How to Setup SaltStack Master and Minion on Rocky Linux

Salt or Saltstack is an open-source IT automation framework that allows administrators to execute commands remotely to multiple machines directly. Salt is mainly written in Python and designed with Master and Minion architecture. SaltStack master is the central controller of Salt configuration management, and Minions are servers managed by SaltStack Master, or you named minions as target servers.

SaltStack master is running on Linux OS by default, but minions can be any operating system. Saltstack is revolutionary configuration management for automation deployment, remote task execution, and infrastructure as code. SaltStack also can be used to provision multiple infrastructure servers, this includes physical and virtual servers, and also the cloud.

By following this guide, you will install SaltStack Master and Minion on Rocky Linux servers. Also, you will learn how to use Salt for running Arbitrary commands from SaltStack Master against Salt Minions. And at the end, you will also learn how to create a Salt state for installing the basic LEMP Stack (Linux, Nginx, MariaDB, and PHP-FPM).

Prerequisites

Tom complete this tutorial, you will need at least two or more Rocky Linux servers. All of those servers should have a non-root user with root/administrator privileges.

Setting Up /etc/hosts file

For this example, we will use three Rocky Linux servers for the SaltStack installation. One server will be used as Master, and two servers will be used as minions.

Below are the detailed Rocky Linux servers that we will use:

Hostname    IP Address      Used as
---------------------------------------------
master      192.168.5.10    SaltStack Master
minion1     192.168.5.15    SaltStack Minion
minion2     192.168.5.16    SaltStack Minion

Before installing SaltStack packages, you will set up the /etc/hosts file on every Linux host.

Edit the file /etc/hosts using the following command.

sudo nano /etc/hosts

Now add the following configuration to the file.

master 192.168.5.10
minion1 192.168.5.15
minion2 192.168.5.16

When you are finished, save and close the file.

Adding SaltStack Repository

The SaltStack packages are available on its official repository. You will add the SaltStack repository and GPG key to all of your Rocky Linux servers.

Run the following command to import the GPG key for the SaltStack repository. Then, add the SaltStack repository. In this example, you will add the latest version of the SaltStack repository.

sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo

add repository and key

Now run the following command to check and verify the list of repositories on your Rocky Linux server. Then, update and generate new metadata for all available repositories.

You should see the SaltStack repository is added to the Rocky Linux server.

sudo dnf repolist
sudo dnf makecache

check repository and generate new metadata

Installing SaltStack Master

You have added the SaltStack repository to all of your Rocky Linux servers. Now you will install and set up the SaltStack Master on the "master" server.

First, run the DNF command below to install the "salt-master" package. This package is the main package for setting up the SaltStack Master.

Input Y to confirm the installation and press ENTER, and the installation will begin.

sudo dnf install salt-master

install salt-master

After installation is finished, edit the SaltStack Master configuration "/etc/salt/master" using the below command.

sudo nano /etc/salt/master

Uncomment the option "interface:" and change the IP address with your "master" server IP address. In this example, the IP address of SaltStack Master is "192.168.5.10".

interface: 192.168.5.10

Save and close the file when you are finished.

Next, enable the "salt-master" service to run at system boot and start the "salt-master" service. Then, check and verify the "salt-master" service.

You should see the "salt-master" service is enabled and running.

sudo systemctl enable salt-master && sudo systemctl start salt-master
sudo systemctl status salt-master

check and verify salt-master

On the SaltStack Master, you will need to open TCP ports 4505 and 4506, which will be used by the SaltStack Minions connection to the SaltStack Master.

Run the following "firewall-cmd" command below to open ports 4505 and 4506. Then, reload the Firewalld.

sudo firewall-cmd --zone=public --permanent --add-port={4505,4506}/tcp
sudo firewall-cmd --reload

Lastly, check and verify Firewalld rules using the following command. And you should get the port 4505 and 4506 available on the Firewalld.

sudo firewall-cmd --list-all

firewalld salt-master

Installing SaltStack Minion

You have installed and configured the SaltStack Master. Now you will install and set up SaltStack Minion on both "minion1" and "minion2" servers.

Move the "minion1" and minion2" servers, then run the DNF command below to install the "salt-minion" package. This package must be installed on all SaltStack Minion hosts.

Input Y to confirm the installation and press ENTER. And the "salt-minion" installation will begin.

sudo dnf install salt-minion

install salt-minion

After you have finished the installation, edit the SaltStack Minion config file "/etc/salt/minion" using the below command.

sudo nano /etc/salt/minion

Uncomment the option "master:" and add the SaltStack Master IP address or hostname. In this example, the SaltStack master is running on the server IP address "192.168.5.10".

master: 192.168.5.10

Save and close the file when you are finished.

Next, run the following command to enable the "salt-minion" service and start the service. Then, check and verify the "salt-minion" service.

You should see the "salt-minion" service is enabled and will automatically be run at system startup. And the current status of the "salt-minion" service is running.

sudo systemctl enable salt-minion && sudo systemctl start salt-minion
sudo systemctl status salt-minion

check salt-minion

Adding Minion Servers to SaltStack Master

You have now finished the installation of SaltStack Master on the "master" server and the SaltStack Minion on "minion1" and "minion2" servers. To add SaltStack Minions to the SaltStack Master, you will accept the key fingerprint of both the "minion1" and "minion2" server from the "master" server.

Back to the "master" server and run the salt command below to check all available key fingerprints. You should see there are two "Unaccepted Keys" from the "minion1" and "minion2" servers.

salt-key --finger-all

list fingerprint keys

To accept the key fingerprint of the "minion1" and "minion2" server, run the salt-key command below. And you will be prompted to accept the key fingerprint, Input Y to confirm and add the key.

salt-key -a minion1
salt-key -a minion2

Next, check and verify all available key fingerprints using the below command. And you should get both fingerprint keys of the "minion1" and "minion2" server added to the SaltStack master. Both key fingerprints are available in the "Accepted Keys" section.

salt-key --finger-all

add fingerprint keys

After adding SaltStack Minion servers to the SaltStack Master, run the following salt command on the "master" server to test and ping the "minion1" and "minion2" servers.

If your configuration is successful, you should the output message "True", which means SaltStack Minion servers are added to the SaltStack Master.

salt minion1 test.ping
salt minion2 test.ping

You can also use an asterisk '*' to target all SaltStack Minion servers.

salt '*' test.ping

SaltStack test ping

You can also check the current SaltStack version installed on both the "minion1" and "minion2" servers using the below command.

At the time of this writing, the latest version of SaltStack software is v3004.2, which is installed on all of the SaltStack servers.

salt '*' test.version

Running Arbitrary Command with SaltStack

Saltstack allows you to execute arbitrary commands from the master server to all minion servers. To do that, you will need to use an execution module provided by Saltstack.

Run the salt command below from the master server. This will execute the command uname -a on all minion servers, and this command is executed through the cmd module.

salt '*' cmd.run 'uname -a'

As you can see on the following screenshot, each minion servers return the output of the command uname -a.

run artbitrary command saltstack

Another example is where you can use the pkg module for managing package installation, repository, and everything related to package management. This supports multiple Linux distributions including RHEL-based distributions such as CentOS and Rocky Linux, and also Debian-based systems such as Ubuntu.

Refresh available repositories on all minion servers.

salt '*' pkg.refresh_db

Check the package bash using the salt command below.

salt '*' pkg.show bash

Install package named chrony on all minion servers.

salt '*' pkg.install chrony

Check the list of repositories on all server minions.

salt '*' pkg.list_repos

Check the list of available package updates on all minion servers.

salt '*' pkg.list_upgrades

Another great example here is the service module that allows you to manage services on multiple Linux distributions, including distribution with systemd.

Check if the chronyd service is available or not.

salt '*' service.available chronyd

Enable the chronyd service to start at system startup on all minion servers.

salt '*' service.enabled chronyd

Checking the list of running services on all servers.

salt '*' service.get_running

Check the ExecStart= command for every service available on all servers.

salt '*' service.execs

Installing LEMP Stack with SaltStack State

You have learned the basic salt command to run an arbitrary command against all SaltStack Minion servers. You will now create a new SaltStack state file for installing the basic LEMP Stack (Linux, Nginx, MariaDB, and the PHP-FPM). This is where you can use SaltStack as the configuration management for your server infrastructure and automatic application deployments.

The Rocky Linux repository provides multiple versions of Nginx, MariaDB, and PHP-FPM packages. To install the latest version of those packages, you will need to enable it via the DNF package manager module.

At the time of this writing, there is no SaltStack model that is equivalent to the "dnf module" command for RHEL-based distribution. So, you will enable the module manually via the SaltStack arbitrary command.

Run the following command to enable the module for Nginx v1.20, MariaDB v10.5, and the PHP packages v8.0.

salt '*' cmd.run 'sudo dnf module enable nginx:1.20 -y'
salt '*' cmd.run 'sudo dnf module enable mariadb:10.5 -y'
salt '*' cmd.run 'sudo dnf module enable php:8.0 -y'

Now create a new central configuration management directory "/srv/salt/lemp" and create a new file "init.sls" using the below command.

mkdir -p /srv/salt/lemp
nano /srv/salt/lemp/init.sls

Add the following configuration to the file. In this example, we will create the Salt state named "lemp" for installing LEMP Stack packages. Also, we will ensure all the LEMP Stack services (Nginx, MariaDB, and PHP-FPM) are enabled and running on all SaltStack Minion servers.

lemp_stack:
 pkg.installed:
   - pkgs:
     - nginx
     - mariadb-server
     - php
     - php-fpm

nginx:
  service.running:
    - enable: True
    - reload: True

mariadb:
  service.running:
    - enable: True
    - reload: True

php-fpm:
  service.running:
    - enable: True
    - reload: True

When you are finished, save and close the file.

Now to verify your Salt state configuration, use the salt command below. This command will test and verify your Salt state configuration against SaltStack Minion servers.

sudo salt * state.show_sls lemp

run test salt

To apply the Salt state to all SaltStack Minion servers, you can use the salt command below. Now the LEMP Stack will be installed automatically on the "minion1" and "minion2" servers.

sudo salt '*' state.apply lemp

In the following screenshot, you can see the LEMP Stack is installed on both "minion1" and "minion2" servers.

install LEMP Stack with SaltStack state

Conclusion

In this tutorial, you have finished the installation of SaltStack Master and SaltStack Minion on Rocky Linux servers. You have also learned the basic usage of the salt command to run an arbitrary command against SaltStack Minion. In the end, you also learned how to create a Salt state configuration for installing the LEMP Stack automatically and set up the SaltStack as configuration management for application deployments.

Share this page:

0 Comment(s)