Christian WellsSaltStack is an open-source IT automation framework that allows administrators to execute commands remotely on multiple machines. With its Master and Minion architecture, Salt provides powerful configuration management for automation deployment, remote task execution, and infrastructure as code. In this article, we will guide you through the process of setting up SaltStack Master and Minion on Rocky Linux servers, as well as demonstrate how to run arbitrary commands, and even create a Salt state for installing a basic LEMP Stack.
Prerequisites
Before we begin, make sure you have the following prerequisites:
- Two or more Rocky Linux servers
- A non-root user with root/administrator privileges on each server
Setting Up /etc/hosts file
To start the configuration process, we need to set up the /etc/hosts file on each Linux host. In this example, we will use three Rocky Linux servers: master,minion1, and minion2. Open a terminal and run the following command to edit the /etc/hosts file:
sudo nano /etc/hosts
Add the following configuration to the file:
192.168.5.10 master 192.168.5.15 minion1 192.168.5.16 minion2
Save and close the file when you are finished.
Adding SaltStack Repository
Next, we need to add the SaltStack repository to all of your Rocky Linux servers. Run the following commands in your terminal:
sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo
Verify that the SaltStack repository is added to your Rocky Linux server by running the following command:
sudo dnf repolist
This command will display a list of available repositories, and you should see the SaltStack repository among them.
Installing SaltStack Master
Now that the SaltStack repository is set up, let’s proceed with installing and configuring the SaltStack Master on the master server. In your terminal, run the following command to install the salt-master package:
sudo dnf install salt-master
After the installation is complete, edit the SaltStack Master configuration file /etc/salt/master:
sudo nano /etc/salt/master
Uncomment the interface: option and replace the IP address with the IP address of your master server. Save and close the file.
To enable the salt-master service to run at system boot and start the service, run the following commands:
sudo systemctl enable salt-master sudo systemctl start salt-master
You can verify the status of the salt-master service by running:
sudo systemctl status salt-master
To allow SaltStack Minions to connect to the SaltStack Master, open TCP ports 4505 and 4506 on your firewall. Run the following commands:
sudo firewall-cmd --zone=public --permanent --add-port=4505/tcp sudo firewall-cmd --zone=public --permanent --add-port=4506/tcp sudo firewall-cmd --reload
Verify that the ports are open by running:
sudo firewall-cmd --list-all Installing SaltStack Minion
With the SaltStack Master set up, we can now proceed to install and configure the SaltStack Minion on the minion1 and minion2 servers. Connect to each server and run the following command to install the salt-minion package:
sudo dnf install salt-minion
After the installation is complete, edit the SaltStack Minion configuration file /etc/salt/minion:
sudo nano /etc/salt/minion
Uncomment the master: option and replace the IP address with the IP address of your master server. Save and close the file.
To enable the salt-minion service to run at system boot and start the service, run the following commands:
sudo systemctl enable salt-minion sudo systemctl start salt-minion
You can verify the status of the salt-minion service by running:
sudo systemctl status salt-minion
Adding Minion Servers to SaltStack Master
Now that both the SaltStack Master and Minion are installed, we need to add the Minion servers to the SaltStack Master. On the master server, run the following command to check all available key fingerprints:
salt-key --finger-all
You should see the fingerprints of the minion1 and minion2 servers listed as “Unaccepted Keys”. To accept the key fingerprints, run the following commands:
salt-key -a minion1 salt-key -a minion2
To verify that the key fingerprints are accepted, run the following command:
salt-key --finger-all
You should now see the fingerprints of the minion1 and minion2 servers listed as “Accepted Keys”.
To test the connection between the SaltStack Master and the Minion servers, run the following command on the master server:
salt minion1 test.ping salt minion2 test.ping
If the configuration is successful, you should see the output message “True”, indicating that the SaltStack Minion servers are connected to the SaltStack Master.
Running Arbitrary Commands with SaltStack
One of the powerful features of SaltStack is the ability to run arbitrary commands from the SaltStack Master to the Minion servers. To demonstrate this, we will use the cmd module provided by Saltstack.
On the master server, run the following command to execute the uname -a command on all Minion servers:
salt '*' cmd.run 'uname -a'
This command will display the output of the uname -a command for each Minion server.
SaltStack also provides modules for managing package installation, repositories, services, and more. For example, you can use the pkg module to manage packages on multiple Linux distributions. Run the following commands to perform package-related tasks on all Minion servers:
salt '*' pkg.refresh_db salt '*' pkg.show bash salt '*' pkg.install chrony salt '*' pkg.list_repos salt '*' pkg.list_upgrades
These commands will refresh the package repositories, check the details of the bash package, install the chrony package, list the available repositories, and check for available package upgrades.
You can also use the service module to manage services on multiple Linux distributions. For example, to check the availability of the chronyd service, enable it to start at system boot, and check the list of running services, run the following commands:
salt '*' service.available chronyd salt '*' service.enabled chronyd salt '*' service.get_running salt '*' service.execs
These commands will help you manage services on your Minion servers.
Installing LEMP Stack with SaltStack State
SaltStack can also be used as a configuration management tool to automate the installation and setup of applications. In this section, we will create a SaltStack state file to install a basic LEMP Stack (Linux, Nginx, MariaDB, and PHP-FPM) on the Minion servers.
First, create a central configuration management directory /srv/salt/lemp and a new file init.sls using the following commands:
sudo mkdir -p /srv/salt/lemp sudo nano /srv/salt/lemp/init.sls
Add the following configuration to the file:
lemp_stack: pkg.installed: - pkgs: - nginx - mariadb-server - php - php-fpm nginx: service.running: - enable: True - reload: True mariadb: service.running: - enable: True - reload: True php-fpm: service.running: - enable: True - reload: True
Save and close the file.
To verify the Salt state configuration, run the following command:
sudo salt '*' state.show_sls lemp
This command will display the Salt state configuration for installing the LEMP Stack.
To apply the Salt state to the Minion servers and automatically install the LEMP Stack, run the following command:
sudo salt '*' state.apply lemp
You will see the installation progress and confirmation messages for each package.
Conclusion
Congratulations! You have successfully installed and configured SaltStack Master and Minion on your Rocky Linux servers. You have learned how to run arbitrary commands from the SaltStack Master to the Minion servers, as well as how to create a Salt state for installing the LEMP Stack. SaltStack provides a powerful and flexible configuration management solution for automating your infrastructure and application deployments.
Shape.host is a leading provider of Linux SSD VPS hosting solutions. With our reliable and scalable cloud hosting services, you can leverage the power of SaltStack to streamline your IT operations. Visit us at Shape.host to learn more about our hosting solutions and how we can help your business thrive.
