking python3-dateutil (2.6.1-1) ...
Selecting previously unselected package python3-tz.
Preparing to unpack .../07-python3-tz_2018.3-2_all.deb ...
Unpacking python3-tz (2018.3-2) ...
Selecting previously unselected package python3-croniter.
Preparing to unpack .../14-salt-common_2017.7.4+dfsg1-1ubuntu18.04.2_all.deb ...
Unpacking salt-common (2017.7.4+dfsg1-1ubuntu18.04.2) ...
Selecting previously unselected package salt-minion.
Preparing to unpack .../15-salt-minion_2017.7.4+dfsg1-1ubuntu18.04.2_all.deb ...
Unpacking salt-minion (2017.7.4+dfsg1-1ubuntu18.04.2) ...
.
.
Setting up libzmq5:amd64 (4.2.5-1ubuntu0.2) ...
Setting up python3-croniter (0.3.12-2) ...
Setting up salt-common (2017.7.4+dfsg1-1ubuntu18.04.2) ...
Setting up python3-zmq (16.0.2-2build2) ...
Setting up salt-minion (2017.7.4+dfsg1-1ubuntu18.04.2) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /lib/systemd/system/salt-minion.service.
Processing triggers for libc-bin (2.27-3ubuntu1.2) ...
Processing triggers for systemd (237-3ubuntu10.38) ...
Processing triggers for ureadahead (0.100.0-20) ...
Minion Configuration
By default, a Salt Minion will try to connect to the DNS name if the Minion can resolve that name correctly. Set DNS name of the Salt Master on /etc/hosts
#cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.1.23 saltmaster.zippyops.com
Set Minion ID on /etc/salt/minion_id:
#cat minion_id
ubuntu-01
Next, copy the master.pub fingerprint we created on the master server and then set this value as the master_finger in the minion configuration file.
# "salt-key -f master.pub" on the Salt master.
master_finger: 'fd:0f:be:e2:3e:03:6f:e3:b9:fc:4c:6d:a0:04:fc:c5:c2:13:13:a2:3d:06:d6:e3:a8:64:bf:aa:1d:46:c5:92'
If we make any change like setting IP address of the master on /etc/salt/minion, we’ll need to restart salt-minion service
#systemctl restart salt-minion
Login to the salt-master server and list/check for the Accepted Keys using the following command.
# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
ubuntu-01
Rejected Keys:
Next, we will accept the salt key for the minion on the salt-master server.
# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
ubuntu-01
Proceed? [n/Y] y
Key for minion ubuntu-01 accepted.
From the output, we can confirm that the key has been added to the Accepted keys list.
# salt-key -L
Accepted Keys:
ubuntu-01
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Check Minion Key Fingerprint
Run the following command on each Salt minion to view the minion key fingerprint
# salt-call --local key.finger
local:
8f:c3:9a:ba:ba:8c:f3:70:1b:50:06:c1:a3:e4:7d:64:a1:e9:a5:b7:a3:d7:2b:cd:15:4a:71:68:ad:76:a3:0c
Test Master Minion Communication
Verify the communication between the Master and a Minion by running the test. ping command:
#salt ubuntu-01 test.ping
ubuntu-01:
True
Successfully ping the minions
Relevant Blogs:
Recent Comments
No comments
Leave a Comment
We will be happy to hear what you think about this post