Devops
Setup Saltstack
28/04/19 21:39
In this article, I'll provide step-by-step instructions to setup Salt master and 1 minion in two VM instances.
Before start, I assume
- Two VM has been setup in CentOS 7 or above
- Non-root sudo user in the system
- Both server are able to communicate
The summary of two servers are
Master
- OS: CentOS 7
- Hostname: rm-dev01
- IP address: 192.168.4.136
Minion
- OS: CentOS 7
- Hostname: rm-dev02
- IP address: 192.168.4.137
#Step 1:
#Update with latest stable releases.
sudo yum update -y && sudo reboot
#After reboot complete sign in with sudo user.
#Step 2:
#Setup Saltmaster
sudo yum install salt-master
#Step 3:
#Setup master configuration settings
sudo vi /etc/salt/master
#Replace following line "#interface: 0.0.0.0" with
interface: 192.168.4.136
#Find "#hash_type: md5" and replace with
hash_type: sha256
#Save and quit
#Enable as service
sudo systemctl start salt-master.service
sudo systemctl enable salt-master.service
#Step 4:
#Modify firewall rules
#By default, the salt-master service will use ports 4505 and 4506 to communicate with minions. You need to allow traffic through the two ports on the master server. Find out to which zone the eth1 interface belongs:
sudo firewall-cmd --get-active-zones
#You will find out that the eth1 interface belongs to the "public" zone. Therefore, you need to allow traffic through the two ports in the "public" zone:
sudo firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
sudo firewall-cmd --reload
#Step 5:
#Setting up minion
sudo yum install salt-minion
#After the installation, modify the configuration file as below:
sudo vi /etc/salt/minion
#Find:
#master: salt
#Replace the line with:
master: 10.99.0.10
#Find: "#hash_type: sha256" replace the line with:
hash_type: sha256
#Save and quit:
#Start and enable the salt-minion service:
sudo systemctl start salt-minion.service
sudo systemctl enable salt-minion.service
#After starting up, the salt-minion service will send off a signal to find the SaltStack server.
#list keys
sudo salt-key -L
#you may see following result
Accepted Keys:
Denied Keys:
Unaccepted Keys:
rm-dev02
Rejected Keys:
# accept the key
sudo salt-key --accept=rm-dev02
# You should see following
The following keys are going to be accepted:
Unaccepted Keys:
rm-dev02
Proceed? [n/Y] y
Key for minion rm-dev02 accepted.
#type following
sudo salt-key -L
#this should show
Accepted Keys:
rm-dev02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Before start, I assume
- Two VM has been setup in CentOS 7 or above
- Non-root sudo user in the system
- Both server are able to communicate
The summary of two servers are
Master
- OS: CentOS 7
- Hostname: rm-dev01
- IP address: 192.168.4.136
Minion
- OS: CentOS 7
- Hostname: rm-dev02
- IP address: 192.168.4.137
#Step 1:
#Update with latest stable releases.
sudo yum update -y && sudo reboot
#After reboot complete sign in with sudo user.
#Step 2:
#Setup Saltmaster
sudo yum install salt-master
#Step 3:
#Setup master configuration settings
sudo vi /etc/salt/master
#Replace following line "#interface: 0.0.0.0" with
interface: 192.168.4.136
#Find "#hash_type: md5" and replace with
hash_type: sha256
#Save and quit
#Enable as service
sudo systemctl start salt-master.service
sudo systemctl enable salt-master.service
#Step 4:
#Modify firewall rules
#By default, the salt-master service will use ports 4505 and 4506 to communicate with minions. You need to allow traffic through the two ports on the master server. Find out to which zone the eth1 interface belongs:
sudo firewall-cmd --get-active-zones
#You will find out that the eth1 interface belongs to the "public" zone. Therefore, you need to allow traffic through the two ports in the "public" zone:
sudo firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
sudo firewall-cmd --reload
#Step 5:
#Setting up minion
sudo yum install salt-minion
#After the installation, modify the configuration file as below:
sudo vi /etc/salt/minion
#Find:
#master: salt
#Replace the line with:
master: 10.99.0.10
#Find: "#hash_type: sha256" replace the line with:
hash_type: sha256
#Save and quit:
#Start and enable the salt-minion service:
sudo systemctl start salt-minion.service
sudo systemctl enable salt-minion.service
#After starting up, the salt-minion service will send off a signal to find the SaltStack server.
#list keys
sudo salt-key -L
#you may see following result
Accepted Keys:
Denied Keys:
Unaccepted Keys:
rm-dev02
Rejected Keys:
# accept the key
sudo salt-key --accept=rm-dev02
# You should see following
The following keys are going to be accepted:
Unaccepted Keys:
rm-dev02
Proceed? [n/Y] y
Key for minion rm-dev02 accepted.
#type following
sudo salt-key -L
#this should show
Accepted Keys:
rm-dev02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Add sudo user in Ubuntu
15/06/17 18:48
The sudo users are granted with administrator privileges to perform administrative tasks. This guide will show you the easiest way to create a new user with sudo access on Ubuntu, without having to modify your server's sudoers file. If you want to configure sudo for an existing user, simply skip to step 3.
Steps to Create a New Sudo User. Be sure to replace server and user name with your name.
Log in to your server as the root user.
$ssh root@SERVER
Use the adduser command to add a new user to your system.
$adduser username
Set and confirm the new user's password at the prompt. A strong password is highly recommended. Set password prompts:
$Enter new UNIX password:
$Retype new UNIX password:
$passwd: password updated successfully
Follow the prompts to set the new user's information. It is fine to accept the defaults to leave all of this information blank.
$Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
Use the usermod command to add the user to the sudo group.
$usermod -aG sudo username
Test sudo access on new user account. Use the su command to switch to the new user account.
$su - username
As the new user, verify that you can use sudo by prepending "sudo" to the command that you want to run with superuser privileges.
$sudo command_to_run
For example, you can list the contents of the /root directory, which is normally only accessible to the root user.
$sudo ls -la /root
The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed.
Output:
[sudo] password for username:
If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.
Steps to Create a New Sudo User. Be sure to replace server and user name with your name.
Log in to your server as the root user.
$ssh root@SERVER
Use the adduser command to add a new user to your system.
$adduser username
Set and confirm the new user's password at the prompt. A strong password is highly recommended. Set password prompts:
$Enter new UNIX password:
$Retype new UNIX password:
$passwd: password updated successfully
Follow the prompts to set the new user's information. It is fine to accept the defaults to leave all of this information blank.
$Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
Use the usermod command to add the user to the sudo group.
$usermod -aG sudo username
Test sudo access on new user account. Use the su command to switch to the new user account.
$su - username
As the new user, verify that you can use sudo by prepending "sudo" to the command that you want to run with superuser privileges.
$sudo command_to_run
For example, you can list the contents of the /root directory, which is normally only accessible to the root user.
$sudo ls -la /root
The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed.
Output:
[sudo] password for username:
If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.