Install Saltstack Master/Minion on CentOS 8 | Rocky Linux 8

Salt stack is an open source configuration management tool based on Python. Just like Ansible, Salt stack can be used to automate your infrastructure management through configuration management, remote execution, data-driven orchestration e.t.c.

Salt stack uses a Server-Client architecture where the configuration management is done from the Saltstack Master and the clients, normally refered to as Minions connect to the master through an agent installed to them.

The Saltstack master holds the inventory and the public keys for the SaltStack Minions which is necessary for remote execution.

This guide will highlight how to setup and configure SaltStack Master and MInion, then demonstrate how to automate your infrastructure using this stack.

In our guide, we shall setup a SaltStack Master on Rocky Linux 8, then join nodes to it.

Install SaltStack Master on Rocky Linux 8/CentOS 8

Follow the steps below to setup SaltStack Master:

Step 1. Install Python

As we had mentioned before, SaltStack is based on Python. This means that for every system that we intend to include in our environment should have Python installed.

Make sure your system packages are up-to-date before we can proceed with the installations

sudo dnf update -y

Reboot your system to apply some of the changes after update

sudo reboot now

Let’s proceed to install Python 3 on our SaltStack Master node

sudo dnf install python3 -y

Step 2. Install SaltStack Yum Repository

We need to install SaltStack yum repository to download the download the latest version of SaltStack.

sudo dnf install -y https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm

Update your system cache

sudo dnf makecache
sudo dnf -y update

Step 3. Install SaltStack Master on CentOS 8

Download and install SaltStack Master and the required dependencies

sudo dnf install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api

The command above installs both SaltStack Master and SaltStack Minion on the host. This is necessary because the SaltStack minion is responsible for collection of system metrics and sends the metrics to the Master, this also applies for the SaltStack Master.

Step 4. Configure SaltStack Master on CentOS 8/Rocky Linux 8

After a successful installation of the required packages. The next step will be to configure our host to act as the Master. SaltStack configuration files are at /etc/salt/ directory.

Edit the /etc/salt/minion file and add the hostname of the Master server.

sudo vi /etc/salt/minion

Find the line below:

#master: salt

Uncomment the line and add the hostname of the Master

master: saltmaster.geeksforgeeks.org

Make sure that the hostname is DNS resolvable or you can map a static hostname in the /etc/hosts.

$ sudo vi /etc/hosts
<master-ip>  <master-hostname>

E.g

$ sudo vi /etc/hosts
192.168.100.120 saltmaster.geeksforgeeks.org

Start SaltStack Master and Minion services on the SaltStack Master host.

sudo systemctl enable --now salt-master salt-minion

Allow SaltStack ports through the firewall for Minion connections

sudo firewall-cmd --zone=public --permanent --add-port={4505,4506}/tcp
sudo firewall-cmd --reload

Install SaltStack Minion on Rocky Linux 8 / CentOS 8

We need to install SaltStack Minion agent on the nodes that we wish to include in our environment. In this guide we shall use a host running CentOS 8. The installation steps are as follows:

Install Python 3

We need to install Python 3 on our CentOS 8 node. Before you can do that, make sure that your system is updated .

sudo dnf -y update

Install Python 3.

sudo dnf -y install python3

Install SaltStack Minion

Setup SaltStack repo on the node to download the latest version of SaltStack

sudo dnf install -y https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm

Update your cache then install SaltStack Minion.

sudo dnf update
sudo dnf install salt-minion -y

Configure SaltStack Minion

We need to configure the SaltStack Minion to communicate with the SaltStack Master. SaltStack Master and Minion connects using Public/Private keys.

This means that the SaltStack Minion has to send the key to the Master and the key be accepted by the master for them to communicate.

Make sure that the SaltStack Minion can communicate with the Master using the DNS name or a statically assigned hostname.

To add the hostname of the master to static DNS of the SaltStack Minion, add it in the /etc/hosts file as shown below:

$ sudo vi /etc/hosts
<master-ip>  <master-hostname>

Make sure that the Master’s hostname is reachable through ping from the Minion.

Edit the file at /etc/salt/minion and add the hostname of the SaltStack Master as shown:

master: saltmaster.geeksforgeeks.org

Relace the hostname with the hostname of your SaltStack Master.

Then finally start and enable salt-minon service.

sudo systemctl enable --now salt-minion

Connect SaltStack Minion to SaltStack Master

To connect the SaltStack Minion to the SaltStack Master, we will need to accept the public key of the minion that was sent to the master when the minion service was started.

On the SaltStack Master, check the availabe public keys that are yet to be accepted.

salt-key -L

The output informs us that there are two unaccepted keys:

$ sudo salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
saltmaster.geeksforgeeks.org
node02
Rejected Keys:

This is because the SaltStack Master also has a running salt-minion service and therefore the service has sent the key for authentication.

We can the accept the keys by:

$ salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
saltmaster.geeksforgeeks.org
node02
Proceed? [n/Y] y
Key for minion node02 accepted.
Key for minion node02 accepted.

We have now connected two minion servers to our Master. We now need to test if the minions are reachable:

$ salt '*' test.ping
node02:
    True
saltmaster.geeksforgeeks.org:
    True

That confirms that the two nodes are both reachable through ping.

We can now start issuing remote commands to the minions for automation an orchestration.

Execute Remote commands to Minon nodes

With the SaltStack Master and Minion setup complete, we can now issue remote commands to the minions and get things done without necessarly having to access the minion hosts.

Below are examples of some of the commands you can execute remotely through the SaltStack Master.

The general syntax is:

salt 'remote-host' cmd.run 'command-you-want-to-execute'

Example

salt 'node02' cmd.run 'yum -y install nginx'

You can also start and enable the service on the node.

$ salt 'node02' cmd.run 'systemctl enable --now nginx'
node02:
    Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service -> /usr/lib/systemd/system/nginx.service.

To run commands on all availabe nodes, the syntax used is:

salt '*' cmd.run 'command-you-want-to-execute'

Example:

$ salt '*' cmd.run 'systemctl status nginx'
node02:
    * nginx.service - The nginx HTTP and reverse proxy server
       Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
      Drop-In: /usr/lib/systemd/system/nginx.service.d
               `-php-fpm.conf
       Active: active (running) since Wed 2021-07-14 15:44:45 EDT; 2min 44s ago
      Process: 3310 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
      Process: 3308 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
      Process: 3307 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
     Main PID: 3312 (nginx)
        Tasks: 2 (limit: 4938)
       Memory: 6.1M
       CGroup: /system.slice/nginx.service
               |-3312 nginx: master process /usr/sbin/nginx
               `-3313 nginx: worker process
    
    Jul 14 15:44:45 node02 systemd[1]: Starting The nginx HTTP and reverse proxy server...
    Jul 14 15:44:45 node02 nginx[3308]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    Jul 14 15:44:45 node02 nginx[3308]: nginx: configuration file /etc/nginx/nginx.conf test is successful
    Jul 14 15:44:45 node02 systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
    Jul 14 15:44:45 node02 systemd[1]: Started The nginx HTTP and reverse proxy server.
saltmaster.geeksforgeeks.org:
    * nginx.service - The nginx HTTP and reverse proxy server
       Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
      Drop-In: /usr/lib/systemd/system/nginx.service.d
               `-php-fpm.conf
       Active: inactive (dead)

Conclusion

SaltStack is a very useful orchestration tool that is widely used for automation of infrastructure and configuration management, just like Ansible.

The only difference is that it requires a master node to be setup and clients to connect to the node (Minions) for one to be able to manage their infrastructure. It is however much more easy to use as the commands are straight forward.

Check out more interesting articles on this site:

• How To Install Jenkins Server on Kubernetes | OpenShift
• How To Install GitLab on Rocky Linux 8 With Let’s Encrypt
• How To Install Jenkins on Rocky Linux 8