Over the years, technology has immensely grown resulting in increased complexity of working environments. This technological advancement has brought several automation tools into play. The most popular system automation tools are Ansible, Puppet, Chef, Foreman, Katello, CFEngine, Salt stack etc.
SaltStack commonly referred to as Salt is a powerful open-source configuration management and event-driven orchestration tool. It was first developed by Salt, Thomas S. Hatch after a high demand for high-speed data collection and task management tools for data centre systems. During development, the ZeroMQ messaging library was used to gain the high-speed requirements and networking layers for Saltstack.
Just like ansible, Salt supports the Infrastructure as Code approach in orchestration, management, configuration, and network deployment. The Saltstack is made up of the following components:
- Salt Master: its main task is to control and manage a given number of salt slaves by sending configuration and commands.
- Salt Minions: are slave daemons that receive configurations and commands from the salt master.
- Formula: these are salt states/configuration management files that are already written
- Execution: refers to ad-hoc commands and modules executed against single or multiple salt minions.
Below is a diagram illustrating the SaltStack architecture.
The main features offered by SaltStack are:
- It is easy to set up and provides a single remote execution architecture that can manage the diverse requirements of any number of servers.
- Fault tolerance, Salt minions can connect to multiple masters at one time
- Supports a simple programming interface(Python API). This makes it modular and easily extensible.
- Scalable Configuration Management, it can handle ten thousand minions per master
- Supports parallel Execution model
- It supports a flexible management approach
- Language Agnostic in that the configuration files, templating engine and file type support any type of language.
Install Salt master and minion on Ubuntu 22.04
In this guide, we will walk through how to set up the SaltStack with:
- Ubuntu 22.04 Salt master
- Ubuntu 22.04 minion
For installation on Ubuntu 20.04/18.04 use below guide:
Update the APT package repositories:
sudo apt update -yInstall the required packages:
sudo apt install curl vim python3 -yStep 1: Add SaltStack Repositories
We will add the SaltStack repositories on our Ubuntu master and minion. The commands to use are:
sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/salt/py3/ubuntu/22.04/amd64/latest/salt-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/22.04/amd64/latest jammy main" | sudo tee /etc/apt/sources.list.d/salt.list
Once added, update the APT repositories.
sudo apt updateStep 1: Install and Configure Salt master
Once the repository has been added, we can install the Salt master on the selected node.
sudo apt install salt-common salt-masterAfter installing it, we need to make the configurations to the Salt master. Open the configuration file for editing:
sudo vim /etc/salt/masterWe will set the bind address for the master node as shown;
# The address of the interface to bind to:
interface: 0.0.0.0
For the changes to take effect, restart the service:
sudo systemctl restart salt-masterAllow the ports through the firewall if you have it enabled:
sudo ufw allow proto tcp from any to any port 4505,4506Confirm status of the service.
$ systemctl status salt-master
● salt-master.service - The Salt Master Server
Loaded: loaded (/lib/systemd/system/salt-master.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-02-03 06:04:24 UTC; 10s ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 2571 (/opt/saltstack/)
Tasks: 45 (limit: 4538)
Memory: 206.9M
CPU: 8.134s
CGroup: /system.slice/salt-master.service
├─2571 "/opt/saltstack/salt/run/run master MainProcess"
├─2633 "/opt/saltstack/salt/run/run master PubServerChannel._publish_daemon"
├─2634 "/opt/saltstack/salt/run/run master EventPublisher"
├─2635 "/opt/saltstack/salt/run/run master Maintenance"
├─2638 "/opt/saltstack/salt/run/run master ReqServer ReqServer_ProcessManager"
├─2639 "/opt/saltstack/salt/run/run master ReqServer MWorkerQueue"
├─2640 "/opt/saltstack/salt/run/run master ReqServer MWorker-0"
├─2641 "/opt/saltstack/salt/run/run master FileServerUpdate"
├─2642 "/opt/saltstack/salt/run/run master ReqServer MWorker-1"
├─2649 "/opt/saltstack/salt/run/run master ReqServer MWorker-2"
├─2650 "/opt/saltstack/salt/run/run master ReqServer MWorker-3"
└─2653 "/opt/saltstack/salt/run/run master ReqServer MWorker-4"
Feb 03 06:04:23 jammy systemd[1]: Starting The Salt Master Server...
Feb 03 06:04:24 jammy systemd[1]: Started The Salt Master Server.
Feb 03 06:04:25 jammy salt-master[2639]: [ERROR ] ReqServer clients tcp://0.0.0.0:4506
Feb 03 06:04:26 jammy salt-master[2639]: [ERROR ] ReqServer workers ipc:///var/run/salt/master/workers.ipcStep 3: Install and Configure Salt Minion
We can also install the Salt Minion using the repositories we added earlier. On the desired Salt Minion node, execute the command below:
sudo apt install salt-minion
Once complete, make configurations:
sudo vim /etc/salt/minionNow provide the IP address of your Master node:
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: 192.168.205.22Now leave this open and proceed as shown below.
Authenticate Minions on Salt Master
For Minions to be added, they must be authenticated using the master’s public fingerprint. On the master node, list the available fingerprints:
$ sudo salt-key --finger-all
Local Keys:
master.pem: 78:83:7e:99:15:90:47:62:04:68:23:9c:3f:b1:3f:24:95:16:23:6a:46:1f:16:71:89:1c:47:b1:6e:5b:5c:5b
master.pub: ea:f9:f8:a7:f9:14:17:f3:0f:80:8f:4c:bf:a0:6b:15:01:ce:7c:98:db:57:26:98:83:1b:c8:63:ed:57:f6:4f
Copy the displayed master.pub and paste it into the Minion config file:
$ sudo vim /etc/salt/minion
# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# "salt-key -f master.pub" on the Salt master.
master_finger: 'ea:f9:f8:a7:f9:14:17:f3:0f:80:8f:4c:bf:a0:6b:15:01:ce:7c:98:db:57:26:98:83:1b:c8:63:ed:57:f6:4f'Proceed and assign the minion a name:
# clusters.
id: minion1You can now save the configuration file and restart the minion service
sudo systemctl restart salt-minionMake sure it starts without an error:
$ systemctl status salt-minion
● salt-minion.service - The Salt Minion
Loaded: loaded (/lib/systemd/system/salt-minion.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-02-03 06:07:42 UTC; 4s ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 3793 (/opt/saltstack/)
Tasks: 7 (limit: 4538)
Memory: 79.8M
CPU: 2.477s
CGroup: /system.slice/salt-minion.service
├─3793 "/opt/saltstack/salt/run/run minion"
└─3800 "/opt/saltstack/salt/run/run minion MultiMinionProcessManager MinionProcessManager"
Feb 03 06:07:41 jammy systemd[1]: Starting The Salt Minion...
Feb 03 06:07:42 jammy systemd[1]: Started The Salt Minion.To check the fingerprint of the minion, use the command:
$ sudo salt-call key.finger --local
local:
1a:d5:dd:60:6f:4a:5f:95:dd:73:4d:25:4c:f9:64:de:01:71:47:6a:27:b8:5b:b1:96:0e:7f:74:e3:5f:29:a2To verify if the minion has the same fingerprint on the master node, use:
$ sudo salt-key --finger-all
Local Keys:
master.pem: 78:83:7e:99:15:90:47:62:04:68:23:9c:3f:b1:3f:24:95:16:23:6a:46:1f:16:71:89:1c:47:b1:6e:5b:5c:5b
master.pub: ea:f9:f8:a7:f9:14:17:f3:0f:80:8f:4c:bf:a0:6b:15:01:ce:7c:98:db:57:26:98:83:1b:c8:63:ed:57:f6:4f
Unaccepted Keys:
minion1: 1a:d5:dd:60:6f:4a:5f:95:dd:73:4d:25:4c:f9:64:de:01:71:47:6a:27:b8:5b:b1:96:0e:7f:74:e3:5f:29:a2After confirming that the fingerprints are matching, accept the minion on the Salt master:
$ sudo salt-key -a minion1
The following keys are going to be accepted:
Unaccepted Keys:
minion1
Proceed? [n/Y] y
Key for minion minion1 accepted.Or accept all pending keys:
sudo salt-key -A -yTo be sure that the salt-minion has been added, we will run the ping command below:
$ sudo salt minion1 test.ping
minion1:
TrueStep 4: Execute Remote tasks on Saltstack
From the Salt master, we can now execute our remote commands to all the added minions. In this guide, we will learn how to execute simple tasks from the salt master.
To view the available disk space in the minion, use the command:
sudo salt '*' disk.usage Execution output:
To install an application such as apache, use the command:
sudo salt minion1 pkg.install apache2 Execution output:
To execute shell commands on the minions, use cmd.run. For example
sudo salt '*' cmd.run 'ls -l /var' Sample output:
Step 5: Use Master State Files to manage Salt Minions
Apart from the above remote commands, we can use state files to manage the salt minions. State files are configuration management files which are saved with the .sls extension. They usually have a desired state of the minions declared and config checks to satisfy it.
For this guide, we will create a simple state file. This state file will ensure that Rsync, curl, and Apache is installed on the minion.
Begin by creating the environment base:
sudo mkdir /srv/saltCreate the state file:
$ sudo vim /srv/salt/setup.sls
network_utilities:
pkg.installed:
- pkgs:
- rsync
- curl
apache_pkg:
pkg.installed:
- name: apache2
apache_service:
service.running:
- name: apache2
- enable: True
- require:
- pkg: apache_pkgTo execute the state file, use the command:
$ sudo salt '*' state.apply setup
minion1:
----------
ID: network_utilities
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 11:48:48.645870
Duration: 65.026 ms
Changes:
----------
ID: apache_pkg
Function: pkg.installed
Name: apache2
Result: True
Comment: All specified packages are already installed
Started: 11:48:48.711270
Duration: 9.536 ms
Changes:
----------
ID: apache_service
Function: service.running
Name: apache2
Result: True
Comment: The service apache2 is already running
Started: 11:48:48.723654
Duration: 41.374 ms
Changes:
Summary for minion1
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 115.936 msConclusion
That marks the end of this detailed guide on how to install Salt master and minion on Ubuntu 22.04. Now you can easily orchestrate and configure your systems as desired. I hope this was helpful.
See more guides on this page:
- Install Saltstack Master/Minion on CentOS 8 | Rocky Linux 8
- Install Salt / Saltstack Master & Minion on Ubuntu 20.04|18.04
- Automate Linux Systems with Ansible System Roles
