How to Install SaltStack Master on CentOS/RHEL 8

In this article, you will learn how to install SaltStack Master on CentOS / RHEL 8.

 

Table of Contents:

• What is SaltStack Master?
• Environment Specification
• Update Linux Software Packages
• Install Python on CentOS / RHEL 8
• Install SaltStack Official Yum Repository
• Install SaltStack Master on CentOS / RHEL 8
• Configure SaltStack Master
• Configure Linux Firewall for SaltStack Master
• Managing SaltStack Public Keys
• Conclusion

 

What is SaltStack Master?:

SaltStack or Salt is a Python-based, open-source software for event based IT automation, remote task execution, and configuration management. It supports "Infrastructure as Code" approach to data center system and network deployment and management, configuration automation, SecOps orchestration, vulnerability remediation, and hybrid cloud control. (Courtesy: Wikipedia)

SaltStack Master is the server node, it is the central server that controls all the Salstack Minions. Master server holds the Inventory and Public Keys of Minions and perform remote execution on them.

 

Environment Specification:

We are using a minimal installed CentOS 8 virtual machine with following specifications.

• CPU - 3.4 Ghz (2 cores)
• Memory - 2 GB
• Storage - 20 GB
• Operating System - CentOS Linux 8.2
• Hostname – saltstack-master-01.centlinux.com
• IP Address - 192.168.116.206 /24

 

Update Linux Software Packages:

Connect with saltstack-master-01.centlinux.com as root user by using a ssh tool.

Update all existing software packages to latest available versions.

# dnf update -y

Your Linux operating system has been updated successfully.

 

Install Python on CentOS / RHEL 8:

SaltStack is written in Python, therefore, it requires Python language support for compilation and execution of SaltStack commands.

Python3 is available in default CentOS / RHEL AppStream, therefore, you can install it by using dnf command.

# dnf install -y python3

Python 3.6 has been installed on Linux server.

 

Install SaltStack Official Yum Repository:

Although SaltStack packages are available via EPEL (Extra Packages for Enterprise Linux) yum repository. But if you want to install the latest version of the software, then you should install their official yum repository.

Use the following command to install SaltStack official yum repository on CentOS / RHEL 8.

# dnf install -y https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm

Build cache for newly installed yum repositories.

# dnf makecache
CentOS-8 - AppStream                            179  B/s | 4.3 kB     00:24
CentOS-8 - Base                                 3.5 kB/s | 3.9 kB     00:01
CentOS-8 - Extras                               667  B/s | 1.5 kB     00:02
SaltStack Latest Release Channel Python 3 for R  33 kB/s | 224 kB     00:06
Metadata cache created.

 

Installing SaltStack Master on CentOS / RHEL 8:

You have added SaltStack yum repository, now you can easily install latest versions of the software by using dnf command.

Install necessary software packages that are required for a SaltStack Master server.

# dnf install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api

Here, we are also installing salt-minion package on SaltStack Master, because the Minion will collect and send the system metrics of the Master, even on the same server. Please refer to our next post on how to install SaltStack Minion on CentOS / RHEL 8.

 

Configure SaltStack Master:

Configuration files for SaltStack software are located in /etc/salt directory.

Default configurations are sufficient to start the Master server, but you need to adjust SaltStack Minion configurations before starting its service.

Edit SaltStack Minion Configuration file.

# vi /etc/salt/minion

Locate following directive in this file.

#master: salt

And replace it with following directive.

master: saltstack-master-01.centlinux.com

The master directive tells the Minion about the Master server in use. The SaltStack master hostname must be resolvable. You can either do this by using Local DNS Resolver i.e. /etc/hosts file or configure a authoritative DNS Server for your computer network.

Enable and start Master and Minion services.

# systemctl enable --now salt-master salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service â /usr/lib/systemd/system/salt-master.service.
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service â /usr/lib/systemd/system/salt-minion.service.

 

Configure Linux Firewall for SaltStack Master:

SaltStack master uses default ports 4505/tcp and 4506/tcp. Therefore, you need to allow incoming traffic to both of these ports in Linux firewall.

# firewall-cmd --permanent --add-port={4505,4506}/tcp
success
# firewall-cmd --reload
success

 

Managing SaltStack Public Keys:

On initial connection, a SaltStack minion send its public key to the SaltStack master. This public key must be accepted by the Master to allow a Minion to communicate with SaltStack Master.

List down all the SaltStack public keys.

# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
saltstack-master-01.centlinux.com
Rejected Keys:

Currently, there is only one Unaccepted public key. Accept this public key by using following command.

# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
saltstack-master-01.centlinux.com
Proceed? [n/Y] Y
Key for minion saltstack-master-01.centlinux.com accepted.

Execute ping command on all the minions.

# salt '*' test.ping
saltstack-master-01.centlinux.com:
    True

Check versions of all the minions.

# salt '*' test.version
saltstack-master-01.centlinux.com:
    3001.1

 

Conclusion:

Your SaltStack Master has been installed on CentOS / RHEL 8. Before you start to use SaltStack software, we strongly recommend you to purchase and read Mastering SaltStack - Second Edition (PAID LINK) by Joseph Hall. This book will guide you about the Saltstack architecture and basic concepts with practical examples.