How to Install SaltStack on Ubuntu 18
What is SaltStack?
SaltStack is an open-source infrastructure management platform built on a dynamic communications bus. The main structure of SaltStack contains two main components for work: one Salt Master and several Salt Minions. Salt Master is the main control system used to send commands to Salt Minion and their configuration. Salt Minions (they are also called Nodes) are subsystems that work on managed servers and receive commands from the master, as well as their configuration. At least two servers are required for interaction settings. One for the Master and one for the node. All nodes are configured in the same way.
Pre-Installation Notes
There are two concerns which need to be put forward prior to installing SaltStack.
- Upgrade PyCrypto: The PyCrypto library usually provided by the default system packages is currently unmaintained and likely insecure. Salt requires PyCrypto as a "lowest common denominator" for backward compatibility, however, because PyCrypto is unmaintained, the best practice is to manually upgrade the system to use a more modern and continually maintained library such as PyCryptodome or better yet, M2Crypto.
- Because Python 2.7 reached its End of Life (EOL) status on Jan. 1st 2020, Python 2.x is deprecated in SaltStack version 3000 (Sodium) release and later.
Salt Master Installation
We will perform these install processes on both the Master server and the Minion server. The first step is to make sure our system packages are up to date
[root@host ~]# apt-get update
Hit:1 http://by.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://by.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://by.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Get:5 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic InRelease [2.126 B]
Get:6 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 Packages [3.200 B]
Ign:7 https://dl.bintray.com/tetrate/getenvoy-deb bionic InRelease
Get:8 https://dl.bintray.com/tetrate/getenvoy-deb bionic Release [5.356 B]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [38,5 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 48x48 Icons [17,6 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 64x64 Icons [41,5 kB]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [42,1 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 48x48 Icons [16,4 kB]
Get:15 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 64x64 Icons [111 kB]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B]
Fetched 369 kB in 1s (258 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
[root@host ~]#
Now, we need to download the repository key for SaltStack and import it into our system.
[root@host ~]# wget -O- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
--2020-03-08 19:00:32-- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub
Resolving repo.saltstack.com (repo.saltstack.com)... 54.192.230.5, 54.192.230.104, 54.192.230.29, ...
Connecting to repo.saltstack.com (repo.saltstack.com)|54.192.230.5|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1727 (1,7K) [application/octet-stream]
Saving to: 'STDOUT'
- 100%[==================>] 1,69K --.-KB/s in 0s
2020-03-08 19:00:34 (374 MB/s) - written to stdout [1727/1727]
OK
[root@host ~]#
Next, we can add the repository itself.
echo "deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main" | sudo tee /etc/apt/sources.list.d/saltstack.list
deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main
[root@host ~]#
Now, we need to update our repo list so our available system packages are up to date.
[root@host ~]# apt-get update
Hit:1 http://by.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://by.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://by.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Get:5 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic InRelease [2.126 B]
Get:6 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 Packages [3.200 B]
Ign:7 https://dl.bintray.com/tetrate/getenvoy-deb bionic InRelease
Get:8 https://dl.bintray.com/tetrate/getenvoy-deb bionic Release [5.356 B]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [38,5 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 48x48 Icons [17,6 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 64x64 Icons [41,5 kB]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [42,1 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 48x48 Icons [16,4 kB]
Get:15 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 64x64 Icons [111 kB]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B]
Fetched 369 kB in 1s (258 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
[root@host ~]#
Next, lets install SaltStack Master packages.
[root@host ~]# apt -y install salt-api salt-cloud salt-master salt-ssh salt-syndic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
git git-man ieee-data liberror-perl libnorm1 libpgm-5.2-0 libzmq5
python3-cherrypy3 python3-croniter python3-git python3-gitdb python3-gnupg
python3-jinja2 python3-libcloud python3-lockfile python3-msgpack
python3-netaddr python3-openssl python3-psutil python3-repoze.lru
python3-routes python3-smmap python3-webob python3-zmq salt-common
Suggested packages:
git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk
gitweb git-cvs git-mediawiki git-svn python-git-doc python-jinja2-doc
python-lockfile-doc ipython3 python-netaddr-docs python-openssl-doc
python3-openssl-dbg python-psutil-doc python3-paste python3-nose
python-webob-doc python3-botocore python3-pycurl python3-twisted
The following NEW packages will be installed:
git git-man ieee-data liberror-perl libnorm1 libpgm-5.2-0 libzmq5
python3-cherrypy3 python3-croniter python3-git python3-gitdb python3-gnupg
python3-jinja2 python3-libcloud python3-lockfile python3-msgpack
python3-netaddr python3-openssl python3-psutil python3-repoze.lru
python3-routes python3-smmap python3-webob python3-zmq salt-api salt-cloud
salt-common salt-master salt-ssh salt-syndic
0 upgraded, 30 newly installed, 0 to remove and 0 not upgraded.
Need to get 16,5 MB of archives.
After this operation, 98,8 MB of additional disk space will be used.
…
…
…
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /lib/systemd/system/salt-master.service.
Setting up salt-api (3000+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-api.service → /lib/systemd/system/salt-api.service.
Setting up salt-syndic (3000+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /lib/systemd/system/salt-syndic.service.
Processing triggers for systemd (237-3ubuntu10.39) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
[root@host ~]#
Salt Master Configuration
Using the nano or vim text editor, open the file /etc/salt/master.
[root@host ~]# vim /etc/salt/master
Now, find the following line.
#interface: 0.0.0.0
Once the value is located, uncomment it out and then specify the servers IP replacing the 0.0.0.0 IP address. In this example, we will use 64.91.225.162. This will be the IP address from which we will control the minion servers.
# The address of the interface to bind to:
interface: 64.91.225.162
Use :wq to save the file and exit. After editing, we should restart the service.
[root@host ~]# systemctl restart salt-master.service
[root@host ~]#
Next, we need to create a key that will be used by the minions to connect to the master nodes. We generated a unique key, so yours will be different.
root@host:~# salt-key -F master
Local Keys:
master.pem: f8:01:d9:13:19:3f:a2:37:a5:03:cb:e8:0e:3d:9f:75:7c:f7:36:10:1d:51:70:b2:4c:b8:5f:04:4b:04:fc:28
master.pub: d0:71:50:26:f7:05:d7:84:6c:f8:38:1f:ce:5b:d8:6a:80:6c:1a:76:05:a8:48:3a:d7:5a:86:ff:bc:14:3b:49
root@host:~#
You will want to make note of the master.pub key as we will need to add it into the configuration on the salt minion shortly.
Lastly, we will want to open the default ports in the firewall. By default, Salt uses ports 4505 and 4506.
[root@host ~]# ufw allow proto tcp from any to any port 4505,4506
Salt Minion Installation
First, we will install the software on our minion server.
[root@host ~]# apt -y install salt-minion
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
dctrl-tools debconf-utils
Suggested packages:
debtags python3-augeas
The following NEW packages will be installed:
dctrl-tools debconf-utils salt-minion
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 146 kB of archives.
After this operation, 527 kB of additional disk space will be used.
Get:1 http://by.archive.ubuntu.com/ubuntu bionic/main amd64 dctrl-tools amd64 2.24-2build1 [60,9 kB]
Get:2 http://by.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 debconf-utils all 1.5.66ubuntu1 [56,6 kB]
Get:3 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 salt-minion all 3000+ds-1 [28,1 kB]
Fetched 146 kB in 1s (235 kB/s)
Selecting previously unselected package dctrl-tools.
(Reading database ... 178806 files and directories currently installed.)
Preparing to unpack .../dctrl-tools_2.24-2build1_amd64.deb ...
Unpacking dctrl-tools (2.24-2build1) ...
Selecting previously unselected package debconf-utils.
Preparing to unpack .../debconf-utils_1.5.66ubuntu1_all.deb ...
Unpacking debconf-utils (1.5.66ubuntu1) ...
Selecting previously unselected package salt-minion.
Preparing to unpack .../salt-minion_3000+ds-1_all.deb ...
Unpacking salt-minion (3000+ds-1) ...
Setting up debconf-utils (1.5.66ubuntu1) ...
Setting up dctrl-tools (2.24-2build1) ...
Setting up salt-minion (3000+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /lib/systemd/system/salt-minion.service.
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.39) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
[root@host ~]#
Salt Minion Configuration
Next, we will configure the software on the minion server. By default, the Salt Minion connects to the master Salt servers DNS named above in the /etc/hosts file. We will need to modify this setting. Again we will use our vim editor and open the file /etc/hosts and add the IP of the Salt Master. In this case 10.0.2.15. After that entry is created, save the file using :wq.
127.0.0.1 localhost
64.91.225.162 saltmaster
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Now, we need to create a unique identifier for the Salt minion.
vim /etc/salt/minion_id
Let's add the identifier name for the minion. Care should be taken to create a naming scheme in advance to allow for additional minions e.g.
- ubuntu-minion_01
- us.mi.lan-ubuntu_01
- company.location.dept-ubuntu_01
We will use ubuntu-minion_01 as our salt minion server name.
Next, copy the master.pub
fingerprint we created on the master server above, and set this value as the master_finger
setting in the minion configuration file /etc/salt/minion_id. You can search for this value in vim using /finger within the file. After adding the fingerprint, use :wq to save the and exit the file.
# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# "salt-key -f master.pub" on the Salt master.
master_finger: 'd0:71:50:26:f7:05:d7:84:6c:f8:38:1f:ce:5b:d8:6a:80:6c:1a:76:05:a8:48:3a:d7:5a:86:ff:bc:14:3b:49'
If you change any of the settings (like the IP address of the salt master in /etc/salt/minion
), you’ll need to restart salt-minion service
[root@host ~]# systemctl restart salt-minion
Now, login to the salt master server and list/check for the Accepted Keys using the following command.
root@host:~# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
ubuntu-minion_01 <<<<<
Rejected Keys:
root@host:~#
As you can see, we now have a key waiting to be accepted "ubuntu-minion_01". Next, we will accept the salt-key for the minion on the salt master server.
root@host:~# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
ubuntu-minion_01
Proceed? [n/Y] y
Key for minion ubuntu-minion_01 accepted.
root@host:~#
Now we can run the following command on the Salt minion to check the minions key fingerprint.
root@host:~# salt-call --local key.finger
local:
cf:b7:01:00:9f:78:27:03:42:91:f1:7c:f1:3f:81:2f:a3:e6:11:48:bc:10:ba:2b:0c:df:f0:78:e0:07:1c:df
root@host:~#
Next, we can compare the above value to the value that is shown when we run the command "salt-key –finger <MINION_ID>" on the Salt master.
root@host:~# salt-key –finger ubuntu-minion_01
Accepted Keys:
ubuntu-minion_01 <<<<<
Denied Keys:
Unaccepted Keys:
Rejected Keys:
root@host:~#
Now, lets verify the communication between the salt master and the salt minion by running the test.ping
command.
root@host:~# salt ubuntu-minion_01 test.ping
ubuntu-minion_01:
True
root@host:~#
Success!
Conclusion
Saltstack is one of the most popular IT automation, remote task execution, and configuration management tools in use today. In this article we learned how to install and configure Saltstack on both a salt master and salt minion server.
Related Articles:
- 4 Methods for How to Install Yarn on Windows Server
- How to Install Bpytop Resource Monitoring Tool on AlmaLinux
- How to Fix “This Site Can’t Provide a Secure Connection” Error
- How to Install MongoDB on AlmaLinux
- How to Install PostgreSQL on AlmaLinux
- How to Use the WP Toolkit to Secure and Update WordPress
About the Author: Ellen Sletton
I'm 23 years old Linux Tech who always takes NO as Next Opportunity. Every day I'm trying to learn something new and share my knowledge with others. My free time I spend with my dog Emil or doing some UI/UX design or simply making an inspiring photo for my blog :) Sharing knowledge helps me generate new ideas and stay motivated.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Latest Articles
What Is WebP and What Makes it Different from Other Image Formats?
Read ArticleTop 10 Password Security Standards
Read ArticleTop 10 Password Security Standards
Read ArticleHow to Install MongoDB on AlmaLinux
Read ArticleHow to Use the WP Toolkit to Secure and Update WordPress
Read Article