SaltStack installation on Centos 7

SaltStack, or Salt is a tool which is open source configuration management software and remote execution engine, code deployment and communication topologies. Salt competes with popular cofiguration management tools like chef and puppet. Salt claims to scale up to tens and thousands of servers. Salt has been designed to be highly modular and easily extensible. The design goal is to make Salt easily moldable to diverse applications.

  • There is a master server and it connects to the agent servers (called minions) in your infrastructure.
  • The master can run commands in the minions parallelly, it is what make salt very fast.
  • The minions will execute the command sent by master and return it.

saltstack architecture

SaltStack installation on centos 7 server.

Login your master server.

Master – 192.168.1.5

To install using the SaltStack repository

rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub

vi /etc/yum.repos.d/saltstack.repo

[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
#yum clean expire-cache
#yum update.

Install the salt-minion, salt-master, or other Salt components:

yum install salt-master
yum install salt-minion
yum install salt-ssh
yum install salt-syndic
yum install salt-cloud
#chkconfig salt-master on
#service salt-master start

Configure Master Configuration

Salt configuration is very simple. The default configuration for the master will work for most installations and the only requirement for setting up a minion is to set the location of the master in the minion configuration file.

The configuration files will be installed to /etc/salt and are named after the respective components, /etc/salt/master, and /etc/salt/minion.

By default the Salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a specific IP, Change the interface conf in /etc/salt/master.

Find:

# The address of the interface to bind to
#interface: 0.0.0.0

Replace with:

# The address of the interface to bind to
interface: youripaddress

in my case, I have given interface: 192.168.1.5

Setting the states file_roots directory

All of salt’s policies or rather salt “states” need to live somewhere. The file_roots directory is the location on disk for these states. For this article we will place everything into /salt/states/base.

Find:

#file_roots:
#base:
#- /srv/salt

Replace with:

file_roots:
 base:
 - /salt/states/base

Setting the pillar_roots

The last item that we need for now is the pillar_roots dictionary. The pillar system is used to store configuration data that can be restricted to certain nodes. This allows us to customize behavior and to prevent sensitive data from being seen by infrastructure components not associated with the data. This format mirrors the file_roots exactly. The location of our pillar data will be at /srv/pillar:

Find:

#pillar_roots:
#base:
#- /srv/pillar

Replace:

pillar_roots:
 base:
 - /salt/pillars/base

 

Created those folders.

# mkdir /salt/pillars/base
# mkdir /salt/states/base

Restart the salt-master service

# service salt-master restart
Redirecting to /bin/systemctl restart salt-master.service

Thats it..

Configure the Salt-Minion Configuration

minion – 192.168.1.6

Install SaltStack repository and update repos as before in /etc/yum.repos.d/saltstack.repo.

Install salt minion

#yum install salt-minion

Update your salt master connection details.

# vi /etc/salt/minion

Find:

#master: salt

Replace with:

master: yourmasterip

in my case, I have given interface: 192.168.1.5

# service salt-minion restart
Redirecting to /bin/systemctl restart salt-minion.service

Thats it.. Once the salt-minion service is restarted the minion will start trying to communicate with the master. Go to Master node server and accept the Minions keys.

List the available keys

[root@localhost ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.1.6
Rejected Keys:

Accept the minion key

[root@localhost ~]# salt-key -a 192.168.1.6
The following keys are going to be accepted:
Unaccepted Keys:
209.205.208.100
Proceed? [n/Y] y
Key for minion 192.168.1.6 accepted.

To list all the accepted keys

#salt-key --list all
SENDING COMMANDS

Communication between the Master and a Minion may be verified by running the test.ping command:

# salt 192.168.1.6 test.ping
192.168.1.6:
 True

To list all minion

# salt '*' test.ping
192.168.1.6:
 True
minion2:
 True
minion3:
 True
minion4:
 True

To check minion disk usage

# salt '192.168.1.6' disk.usage
192.168.1.6:
 ----------
 /:
 ----------
 1K-blocks:
 37329092
 available:
 36223528
 capacity:
 3%
 filesystem:
 /dev/mapper/centos-root
 used:
 1105564