Salt is a python-based configuration management platform. Salt stack consists of a salt master which is designed to control a number of slaves called minions. In this guide, we are going to look at how to configure salt master and minions on Ubuntu 20.04. I have the following servers for my set up:

  • 192.168.50.2 salt master.
  • 192.168.50.3 salt minion.

Features of Saltstack

Saltstack presents quite a number of important features compared to the other automation tools:

  • Fault tolerance – It is possible for salt minions to connect to multiple masters at ago. All available masters will have to be as a YAML list and any master can direct commands in the stack.
  • Flexible – Salt management approach can be configured to follow the most popular system management models such as server-agent, agent-only as so on.
  • Scalable – A salt master handles ten thousand minions
  • Parallel Execution model – Commands can execute remote systems in a parallel manner
  • Salt stack is easy to set up.
  • Python API – Provides a simple programming interface and it’s easy to mold to different applications.

Install Salt on Ubuntu 20.04

Salt installation depends on python. Let’s install python 3.7 on Ubuntu 20.04. Run the below commands:

sudo add-apt-repository ppa:deadsnakes/ppa 
sudo apt-get update 
sudo apt-get install python3.7

We are going to use Salt Bootstrap to install salt. Salt Bootstrap is a configuration script that automatically detects operating system, set correct repositories and install salt. The script has to be run on the master and the minions.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M -N

Configure Salt Master on Ubuntu 20.04

The master configuration file is located in /etc/salt/master where we will configure the network interface in which salt server is working on. Edit as below:

sudo vim /etc/salt/master

Configure salt master IP bind address

# The address of the interface to bind to: 
interface: 192.168.50.2

Save the file and restart salt

sudo systemctl restart salt-master

Configure Firewall

Ensure to open salt default ports through the firewall. Salt uses ports 4505 and 4506

sudo ufw allow proto tcp from any to any port 4505,4506

Configure salt Minions on Ubuntu 20.04

Ensure to also install Python 3.7 on Salt Minions as explained above. Once installed, run bootstrap script to install salt minion.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P

The default configuration for salt Minion is /etc/salt/minion. We need to assign a master to the to the minion by editing the configuration file as below:

sudo vim /etc/salt/minion

Set the master IP

# Set the location of the salt master server. If the master server cannot be 
# resolved, then the minion will fail to start. 
Master: 192.168.50.2

Authenticate Minions

To authenticate minions, we need to add master public fingerprint to minion configuration. To list the master fingerprints and any minions connected to it, we use the command below:

$ sudo salt-key --finger-all
Local Keys: 
master.pem:  43:ec:18:dc:6a:85:69:11:82:d1:e5:70:75:e5:9f:30:92:fb:80:39:94:ab:cf:79:8f:ae:2c:1f:2d:48:55:5e 
master.pub:  6a:45:f0:ee:2c:9c:4b:ad:5b:0e:7e:29:12:4b:a4:32:68:fe:f6:0a:af:03:fb:ec:c2:0f:4c:a3:c3:62:69:17

Copy master.pub fingerprint and paste it in minion configuration file; /etc/salt/minion

# Fingerprint of the master public key to validate the identity of your Salt master 
# before the initial key exchange. The master fingerprint can be found by running 
# "salt-key -f master.pub" on the Salt master. 
master_finger: '6a:45:f0:ee:2c:9c:4b:ad:5b:0e:7e:29:12:4b:a4:32:68:fe:f6:0a:af:03:fb:ec:c2:0f:4c:a3:c3:62:69:17'

Also give the minion a name in the configuration file:

# clusters. 
id: Ubuntu1

Save the file and restart minion

sudo systemctl restart salt-minion

To check minion’s fingerprint, run the below command:

$ sudo salt-call key.finger --local 
local: 
   3d:7a:ff:8b:d4:cf:3e:fe:00:0a:f9:85:4f:b3:28:51:4f:94:44:53:62:c3:30:f7:f5:22:ae:dd:65:2b:3f:b8

Confirm if you are getting the same fingerprint from the master

$ sudo salt-key --finger-all                              
Local Keys: 
master.pem:  43:ec:18:dc:6a:85:69:11:82:d1:e5:70:75:e5:9f:30:92:fb:80:39:94:ab:cf:79:8f:ae:2c:1f:2d:48:55:5e 
master.pub:  6a:45:f0:ee:2c:9c:4b:ad:5b:0e:7e:29:12:4b:a4:32:68:fe:f6:0a:af:03:fb:ec:c2:0f:4c:a3:c3:62:69:17 
Unaccepted Keys: 
Ubuntu1:  3d:7a:ff:8b:d4:cf:3e:fe:00:0a:f9:85:4f:b3:28:51:4f:94:44:53:62:c3:30:f7:f5:22:ae:dd:65:2b:3f:b8

From the above output, our minion has been accepted on the master. Now proceed to accept all the minions on the master as below:

$ sudo salt-key -a Ubuntu1 
The following keys are going to be accepted: 
Unaccepted Keys: 
Ubuntu1 
Proceed? [n/Y] Y 
Key for minion Ubuntu1 accepted

We can run a test ping to verify communication between master and minion. On the master, run the below command:

$ sudo salt Ubuntu1 test.ping      
Ubuntu1: 
   True

Running commands on salt minions from salt master

Salt master is the command-and-control center for salt minions. For example, we can run remote commands from the salt master command line, examples below:

To check disk space on all salt minions:

sudo salt '*' disk.usage 
Ubuntu1: 
   ---------- 
   /: 
       ---------- 
       1K-blocks: 
           19475088 
       available: 
           13636348 
       capacity: 
           27% 
       filesystem: 
           /dev/mapper/ubuntu--vg-ubuntu--lv 
       used: 
           4826416 
   /boot: 
       ---------- 
       1K-blocks: 
           999320 
       available: 
           824676 
       capacity: 
           12% 
       filesystem: 
           /dev/xvda2 
       used: 
           105832 
   /dev: 
       ---------- 
       1K-blocks: 
           955808 
       available: 
           955808 
       capacity: 
           0% 
       filesystem: 
           udev 
       used: 
           0 
   /dev/shm: 
       ---------- 
       1K-blocks: 
           999432 
       available: 
           999332 
       capacity: 
           1% 
       filesystem: 
           tmpfs 
       used: 
           100 
   /run: 
       ---------- 
       1K-blocks: 
           199888 
       available: 
           198860 
       capacity: 
           1% 
       filesystem: 
           tmpfs 
       used: 
           1028 
   /run/lock: 
       ---------- 
       1K-blocks: 
           5120 
       available: 
           5120 
       capacity: 
           0% 
       filesystem: 
           tmpfs 
       used: 
           0 
   /run/user/1000: 
       ---------- 
       1K-blocks: 
           199884 
       available: 
           199884 
       capacity: 
           0% 
       filesystem: 
           tmpfs 
       used:

To install Nginx on my salt minion, Ubuntu1, I would run a command as below:

sudo salt Ubuntu1 pkg.install nginx              
Ubuntu1: 
   ---------- 
   fontconfig-config: 
       ---------- 
       new: 
           2.13.1-2ubuntu3 
       old: 
   fonts-dejavu-core: 
       ---------- 
       new: 
           2.37-1 
       old: 
   libfontconfig1: 
       ---------- 
       new: 
           2.13.1-2ubuntu3 
       old: 
   libgd3: 
       ---------- 
       new: 
           2.2.5-5.2ubuntu2 
       old: 
   libjbig0: 
       ---------- 
       new: 
           2.1-3.1build1 
       old: 
   libjpeg-turbo8: 
       ---------- 
       new: 
           2.0.3-0ubuntu1.20.04.1 
       old: 
   libjpeg8: 
       ---------- 
       new: 
           8c-2ubuntu8 
       old: 
   libnginx-mod-http-image-filter: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old: 
   libnginx-mod-http-xslt-filter: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old: 
   libnginx-mod-mail: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old: 
   libnginx-mod-stream: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old: 
   libtiff5: 
       ---------- 
       new: 
           4.1.0+git191117-2build1 
       old: 
   libwebp6: 
       ---------- 
       new: 
           0.6.1-2 
       old: 
   libxpm4: 
       ---------- 
       new: 
           1:3.5.12-1 
       old: 
   nginx: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old: 
   nginx-common: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old: 
   nginx-core: 
       ---------- 
       new: 
           1.18.0-0ubuntu1 
       old:

cmd.run is run to run shell commands on salt minions from the salt master.

sudo salt '*' cmd.run 'ls -l /etc' 
 Ubuntu1: 
   total 800 
   drwxr-xr-x 3 root root       4096 Apr 23  2020 NetworkManager 
   drwxr-xr-x 2 root root       4096 Nov 18 18:34 PackageKit 
   drwxr-xr-x 4 root root       4096 Apr 23  2020 X11 
   -rw-r--r-- 1 root root       3028 Apr 23  2020 adduser.conf 
   drwxr-xr-x 2 root root       4096 Nov 18 18:29 alternatives 
   drwxr-xr-x 3 root root       4096 Nov 18 18:33 apparmor 
   drwxr-xr-x 7 root root       4096 Nov 18 18:34 apparmor.d 
   drwxr-xr-x 3 root root       4096 Nov 18 18:34 apport 
   drwxr-xr-x 7 root root       4096 Nov 18 18:44 apt 
   -rw-r----- 1 root daemon      144 Nov 12  2018 at.deny 
   -rw-r--r-- 1 root root       2319 Feb 25  2020 bash.bashrc 
   -rw-r--r-- 1 root root         45 Jan 26  2020 bash_completion 
   drwxr-xr-x 2 root root       4096 Nov 18 18:34 bash_completion.d 
   -rw-r--r-- 1 root root        367 Apr 14  2020 bindresvport.blacklist 
   drwxr-xr-x 2 root root       4096 Apr 22  2020 binfmt.d 
   drwxr-xr-x 2 root root       4096 Apr 23  2020 byobu 
   drwxr-xr-x 3 root root       4096 Apr 23  2020 ca-certificates 
   -rw-r--r-- 1 root root       6505 Nov 18 18:33 ca-certificates.conf 

Salt master State Files

Apart from running remote commands from salt master command line, we can define configuration files which declare what state a minion should be in. The difference between command line remote commands and configuration management is that remote commands runs a command on remote hosts while configuration management says the remote server/ minion should have this installed. This means the configuration management checks through the remote server to satisfy what has been declared. Configuration management files are called state files and they have extension .sls (salt state).

For example the state file below, located in /srv/salt.setup.sls ensures that rsync and curl are installed, nginx installed, run and enabled on boot.

network_utilities: 
 pkg.installed: 
   - pkgs: 
     - rsync 
     - curl 

nginx_pkg: 
 pkg.installed: 
   - name: nginx 

nginx_service: 
 service.running: 
   - name: nginx 
   - enable: True 
   - require: 
     - pkg: nginx_pkg

To apply the state to all minion servers, we run the command as below:

$ sudo salt '*' state.apply setup 
Ubuntu1: 
---------- 
         ID: network_utilities 
   Function: pkg.installed 
     Result: True 
    Comment: All specified packages are already installed 
    Started: 23:16:26.641996 
   Duration: 139.737 ms 
    Changes:    
---------- 
         ID: nginx_pkg 
   Function: pkg.installed 
       Name: nginx 
     Result: True 
    Comment: All specified packages are already installed 
    Started: 23:16:26.782242 
   Duration: 20.455 ms 
    Changes:    
---------- 
         ID: nginx_service 
   Function: service.running 
       Name: nginx 
     Result: True 
    Comment: The service nginx is already running 
    Started: 23:16:26.804808 
   Duration: 105.235 ms 
    Changes:    

Summary for Ubuntu1                                                                                                                                                                                                                                                             
------------                                                                                                                                                                                                                                                                    
Succeeded: 3 
Failed:    0 
------------ 
Total states run:     3                                                                                                                                                                                                                                                         
Total run time: 265.427 ms

You have successfully installed saltstack on Ubuntu 20.04 and learned how to deploy simple automation. I hope the guide has been useful. Enjoy! Below and more interesting Linux guides for you:

LEAVE A REPLY

Please enter your comment!
Please enter your name here

five × two =