Salt Stack Installation

Salt Master Installation

We will perform these install processes on both the Master server and the Minion server. The first step is to make sure our system packages are up to date

# apt-get update

Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease

Ign:1 https://pkg.jenkins.io/debian-stable binary/ InRelease

Hit:3 https://download.docker.com/linux/ubuntu bionic InRelease

Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]

Get:5 https://pkg.jenkins.io/debian-stable binary/ Release [2,044 B]

Get:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]

Get:7 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]

Get:21 http://archive.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1,126 kB]

Get:22 http://archive.ubuntu.com/ubuntu bionic-security/universe Translation-en [254 kB]

Get:23 http://archive.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [19.2 kB]

Fetched 9,091 kB in 12s (765 kB/s)

Reading package lists... Done


we need to download the repository key for SaltStack and import it into our system.

# wget -O- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -

--2021-05-24 07:21:50-- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub

Resolving repo.saltstack.com (repo.saltstack.com)... 52.84.49.74, 52.84.49.124, 52.84.49.42, ...

Connecting to repo.saltstack.com (repo.saltstack.com)|52.84.49.74|:443... connected.

HTTP request sent, awaiting response... 301 Moved Permanently

HTTP request sent, awaiting response... 200 OK

Length: 1727 (1.7K) [application/octet-stream]

Saving to: ‘STDOUT’


- 100%[============================================================================>] 1.69K --.-KB/s in 0s


2021-05-24 07:21:51 (46.1 MB/s) - written to stdout [1727/1727]


OK


Next, we can add the repository itself.

# echo "deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main" | sudo tee /etc/apt/sources.list.d/saltstack.list

deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main


Now, we need to update our repo list so our available system packages are up to date.

#apt-get update


Let's install SaltStack Master packages.

#apt -y install salt-API salt-cloud salt-master salt-ssh salt-syndic

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following packages were automatically installed and are no longer required:

default-jdk-headless linux-modules-4.15.0-46-generic openjdk-11-jdk-headless

Use 'sudo apt autoremove' to remove them.

The following additional packages will be installed:

ieee-data libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-cherrypy3 python3-contextvars python3-croniter python3-crypto python3-dateutil python3-distro

python3-git python3-gitdb python3-gnupg python3-immutables python3-libcloud python3-lockfile python3-msgpack python3-netaddr python3-psutil

python3-pycryptodome python3-repoze.lru python3-routes python3-simplejson python3-smmap python3-tz python3-webob python3-zmq salt-common

Suggested packages:

python-crypto-doc python-git-doc python-lockfile-doc ipython3 python-netaddr-docs python-psutil-doc python3-paste python3-nose python-webob-doc

python3-botocore ifupdown python3-pycurl

The following NEW packages will be installed:

ieee-data libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-cherrypy3 python3-contextvars python3-croniter python3-crypto python3-dateutil python3-distro

python3-git python3-gitdb python3-gnupg python3-immutables python3-libcloud python3-lockfile python3-msgpack python3-netaddr python3-psutil

python3-pycryptodome python3-repoze.lru python3-routes python3-simplejson python3-smmap python3-tz python3-webob python3-zmq salt-api salt-cloud

salt-common salt-master salt-ssh salt-syndic

0 upgraded, 34 newly installed, 0 to remove and 134 not upgraded.

Need to get 17.3 MB of archives.

.

.

.

Setting up libzmq5:amd64 (4.2.5-1ubuntu0.2) ...

Setting up python3-git (2.1.8-1) ...

Setting up python3-croniter (0.3.12-2) ...

Setting up python3-zmq (17.1.2-3ubuntu1) ...

Setting up salt-common (3003+ds-1) ...

Setting up salt-cloud (3003+ds-1) ...

Setting up salt-ssh (3003+ds-1) ...

Setting up salt-master (3003+ds-1) ...

Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /lib/systemd/system/salt-master.service.

Setting up salt-api (3003+ds-1) ...

Created symlink /etc/systemd/system/multi-user.target.wants/salt-api.service → /lib/systemd/system/salt-api.service.

Setting up salt-syndic (3003+ds-1) ...

Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /lib/systemd/system/salt-syndic.service.

Processing triggers for libc-bin (2.27-3ubuntu1.2) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-20) ...

Processing triggers for ufw (0.35-5) ...

Salt Master Configuration

Using text editor, open the file /etc/salt/master and find the following line #interface: 0.0.0.0 and replace the master ip

interface: 192.168.1.23

Once you have updated the configuration file, you need to restart the Salt Master with the given below command.

#systemctl restart salt-master.service

Let's create a key that will be used by the minions to connect to the master nodes

# salt-key -F master

Local Keys:

master.pem: 7d:15:a4:72ed:7c:a8:48:fa:5a:08:9c:61:c0:99:d5:29:0b:5b:6f:45:4b:2b:5c:d4:26:e4:ba:e8:e9:0d:86

master.pub: fd:0f:be:e2:3e:03:6f:e3:b6:fc:4c:6d:a0:04:fc:c5:c2:13:13:a2:6d:06:d6:e3:a8:63:bf:aa:1d:46:c5:94

Make note of the master.pub key as we will need to add it into the configuration on the salt minion,By default, Salt uses ports 4505 and 4506.

#ufw allow proto tcp from any to any port 4505,4506

Rules updated

Rules updated (v6)

Salt Minion Installation

Install the software on our minion server.

# apt -y install salt-minion

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following additional packages will be installed:

dctrl-tools debconf debconf-i18n debconf-utils libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-croniter python3-crypto python3-dateutil python3-debconf

python3-msgpack python3-psutil python3-tornado python3-tz python3-zmq salt-common

Suggested packages:

debtags debconf-doc libterm-readline-gnu-perl libgtk3-perl libnet-ldap-perl libqtgui4-perl libqtcore4-perl python-crypto-doc python-psutil-doc

python3-pycurl python-tornado-doc python3-mako salt-doc python3-augeas

Recommended packages:

sfdisk

The following NEW packages will be installed:

dctrl-tools debconf-utils libnorm1 libpgm-5.2-0 libsodium23 libzmq5 python3-croniter python3-crypto python3-dateutil python3-msgpack python3-psutil

python3-tornado python3-tz python3-zmq salt-common salt-minion

The following packages will be upgraded:

debconf debconf-i18n python3-debconf

3 upgraded, 16 newly installed, 0 to remove, and 138 not upgraded.

Need to get 5,139 kB of archives.

Selecting previously unselected package libnorm1:amd64.

Preparing to unpack .../02-libnorm1_1.5r6+dfsg1-6_amd64.deb ...

Unpacking libnorm1:amd64 (1.5r6+dfsg1-6) ...

Selecting previously unselected package libpgm-5.2-0:amd64.

Preparing to unpack .../03-libpgm-5.2-0_5.2.122~dfsg-2_amd64.deb ...

Unpacking libpgm-5.2-0:amd64 (5.2.122~dfsg-2) ...

Selecting previously unselected package libsodium23:amd64.

Preparing to unpack .../04-libsodium23_1.0.16-2_amd64.deb ...

Unpacking libsodium23:amd64 (1.0.16-2) ...

Selecting previously unselected package libzmq5:amd64.

Preparing to unpack .../05-libzmq5_4.2.5-1ubuntu0.2_amd64.deb ...

Unpacking libzmq5:amd64 (4.2.5-1ubuntu0.2) ...

Selecting previously unselected package python3-dateutil.

Preparing to unpack .../06-python3-dateutil_2.6.1-1_all.deb ...

Unpacking python3-dateutil (2.6.1-1) ...

Selecting previously unselected package python3-tz.

Preparing to unpack .../07-python3-tz_2018.3-2_all.deb ...

Unpacking python3-tz (2018.3-2) ...

Selecting previously unselected package python3-croniter.

Preparing to unpack .../14-salt-common_2017.7.4+dfsg1-1ubuntu18.04.2_all.deb ...

Unpacking salt-common (2017.7.4+dfsg1-1ubuntu18.04.2) ...

Selecting previously unselected package salt-minion.

Preparing to unpack .../15-salt-minion_2017.7.4+dfsg1-1ubuntu18.04.2_all.deb ...

Unpacking salt-minion (2017.7.4+dfsg1-1ubuntu18.04.2) ...

.

.

Setting up libzmq5:amd64 (4.2.5-1ubuntu0.2) ...

Setting up python3-croniter (0.3.12-2) ...

Setting up salt-common (2017.7.4+dfsg1-1ubuntu18.04.2) ...

Setting up python3-zmq (16.0.2-2build2) ...

Setting up salt-minion (2017.7.4+dfsg1-1ubuntu18.04.2) ...

Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /lib/systemd/system/salt-minion.service.

Processing triggers for libc-bin (2.27-3ubuntu1.2) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-20) ...


Minion Configuration

By default, a Salt Minion will try to connect to the DNS name if the Minion can resolve that name correctly. Set DNS name of the Salt Master on /etc/hosts

#cat /etc/hosts

127.0.0.1 localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

192.168.1.23 saltmaster.zippyops.com


Set Minion ID on /etc/salt/minion_id:

#cat minion_id

ubuntu-01


Next, copy the master.pub fingerprint we created on the master server and then set this value as the master_finger in the minion configuration file.

# "salt-key -f master.pub" on the Salt master.

master_finger: 'fd:0f:be:e2:3e:03:6f:e3:b9:fc:4c:6d:a0:04:fc:c5:c2:13:13:a2:3d:06:d6:e3:a8:64:bf:aa:1d:46:c5:92'

If we make any change like setting IP address of the master on /etc/salt/minion, we’ll need to restart salt-minion service

#systemctl restart salt-minion

Login to the salt-master server and list/check for the Accepted Keys using the following command.

# salt-key -L

Accepted Keys:

Denied Keys:

Unaccepted Keys:

ubuntu-01

Rejected Keys:


Next, we will accept the salt key for the minion on the salt-master server.

# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

ubuntu-01

Proceed? [n/Y] y

Key for minion ubuntu-01 accepted.

From the output, we can confirm that the key has been added to the Accepted keys list.

# salt-key -L

Accepted Keys:

ubuntu-01

Denied Keys:

Unaccepted Keys:

Rejected Keys:

Check Minion Key Fingerprint

Run the following command on each Salt minion to view the minion key fingerprint

# salt-call --local key.finger

local:

8f:c3:9a:ba:ba:8c:f3:70:1b:50:06:c1:a3:e4:7d:64:a1:e9:a5:b7:a3:d7:2b:cd:15:4a:71:68:ad:76:a3:0c

Test Master Minion Communication

Verify the communication between the Master and a Minion by running the test. ping command:

#salt ubuntu-01 test.ping

ubuntu-01:

True

Recent Comments

No comments

Leave a Comment