How to Install SaltStack on CentOS 7

Updated on November 21, 2023
How to Install SaltStack on CentOS 7 header image

SaltStack, or Salt, is a popular open source configuration management solution which can be used to implement remote execution, configuration management, code deployment and much more. Salt can manage tens of thousands of servers in parallel. Thanks to its ease of use, scalability, and high efficiency, Salt has been widely used to manage various infrastructures around the world.

In this article, I will show you how to install Salt on two CentOS 7 server instances to implement the Salt agent-and-server managing model. In this model, you will have one master server and one agent server (called minion), and you can add more minions later.

Prerequisites

Before proceeding, I assume that you have:

  • Deployed two CentOS 7 server instances in the same Vultr data center.
  • Setup private networking on both of the two server instances. See this article: Configuring Private Network.
  • Created non-root sudo users on both of the two machines.

The summary of our two servers is as follows.

SaltStack master server:

  • OS: CentOS 7
  • hostname: master
  • Private IP: 10.99.0.10

SaltStack agent server 1:

  • OS: CentOS 7
  • hostname: minion1
  • Private IP: 10.99.0.11

Step 1: Operations on the SaltStack master server

1.1 Update the system

Use the sudo user to log into the SaltStack master server, then update the system to the latest stable status:

sudo yum update -y && sudo reboot

After the reboot completes, use the same sudo user to log in.

1.2 Install and configure the salt-master program

Use the SaltStack official YUM repo to install the latest salt-master program:

sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-2015.8-2.el7.noarch.rpm
sudo yum clean expire-cache
sudo yum install salt-master

After the installation finishes, modify the configuration file as below:

sudo vi/etc/salt/master

Find:

#interface: 0.0.0.0

Replace the line with:

interface: 10.99.0.10

Find:

#hash_type: md5

Replace the line with:

hash_type: sha256

Save and quit:

:wq

Start and enable the salt-master service:

sudo systemctl start salt-master.service
sudo systemctl enable salt-master.service

1.3 Modify firewall rules

By default, the salt-master service will use ports 4505 and 4506 to communicate with minions. You need to allow traffic through the two ports on the master server.

Find out to which zone the eth1 interface belongs:

sudo firewall-cmd --get-active-zones

You will find out that the eth1 interface belongs to the "public" zone. Therefore, you need to allow traffic through the two ports in the "public" zone:

sudo firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
sudo firewall-cmd --reload

That's all that needs to be done on the master server for now. It's time to setup the SaltStack agent server.

Step 2: Operations on the SaltStack agent server

2.1 Update the system

Use the sudo user to log in the SaltStack agent server. Again, update the system to the latest stable status:

sudo yum update -y && sudo reboot

After the reboot, use the same sudo user to log in.

2.2 Install and configure the salt-minion program

Use the SaltStack official YUM repo to install the latest salt-minion program:

sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-2015.8-2.el7.noarch.rpm
sudo yum clean expire-cache
sudo yum install salt-minion

After the installation, modify the configuration file as below:

sudo vi /etc/salt/minion

Find:

#master: salt

Replace the line with:

master: 10.99.0.10

Find:

#hash_type: sha256

Replace the line with:

hash_type: sha256

Save and quit:

:wq

Start and enable the salt-minion service:

sudo systemctl start salt-minion.service
sudo systemctl enable salt-minion.service

After starting up, the salt-minion service will send off a signal to find the SaltStack server.

If you have more SaltStack agent servers, you need to setup them in the same fashion.

Step 3: Test your setup on the SaltStack master server

Return to the SSH connection to the SaltStack master server, input the following command to show all available agents:

sudo salt-key -L

If everything was successful, you will see the agent server "minion1" listed in the "Unaccepted Keys" segment.

Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion1
Rejected Keys:

Accept "minion1" using this command:

salt-key --accept=minion1

Or accept all of the agent servers:

salt-key -A

Finally, you can test your setup using the example commands below:

Example 1:

sudo salt minion1 test.ping

The output show:

minion1:
    True

Example 2:

sudo salt minion1 cmd.run pwd

The output show:

minion1:
    /root

That's it. You can learn more about SaltStack on its official website. Enjoy it!