How to Install SaltStack on CentOS 7
SaltStack, or Salt, is a popular open source configuration management solution which can be used to implement remote execution, configuration management, code deployment and much more. Salt can manage tens of thousands of servers in parallel. Thanks to its ease of use, scalability, and high efficiency, Salt has been widely used to manage various infrastructures around the world.
In this article, I will show you how to install Salt on two CentOS 7 server instances to implement the Salt agent-and-server managing model. In this model, you will have one master server and one agent server (called minion), and you can add more minions later.
Prerequisites
Before proceeding, I assume that you have:
- Deployed two CentOS 7 server instances in the same Vultr data center.
- Setup private networking on both of the two server instances. See this article: Configuring Private Network.
- Created non-root sudo users on both of the two machines.
The summary of our two servers is as follows.
SaltStack master server:
- OS: CentOS 7
- hostname: master
- Private IP: 10.99.0.10
SaltStack agent server 1:
- OS: CentOS 7
- hostname: minion1
- Private IP: 10.99.0.11
Step 1: Operations on the SaltStack master server
1.1 Update the system
Use the sudo user to log into the SaltStack master server, then update the system to the latest stable status:
sudo yum update -y && sudo reboot
After the reboot completes, use the same sudo user to log in.
1.2 Install and configure the salt-master program
Use the SaltStack official YUM repo to install the latest salt-master program:
sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-2015.8-2.el7.noarch.rpm
sudo yum clean expire-cache
sudo yum install salt-master
After the installation finishes, modify the configuration file as below:
sudo vi/etc/salt/master
Find:
#interface: 0.0.0.0
Replace the line with:
interface: 10.99.0.10
Find:
#hash_type: md5
Replace the line with:
hash_type: sha256
Save and quit:
:wq
Start and enable the salt-master service:
sudo systemctl start salt-master.service
sudo systemctl enable salt-master.service
1.3 Modify firewall rules
By default, the salt-master service will use ports 4505 and 4506 to communicate with minions. You need to allow traffic through the two ports on the master server.
Find out to which zone the eth1 interface belongs:
sudo firewall-cmd --get-active-zones
You will find out that the eth1 interface belongs to the "public" zone. Therefore, you need to allow traffic through the two ports in the "public" zone:
sudo firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
sudo firewall-cmd --reload
That's all that needs to be done on the master server for now. It's time to setup the SaltStack agent server.
Step 2: Operations on the SaltStack agent server
2.1 Update the system
Use the sudo user to log in the SaltStack agent server. Again, update the system to the latest stable status:
sudo yum update -y && sudo reboot
After the reboot, use the same sudo user to log in.
2.2 Install and configure the salt-minion program
Use the SaltStack official YUM repo to install the latest salt-minion program:
sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-2015.8-2.el7.noarch.rpm
sudo yum clean expire-cache
sudo yum install salt-minion
After the installation, modify the configuration file as below:
sudo vi /etc/salt/minion
Find:
#master: salt
Replace the line with:
master: 10.99.0.10
Find:
#hash_type: sha256
Replace the line with:
hash_type: sha256
Save and quit:
:wq
Start and enable the salt-minion service:
sudo systemctl start salt-minion.service
sudo systemctl enable salt-minion.service
After starting up, the salt-minion service will send off a signal to find the SaltStack server.
If you have more SaltStack agent servers, you need to setup them in the same fashion.
Step 3: Test your setup on the SaltStack master server
Return to the SSH connection to the SaltStack master server, input the following command to show all available agents:
sudo salt-key -L
If everything was successful, you will see the agent server "minion1" listed in the "Unaccepted Keys" segment.
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion1
Rejected Keys:
Accept "minion1" using this command:
salt-key --accept=minion1
Or accept all of the agent servers:
salt-key -A
Finally, you can test your setup using the example commands below:
Example 1:
sudo salt minion1 test.ping
The output show:
minion1:
True
Example 2:
sudo salt minion1 cmd.run pwd
The output show:
minion1:
/root
That's it. You can learn more about SaltStack on its official website. Enjoy it!