Steps to Install & Configure Salt/SaltStack Master & Minion on Ubuntu 20.04 LTS

Hello, In this Blog we are going to discuss How to Setup Salt master & Salt Minion on Ubuntu server. Salt is a free & open source python-based configuration management platform. Salt Master  is used to manage/control a number of Salt minions. We can easily install & configure commands on salt minion from salt master.

There are some steps to install & configure Salt/SaltStack master & minion on Ubuntu:

Prerequisite:

  • Two Ubuntu Server with sudo privileges.

Install & Configure Salt Master on Server-1.

Step 1: Update the system.

apt-get update

Step 2: Install Python.

  • Add the Repository.

add-apt-repository ppa:deadsnakes/ppa

  • Update the packages.

apt-get update

  • Run the following command.

apt-get install python3.7

Step 3: Install Salt Master using Salt Bootstrap.

  • Salt Bootstrap is a configuration script that automatically detects operating system & set correct repositories.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sh install_salt.sh -P -M -N

  • Here is the command output.

root@ip-172-31-16-66:/home/ubuntu# curl -L https://bootstrap.saltstack.com -o install_salt.sh
% Total   % Received   % Xferd  Average Speed Time Time   Time    Current
Dload Upload Total   Spent   Left   Speed
0      0      0        0      0          0          0            0      --:--:-- --:--:-- --:--:-- 0
100   295k  100 295k 0           0         250k      0     0:00:01 0:00:01 --:--:-- 626k
root@ip-172-31-16-66:/home/ubuntu# sh install_salt.sh -P -M -N
* INFO: Running version: 2021.09.17
* INFO: Executed by: sh
* INFO: Command line: 'install_salt.sh -P -M -N'
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 5.11.0-1022-aws
* INFO: Distribution: Ubuntu 20.04
* INFO: Installing master
* INFO: Found function install_ubuntu_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_ubuntu_stable
....
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
* INFO: Running install_ubuntu_stable_post()
* INFO: Running install_ubuntu_check_services()
* INFO: Running install_ubuntu_restart_daemons()
* INFO: Running daemons_running()
* INFO: Salt installed!

Step 4: Configure Salt Master.

  • Open the salt master configuration file.

vim /etc/salt/master

  • By default, the Salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0).

# The address of the interface to bind to:
#interface: 0.0.0.0

  • If we want to to bind Salt to a specific IP, change the “interface” in the master configuration file.
  • Change the following line.

interface: ip-address

  • Provide the Salt master IP address.
  • Restart the salt master service.

systemctl restart salt-master.service

Step 5: Open the following port number in UFW firewall.

ufw allow proto tcp from any to any port 4505,4506

  • Here is the command output.

root@ip-172-31-16-66:/home/ubuntu# ufw allow proto tcp from any to any port 4505,4506
Rules updated
Rules updated (v6)

Install & Configure Salt Minions on Server-2

Step 6: Update the system.

apt-get update

Step 7: Install Python.

  • Add the Repository.

add-apt-repository ppa:deadsnakes/ppa

  • Update the packages.

apt-get update

  • Run the following command.

apt-get install python3.7

Step 8: Once Python is installed then run bootstrap script to install salt minion.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sh install_salt.sh -P

  • Here is the command output.

root@ip-172-31-19-108:/home/ubuntu# curl -L https://bootstrap.saltstack.com -o install_salt.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 295k 100 295k 0 0 237k 0 0:00:01 0:00:01 --:--:-- 237k
root@ip-172-31-19-108:/home/ubuntu# sh install_salt.sh -P
* INFO: Running version: 2021.09.17
* INFO: Executed by: sh
* INFO: Command line: 'install_salt.sh -P'
* INFO: System Information:
* INFO: CPU: GenuineIntel
* INFO: CPU Arch: x86_64
* INFO: OS Name: Linux
* INFO: OS Version: 5.11.0-1022-aws
* INFO: Distribution: Ubuntu 20.04
* INFO: Installing minion
* INFO: Found function install_ubuntu_stable_deps
* INFO: Found function config_salt
* INFO: Found function preseed_master
* INFO: Found function install_ubuntu_stable
* INFO: Found function install_ubuntu_stable_post
* INFO: Found function install_ubuntu_restart_daemons
....
* INFO: Running install_ubuntu_stable_post()
* INFO: Running install_ubuntu_check_services()
* INFO: Running install_ubuntu_restart_daemons()
* INFO: Running daemons_running()
* INFO: Salt installed!

Step 9: Open the Host file.

vim /etc/hosts

  • Add the Salt master ip address.

127.0.0.1 localhost
salt-master-ip-address salt

Step 10: Open the following file to set the minion ID.

vim /etc/salt/minion_id

  • Provide a salt minion Id name.(Please remove the already mentioned text)

For example : ubuntu-1

Step 11: Now,Go to Salt master server & Run the following command to print the master key fingerprint.

salt-key -F master

  • Here is the command output.

root@ip-172-31-16-66:/home/ubuntu# salt-key -F master
Local Keys:
master.pem: 0f:01:d2:67:d5:91:ca:54:17:fb:61:06:a2:56:f4:8d:9a:0f:52:1e:49:4b:bb:16:0b:5a:f8:24:68:ba:9b:ab
master.pub: 64:31:ab:33:84:e1:3b:21:c3:5a:d7:c3:aa:14:0e:3c:cc:2b:5a:ee:88:38:56:d3:f9:1b:cc:3d:4f:43:26:4c

  • Copy the master.pub fingerprint.
  • Go to Salt minion server.
  • Open the /etc/salt/minion file.

vim /etc/salt/minion

  • find/search the master_finger & Paste the master.pub key.

# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# "salt-key -f master.pub" on the Salt master.
master_finger: '64:31:ab:33:84:e1:3b:21:c3:5a:d7:c3:aa:14:0e:3c:cc:2b:5a:ee:88:38:56:d3:f9:1b:cc:3d:4f:43:26:4c'

  • Restart the salt minion server.

systemctl restart salt-minion

Step 12: Again Go to Salt Master Server.

  • To check Accepted Keys.

salt-key -L

  • Here is the command output.

root@ip-172-31-16-66:/home/ubuntu# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
ubuntu-1
Rejected Keys:

  • Now Accept the Key on the Salt Master.

salt-key --accept='ubuntu-1'

  • Press y.
  • Here is the command output.

root@ip-172-31-16-66:/home/ubuntu# salt-key --accept='ubuntu-1'
The following keys are going to be accepted:
Unaccepted Keys:
ubuntu-1
Proceed? [n/Y] y
Key for minion ubuntu-1 accepted.

  • Again check Accepted Keys.

salt-key -L

  • Here is the command output.
  • The key has been successfully added to the Accepted keys list.

root@ip-172-31-16-66:/home/ubuntu# salt-key -L
Accepted Keys:
ubuntu-1
Denied Keys:
Unaccepted Keys:
Rejected Keys:

  • If we want to accept for all of the salt Minion servers.
  • Run the following command with -A option.

salt-key -A

Step 13: Go to Salt Minion Server & run the following command to check Minion Key Fingerprint.

salt-call --local key.finger

  • Here is the command output

root@ip-172-31-19-108:/home/ubuntu# salt-call --local key.finger
local:
1c:2e:46:02:94:12:84:49:3b:c6:90:43:9f:ab:a9:e2:b1:50:93:d3:a7:ed:44:c0:ec:9e:87:23:05:d4:8e:6c

Step 14: Compare this salt Minion Key Fingerprint to the salt Minion Key Fingerprint present on the Salt master server.

  • Run the command on salt master server.

salt-key --finger ubuntu-1

  • Here is the command output

root@ip-172-31-16-66:/home/ubuntu# salt-key --finger ubuntu-1
Accepted Keys:
ubuntu-1: 1c:2e:46:02:94:12:84:49:3b:c6:90:43:9f:ab:a9:e2:b1:50:93:d3:a7:ed:44:c0:ec:9e:87:23:05:d4:8e:6c

Step 15: Test the Salt Master & Salt Minion Communication.

salt ubuntu-1 test.ping

  • Here is the command output

root@ip-172-31-16-66:/home/ubuntu# salt ubuntu-1 test.ping
ubuntu-1:
True

  • To test communication between Salt Master and all Salt Minions.

salt '*' test.ping

Step 16: Now Run the commands on Salt Minions From Salt Master Server.

  • To check disk space on One or all salt minions.

salt 'ubuntu-1' disk.usage
or
salt '*' disk.usage

  • Here is the command output

root@ip-172-31-16-66:/home/ubuntu# salt 'ubuntu-1' disk.usage
ubuntu-1:
----------
/:
----------
1K-blocks:
8065444
available:
6102896
capacity:
25%
filesystem:
/dev/root
used:
1946164
/dev:
----------
1K-blocks:
489496
available:
489496
capacity:
0%
filesystem:
devtmpfs
used:
0
/dev/shm:
----------
1K-blocks:
496100
available:
496020
capacity:
1%
filesystem:
tmpfs
used:
80

  • To Install Nginx on Salt minion server.

salt ubuntu-1 pkg.install nginx

  • Here is the command output

root@ip-172-31-16-66:/home/ubuntu# salt ubuntu-1 pkg.install nginx
ubuntu-1:
----------
fontconfig-config:
----------
new:
2.13.1-2ubuntu3
old:
fonts-dejavu-core:
----------
new:
2.37-1
old:
libfontconfig1:
----------
new:
2.13.1-2ubuntu3
old:
libgd3:
----------
new:
2.2.5-5.2ubuntu2.1
old:
libjbig0:
----------
new:
2.1-3.1build1
old:
libjpeg-turbo8:
----------

  • To run shell commands on salt minions.

salt 'ubuntu-1' cmd.run 'ls -l /etc'
or
salt '*' cmd.run 'ls -l /etc'

  • Here is the command output

root@ip-172-31-16-66:/home/ubuntu# salt 'ubuntu-1' cmd.run 'ls -l /etc'
ubuntu-1:
total 820
drwxr-xr-x 3 root root 4096 Nov 29 23:32 NetworkManager
drwxr-xr-x 2 root root 4096 Nov 29 23:33 PackageKit
drwxr-xr-x 4 root root 4096 Nov 29 23:32 X11
drwxr-xr-x 4 root root 4096 Nov 29 23:37 acpi
-rw-r--r-- 1 root root 3028 Nov 29 23:31 adduser.conf
drwxr-xr-x 2 root root 4096 Nov 29 23:33 alternatives
drwxr-xr-x 3 root root 4096 Nov 29 23:32 apparmor
drwxr-xr-x 7 root root 4096 Nov 29 23:33 apparmor.d
drwxr-xr-x 3 root root 4096 Nov 29 23:33 apport
drwxr-xr-x 7 root root 4096 Jan 24 13:46 apt
-rw-r----- 1 root daemon 144 Nov 12 2018 at.deny
-rw-r--r-- 1 root root 2319 Feb 25 2020 bash.bashrc
-rw-r--r-- 1 root root 45 Jan 26 2020 bash_completion
drwxr-xr-x 2 root root 4096 Nov 29 23:33 bash_completion.d
-rw-r--r-- 1 root root 367 Apr 14 2020 bindresvport.blacklist
drwxr-xr-x 2 root root 4096 Apr 22 2020 binfmt.d
drwxr-xr-x 2 root root 4096 Nov 29 23:32 byobu

Step 17: Open the Nginx Web interface using Salt minion ip address.

http://server-ip

  • Here is the output.

Leave a Reply