Setup Saltstack
28/04/19 21:39 Filed in: Devops
In this article, I'll provide step-by-step instructions to setup Salt master and 1 minion in two VM instances.
Before start, I assume
- Two VM has been setup in CentOS 7 or above
- Non-root sudo user in the system
- Both server are able to communicate
The summary of two servers are
Master
- OS: CentOS 7
- Hostname: rm-dev01
- IP address: 192.168.4.136
Minion
- OS: CentOS 7
- Hostname: rm-dev02
- IP address: 192.168.4.137
#Step 1:
#Update with latest stable releases.
sudo yum update -y && sudo reboot
#After reboot complete sign in with sudo user.
#Step 2:
#Setup Saltmaster
sudo yum install salt-master
#Step 3:
#Setup master configuration settings
sudo vi /etc/salt/master
#Replace following line "#interface: 0.0.0.0" with
interface: 192.168.4.136
#Find "#hash_type: md5" and replace with
hash_type: sha256
#Save and quit
#Enable as service
sudo systemctl start salt-master.service
sudo systemctl enable salt-master.service
#Step 4:
#Modify firewall rules
#By default, the salt-master service will use ports 4505 and 4506 to communicate with minions. You need to allow traffic through the two ports on the master server. Find out to which zone the eth1 interface belongs:
sudo firewall-cmd --get-active-zones
#You will find out that the eth1 interface belongs to the "public" zone. Therefore, you need to allow traffic through the two ports in the "public" zone:
sudo firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
sudo firewall-cmd --reload
#Step 5:
#Setting up minion
sudo yum install salt-minion
#After the installation, modify the configuration file as below:
sudo vi /etc/salt/minion
#Find:
#master: salt
#Replace the line with:
master: 10.99.0.10
#Find: "#hash_type: sha256" replace the line with:
hash_type: sha256
#Save and quit:
#Start and enable the salt-minion service:
sudo systemctl start salt-minion.service
sudo systemctl enable salt-minion.service
#After starting up, the salt-minion service will send off a signal to find the SaltStack server.
#list keys
sudo salt-key -L
#you may see following result
Accepted Keys:
Denied Keys:
Unaccepted Keys:
rm-dev02
Rejected Keys:
# accept the key
sudo salt-key --accept=rm-dev02
# You should see following
The following keys are going to be accepted:
Unaccepted Keys:
rm-dev02
Proceed? [n/Y] y
Key for minion rm-dev02 accepted.
#type following
sudo salt-key -L
#this should show
Accepted Keys:
rm-dev02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Before start, I assume
- Two VM has been setup in CentOS 7 or above
- Non-root sudo user in the system
- Both server are able to communicate
The summary of two servers are
Master
- OS: CentOS 7
- Hostname: rm-dev01
- IP address: 192.168.4.136
Minion
- OS: CentOS 7
- Hostname: rm-dev02
- IP address: 192.168.4.137
#Step 1:
#Update with latest stable releases.
sudo yum update -y && sudo reboot
#After reboot complete sign in with sudo user.
#Step 2:
#Setup Saltmaster
sudo yum install salt-master
#Step 3:
#Setup master configuration settings
sudo vi /etc/salt/master
#Replace following line "#interface: 0.0.0.0" with
interface: 192.168.4.136
#Find "#hash_type: md5" and replace with
hash_type: sha256
#Save and quit
#Enable as service
sudo systemctl start salt-master.service
sudo systemctl enable salt-master.service
#Step 4:
#Modify firewall rules
#By default, the salt-master service will use ports 4505 and 4506 to communicate with minions. You need to allow traffic through the two ports on the master server. Find out to which zone the eth1 interface belongs:
sudo firewall-cmd --get-active-zones
#You will find out that the eth1 interface belongs to the "public" zone. Therefore, you need to allow traffic through the two ports in the "public" zone:
sudo firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
sudo firewall-cmd --reload
#Step 5:
#Setting up minion
sudo yum install salt-minion
#After the installation, modify the configuration file as below:
sudo vi /etc/salt/minion
#Find:
#master: salt
#Replace the line with:
master: 10.99.0.10
#Find: "#hash_type: sha256" replace the line with:
hash_type: sha256
#Save and quit:
#Start and enable the salt-minion service:
sudo systemctl start salt-minion.service
sudo systemctl enable salt-minion.service
#After starting up, the salt-minion service will send off a signal to find the SaltStack server.
#list keys
sudo salt-key -L
#you may see following result
Accepted Keys:
Denied Keys:
Unaccepted Keys:
rm-dev02
Rejected Keys:
# accept the key
sudo salt-key --accept=rm-dev02
# You should see following
The following keys are going to be accepted:
Unaccepted Keys:
rm-dev02
Proceed? [n/Y] y
Key for minion rm-dev02 accepted.
#type following
sudo salt-key -L
#this should show
Accepted Keys:
rm-dev02
Denied Keys:
Unaccepted Keys:
Rejected Keys: