Salt is a python-based configuration management platform. Salt stack consists of a salt master which is designed to control a number of slaves called minions. In this guide, we are going to look at how to configure salt master and minions on Ubuntu 20.04. I have the following servers for my set up:
- 192.168.50.2 salt master.
- 192.168.50.3 salt minion.
Features of Saltstack
Saltstack presents quite a number of important features compared to the other automation tools:
- Fault tolerance – It is possible for salt minions to connect to multiple masters at ago. All available masters will have to be as a YAML list and any master can direct commands in the stack.
- Flexible – Salt management approach can be configured to follow the most popular system management models such as server-agent, agent-only as so on.
- Scalable – A salt master handles ten thousand minions
- Parallel Execution model – Commands can execute remote systems in a parallel manner
- Salt stack is easy to set up.
- Python API – Provides a simple programming interface and it’s easy to mold to different applications.
Install Salt on Ubuntu 20.04
Salt installation depends on python. Let’s install python 3.7 on Ubuntu 20.04. Run the below commands:
sudo add-apt-repository ppa:deadsnakes/ppa sudo apt-get update sudo apt-get install python3.7
We are going to use Salt Bootstrap to install salt. Salt Bootstrap is a configuration script that automatically detects operating system, set correct repositories and install salt. The script has to be run on the master and the minions.
curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P -M -N
Configure Salt Master on Ubuntu 20.04
The master configuration file is located in /etc/salt/master where we will configure the network interface in which salt server is working on. Edit as below:
sudo vim /etc/salt/master
Configure salt master IP bind address
# The address of the interface to bind to: interface: 192.168.50.2
Save the file and restart salt
sudo systemctl restart salt-master
Ensure to open salt default ports through the firewall. Salt uses ports 4505 and 4506
sudo ufw allow proto tcp from any to any port 4505,4506
Configure salt Minions on Ubuntu 20.04
Ensure to also install Python 3.7 on Salt Minions as explained above. Once installed, run bootstrap script to install salt minion.
curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P
The default configuration for salt Minion is /etc/salt/minion. We need to assign a master to the to the minion by editing the configuration file as below:
sudo vim /etc/salt/minion
Set the master IP
# Set the location of the salt master server. If the master server cannot be # resolved, then the minion will fail to start. Master: 192.168.50.2
To authenticate minions, we need to add master public fingerprint to minion configuration. To list the master fingerprints and any minions connected to it, we use the command below:
$ sudo salt-key --finger-all Local Keys: master.pem: 43:ec:18:dc:6a:85:69:11:82:d1:e5:70:75:e5:9f:30:92:fb:80:39:94:ab:cf:79:8f:ae:2c:1f:2d:48:55:5e master.pub: 6a:45:f0:ee:2c:9c:4b:ad:5b:0e:7e:29:12:4b:a4:32:68:fe:f6:0a:af:03:fb:ec:c2:0f:4c:a3:c3:62:69:17
Copy master.pub fingerprint and paste it in minion configuration file; /etc/salt/minion
# Fingerprint of the master public key to validate the identity of your Salt master # before the initial key exchange. The master fingerprint can be found by running # "salt-key -f master.pub" on the Salt master. master_finger: '6a:45:f0:ee:2c:9c:4b:ad:5b:0e:7e:29:12:4b:a4:32:68:fe:f6:0a:af:03:fb:ec:c2:0f:4c:a3:c3:62:69:17'
Also give the minion a name in the configuration file:
# clusters. id: Ubuntu1
Save the file and restart minion
sudo systemctl restart salt-minion
To check minion’s fingerprint, run the below command:
$ sudo salt-call key.finger --local local: 3d:7a:ff:8b:d4:cf:3e:fe:00:0a:f9:85:4f:b3:28:51:4f:94:44:53:62:c3:30:f7:f5:22:ae:dd:65:2b:3f:b8
Confirm if you are getting the same fingerprint from the master
$ sudo salt-key --finger-all Local Keys: master.pem: 43:ec:18:dc:6a:85:69:11:82:d1:e5:70:75:e5:9f:30:92:fb:80:39:94:ab:cf:79:8f:ae:2c:1f:2d:48:55:5e master.pub: 6a:45:f0:ee:2c:9c:4b:ad:5b:0e:7e:29:12:4b:a4:32:68:fe:f6:0a:af:03:fb:ec:c2:0f:4c:a3:c3:62:69:17 Unaccepted Keys: Ubuntu1: 3d:7a:ff:8b:d4:cf:3e:fe:00:0a:f9:85:4f:b3:28:51:4f:94:44:53:62:c3:30:f7:f5:22:ae:dd:65:2b:3f:b8
From the above output, our minion has been accepted on the master. Now proceed to accept all the minions on the master as below:
$ sudo salt-key -a Ubuntu1 The following keys are going to be accepted: Unaccepted Keys: Ubuntu1 Proceed? [n/Y] Y Key for minion Ubuntu1 accepted
We can run a test ping to verify communication between master and minion. On the master, run the below command:
$ sudo salt Ubuntu1 test.ping Ubuntu1: True
Running commands on salt minions from salt master
Salt master is the command-and-control center for salt minions. For example, we can run remote commands from the salt master command line, examples below:
To check disk space on all salt minions:
sudo salt '*' disk.usage Ubuntu1: ---------- /: ---------- 1K-blocks: 19475088 available: 13636348 capacity: 27% filesystem: /dev/mapper/ubuntu--vg-ubuntu--lv used: 4826416 /boot: ---------- 1K-blocks: 999320 available: 824676 capacity: 12% filesystem: /dev/xvda2 used: 105832 /dev: ---------- 1K-blocks: 955808 available: 955808 capacity: 0% filesystem: udev used: 0 /dev/shm: ---------- 1K-blocks: 999432 available: 999332 capacity: 1% filesystem: tmpfs used: 100 /run: ---------- 1K-blocks: 199888 available: 198860 capacity: 1% filesystem: tmpfs used: 1028 /run/lock: ---------- 1K-blocks: 5120 available: 5120 capacity: 0% filesystem: tmpfs used: 0 /run/user/1000: ---------- 1K-blocks: 199884 available: 199884 capacity: 0% filesystem: tmpfs used:
To install Nginx on my salt minion, Ubuntu1, I would run a command as below:
sudo salt Ubuntu1 pkg.install nginx Ubuntu1: ---------- fontconfig-config: ---------- new: 2.13.1-2ubuntu3 old: fonts-dejavu-core: ---------- new: 2.37-1 old: libfontconfig1: ---------- new: 2.13.1-2ubuntu3 old: libgd3: ---------- new: 2.2.5-5.2ubuntu2 old: libjbig0: ---------- new: 2.1-3.1build1 old: libjpeg-turbo8: ---------- new: 2.0.3-0ubuntu1.20.04.1 old: libjpeg8: ---------- new: 8c-2ubuntu8 old: libnginx-mod-http-image-filter: ---------- new: 1.18.0-0ubuntu1 old: libnginx-mod-http-xslt-filter: ---------- new: 1.18.0-0ubuntu1 old: libnginx-mod-mail: ---------- new: 1.18.0-0ubuntu1 old: libnginx-mod-stream: ---------- new: 1.18.0-0ubuntu1 old: libtiff5: ---------- new: 4.1.0+git191117-2build1 old: libwebp6: ---------- new: 0.6.1-2 old: libxpm4: ---------- new: 1:3.5.12-1 old: nginx: ---------- new: 1.18.0-0ubuntu1 old: nginx-common: ---------- new: 1.18.0-0ubuntu1 old: nginx-core: ---------- new: 1.18.0-0ubuntu1 old:
cmd.run is run to run shell commands on salt minions from the salt master.
sudo salt '*' cmd.run 'ls -l /etc' Ubuntu1: total 800 drwxr-xr-x 3 root root 4096 Apr 23 2020 NetworkManager drwxr-xr-x 2 root root 4096 Nov 18 18:34 PackageKit drwxr-xr-x 4 root root 4096 Apr 23 2020 X11 -rw-r--r-- 1 root root 3028 Apr 23 2020 adduser.conf drwxr-xr-x 2 root root 4096 Nov 18 18:29 alternatives drwxr-xr-x 3 root root 4096 Nov 18 18:33 apparmor drwxr-xr-x 7 root root 4096 Nov 18 18:34 apparmor.d drwxr-xr-x 3 root root 4096 Nov 18 18:34 apport drwxr-xr-x 7 root root 4096 Nov 18 18:44 apt -rw-r----- 1 root daemon 144 Nov 12 2018 at.deny -rw-r--r-- 1 root root 2319 Feb 25 2020 bash.bashrc -rw-r--r-- 1 root root 45 Jan 26 2020 bash_completion drwxr-xr-x 2 root root 4096 Nov 18 18:34 bash_completion.d -rw-r--r-- 1 root root 367 Apr 14 2020 bindresvport.blacklist drwxr-xr-x 2 root root 4096 Apr 22 2020 binfmt.d drwxr-xr-x 2 root root 4096 Apr 23 2020 byobu drwxr-xr-x 3 root root 4096 Apr 23 2020 ca-certificates -rw-r--r-- 1 root root 6505 Nov 18 18:33 ca-certificates.conf
Salt master State Files
Apart from running remote commands from salt master command line, we can define configuration files which declare what state a minion should be in. The difference between command line remote commands and configuration management is that remote commands runs a command on remote hosts while configuration management says the remote server/ minion should have this installed. This means the configuration management checks through the remote server to satisfy what has been declared. Configuration management files are called state files and they have extension .sls (salt state).
For example the state file below, located in /srv/salt.setup.sls ensures that rsync and curl are installed, nginx installed, run and enabled on boot.
network_utilities: pkg.installed: - pkgs: - rsync - curl nginx_pkg: pkg.installed: - name: nginx nginx_service: service.running: - name: nginx - enable: True - require: - pkg: nginx_pkg
To apply the state to all minion servers, we run the command as below:
$ sudo salt '*' state.apply setup Ubuntu1: ---------- ID: network_utilities Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 23:16:26.641996 Duration: 139.737 ms Changes: ---------- ID: nginx_pkg Function: pkg.installed Name: nginx Result: True Comment: All specified packages are already installed Started: 23:16:26.782242 Duration: 20.455 ms Changes: ---------- ID: nginx_service Function: service.running Name: nginx Result: True Comment: The service nginx is already running Started: 23:16:26.804808 Duration: 105.235 ms Changes: Summary for Ubuntu1 ------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 Total run time: 265.427 ms
You have successfully installed saltstack on Ubuntu 20.04 and learned how to deploy simple automation. I hope the guide has been useful. Enjoy! Below and more interesting Linux guides for you: