SaltStack is a free, open-source, and Python-based automation and configuration management software. It is a command-line tool that helps you to manage your infrastructure from a central location. SoltStack is made from four components. A brief explanation of each component is shown below:
- Salt Master acts as a command-line controller for its minions. It is used to control and manage a number of minions.
- Salt Minions are slave daemons that receive configurations and commands from the master.
- Formula is configuration management files.
- Execution is a number of commands and modules that are executed on the minions.
In this article, I will show you how to install SaltStack Master and Minion systems on Debian 11.
Prerequisites
- Two servers running Debian 11.
- A root password is configured on the server.
Install Saltstack Master
By default, SaltStack is not included in the Debian 11 default repository. So you will need to add the SaltStack repository to APT. You can add it by running the following command:
curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/latest/salt-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/latest bullseye main" | tee /etc/apt/sources.list.d/salt.list
Once the repository is added, update the repository cache using the following command:
apt-get update -y
Next, install the required dependencies using the following command:
apt-get install python3 salt-common -y
Next, install the SaltStack master with the following command:
apt-get install salt-master -y
After the successful installation, you can proceed to the next step.
Configure Saltstack Master
Next, you will need to define the bind interface in the SaltSTack configuration file.
nano /etc/salt/master
Change the following line:
interface: 0.0.0.0
Save and close the file then restart the SaltStack master with the following command:
systemctl restart salt-master
You can now verify the status of the SaltStack with the following command:
systemctl status salt-master
You will get the following output:
? salt-master.service - The Salt Master Server
Loaded: loaded (/lib/systemd/system/salt-master.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-02-12 07:39:48 UTC; 9s ago
Docs: man:salt-master(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 19403 (salt-master)
Tasks: 32 (limit: 2341)
Memory: 201.5M
CPU: 6.109s
CGroup: /system.slice/salt-master.service
??19403 /usr/bin/python3 /usr/bin/salt-master
??19407 /usr/bin/python3 /usr/bin/salt-master
??19431 /usr/bin/python3 /usr/bin/salt-master
??19434 /usr/bin/python3 /usr/bin/salt-master
??19435 /usr/bin/python3 /usr/bin/salt-master
??19436 /usr/bin/python3 /usr/bin/salt-master
??19437 /usr/bin/python3 /usr/bin/salt-master
??19444 /usr/bin/python3 /usr/bin/salt-master
??19445 /usr/bin/python3 /usr/bin/salt-master
??19446 /usr/bin/python3 /usr/bin/salt-master
??19448 /usr/bin/python3 /usr/bin/salt-master
??19451 /usr/bin/python3 /usr/bin/salt-master
??19454 /usr/bin/python3 /usr/bin/salt-master
Feb 12 07:39:48 debian11 systemd[1]: Starting The Salt Master Server...
Feb 12 07:39:48 debian11 systemd[1]: Started The Salt Master Server.
Once you are finished, you can proceed to the next step.
Install and Configure Saltstack Minion
At this point, SaltStack Master is installed and configured. Now, log in to another machine and add the SaltStack Minion repository with the following command:
curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/latest/salt-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/latest bullseye main" | tee /etc/apt/sources.list.d/salt.list
Once the repository is added, update the repository cache using the following command:
apt-get update -y
Next, install the SaltStack Minion with the following command:
apt-get install salt-minion -y
After the successful installation, edit the SaltStack Minion configuration file and define the master IP address.
nano /etc/salt/minion
Change the following line:
master: salt-master-ip
Save and close the file when you are finished.
Next, you will need to authenticate the minions using the master’s public fingerprint.
On the Salt Master machine, list all fingerprints using the following command:
salt-key --finger-all
You will get the following output:
Local Keys: master.pem: b7:f0:ed:19:bf:e8:e0:9d:c3:9c:a2:09:2c:97:2f:6b:0f:cb:eb:76:3d:d7:d5:a9:7d:0c:3a:60:6e:9f:d7:78 master.pub: 5e:4f:2b:37:41:cc:4b:9c:b0:ed:cb:0a:fb:c7:59:54:5f:11:34:ab:d2:99:96:c1:e7:ef:4d:95:b0:7c:d3:d1
Now, copy the master.pub fingerprint line and add it to the Minion configuration file.
On the Minion machine, edit the configuration file:
nano /etc/salt/minion
Add the master fingerprint as shown below:
master_finger: '5e:4f:2b:37:41:cc:4b:9c:b0:ed:cb:0a:fb:c7:59:54:5f:11:34:ab:d2:99:96:c1:e7:ef:4d:95:b0:7c:d3:d1'
You will also need to define the name of the Minion:
id: Minion1
Save and close the file then restart the SaltStack Minion using the following command:
systemctl restart salt-minion
You can also verify the status of the SaltStack Minion with the following command:
systemctl status salt-minion
You will get the following output:
? salt-minion.service - The Salt Minion
Loaded: loaded (/lib/systemd/system/salt-minion.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-02-12 07:46:04 UTC; 7s ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltproject.io/en/latest/contents.html
Main PID: 2324 (salt-minion)
Tasks: 8 (limit: 2341)
Memory: 59.9M
CPU: 1.185s
CGroup: /system.slice/salt-minion.service
??2324 /usr/bin/python3 /usr/bin/salt-minion
??2326 /usr/bin/python3 /usr/bin/salt-minion
??2328 /usr/bin/python3 /usr/bin/salt-minion
Feb 12 07:46:04 debian11 systemd[1]: Starting The Salt Minion...
Feb 12 07:46:04 debian11 systemd[1]: Started The Salt Minion.
You can also check the minion fingerprint using the following command:
salt-call key.finger --local
You will get the following output:
local:
14:12:ef:33:d2:1e:49:23:7b:a2:74:8d:19:fc:be:5e:6d:a6:57:ec:4f:a9:da:23:69:3f:62:1b:6b:4b:2f:27
On the SaltStack Master machine, match the fingerprint using the following command:
salt-key --finger-all
You will get the following output:
Local Keys: master.pem: b7:f0:ed:19:bf:e8:e0:9d:c3:9c:a2:09:2c:97:2f:6b:0f:cb:eb:76:3d:d7:d5:a9:7d:0c:3a:60:6e:9f:d7:78 master.pub: 5e:4f:2b:37:41:cc:4b:9c:b0:ed:cb:0a:fb:c7:59:54:5f:11:34:ab:d2:99:96:c1:e7:ef:4d:95:b0:7c:d3:d1 Unaccepted Keys: Minion1: 14:12:ef:33:d2:1e:49:23:7b:a2:74:8d:19:fc:be:5e:6d:a6:57:ec:4f:a9:da:23:69:3f:62:1b:6b:4b:2f:27
On the SaltStack Master, accept the Minion using the following command:
salt-key -a Minion1
You will get the following output:
The following keys are going to be accepted: Unaccepted Keys: Minion1 Proceed? [n/Y] Y Key for minion Minion1 accepted.
Now, verify the connection between Master and Minion using the following command:
salt Minion1 test.ping
You will get the following output:
Minion1:
True
Once you are finished, you can proceed to the next step.
Control Minions from the Master
After the successful connection between Master and Minion. Let’s start to execute some commands on the Minions.
Run the following command to list the available disk space on Minion:
salt '*' disk.usage
You will get the following output:
Minion1:
----------
/:
----------
1K-blocks:
51538400
available:
47658628
capacity:
4%
filesystem:
/dev/sda1
used:
1661604
/dev:
----------
1K-blocks:
998936
available:
998936
capacity:
0%
filesystem:
udev
used:
0
/dev/shm:
----------
1K-blocks:
1015232
available:
1015152
capacity:
1%
filesystem:
tmpfs
used:
80
To install the Apache package on the Minion, run the following command:
salt Minion1 pkg.install apache2
You will get the following output:
Minion1:
----------
apache2:
----------
new:
2.4.52-1~deb11u2
old:
apache2-bin:
----------
new:
2.4.52-1~deb11u2
old:
apache2-data:
----------
new:
2.4.52-1~deb11u2
old:
apache2-utils:
----------
new:
2.4.52-1~deb11u2
old:
libapr1:
----------
new:
1.7.0-6 deb11u1
old:
libaprutil1:
----------
new:
1.6.1-5
old:
libaprutil1-dbd-sqlite3:
----------
new:
1.6.1-5
old:
libaprutil1-ldap:
----------
new:
1.6.1-5
old:
To check the free memory on the Minion, run the following command:
salt '*' cmd.run 'free -m'
You will get the following output:
Minion1:
total used free shared buff/cache available
Mem: 1982 140 1392 2 450 1691
Swap: 0 0 0
Use Salt State File to Manage Minions
State files are also known as configuration management files that is used to configure and manage Minions.
To create a state file, you will need to create the environment base for SaltStack.
mkdir /src/salt
Next, create a state file with the following command:
nano /src/salt/setup.sls
Add the following code to install PHP, UNZIP and Apache package on Minions:
network_utilities:
pkg.installed:
- pkgs:
- php
- unzip
apache2_pkg:
pkg.installed:
- name: apache2
apache2_service:
service.running:
- name: apache2
- enable: True
- require:
- pkg: apache2_pkg
Save and close the file then apply the configuration to all Minions using the following command:
salt '*' state.apply setup
You will get the followig output:
Minion1:
----------
ID: network_utilities
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: php, unzip
Started: 07:51:22.424504
Duration: 17349.907 ms
Changes:
----------
libapache2-mod-php7.4:
----------
new:
7.4.25-1 deb11u1
old:
php:
----------
new:
2:7.4 76
old:
php-common:
----------
new:
2:76
old:
php7.4:
----------
new:
7.4.25-1 deb11u1
old:
php7.4-cli:
----------
new:
7.4.25-1 deb11u1
old:
php7.4-common:
----------
new:
7.4.25-1 deb11u1
old:
php7.4-json:
----------
new:
7.4.25-1 deb11u1
old:
php7.4-opcache:
----------
new:
7.4.25-1 deb11u1
old:
php7.4-readline:
----------
new:
7.4.25-1 deb11u1
old:
psmisc:
----------
new:
23.4-2
old:
unzip:
----------
new:
6.0-26
old:
----------
ID: apache2_pkg
Function: pkg.installed
Name: apache2
Result: True
Comment: All specified packages are already installed
Started: 07:51:39.780956
Duration: 1029.457 ms
Changes:
----------
ID: apache2_service
Function: service.running
Name: apache2
Result: True
Comment: The service apache2 is already running
Started: 07:51:40.812210
Duration: 35.61 ms
Changes:
Summary for Minion1
------------
Succeeded: 3 (changed=1)
Failed: 0
------------
Total states run: 3
Total run time: 18.415 s
Conclusion
Congratulations! you have successfully installed and configured SaltStack Master and Minion on Debian 11 server. We also explained how to manage Minions using state files and command-line. I hope this will help you to automate and manage your infrastructure from the central location. Feel free to ask me if you have any questions.
