Salt is a configuration management & remote execution tool written in python. It's based on a server-client architecture. The server component is the salt master to which salt minions, the clients connect to receive instructions. The desired configuration of a salt managed client (salt minion) is referred to as state.
Installation:
According to some of the documentation salt should be part of the EPEL repository but I wasn't able to find it there. so, I installed it from the salt repository. The steps are illustrated below. I've used 2 Centos 7 systems for setting up the salt master & salt minion.
Installing salt master:
download the gpg key for the salt repo.
[root@cserver ~]# rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
Add the salt repo information.
[root@cserver ~]# vi /etc/yum.repos.d/saltstack.repo
[root@cserver ~]# cat /etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
[root@cserver ~]#
Install salt-master & salt-minion components
[root@cserver ~]# yum install salt-master
Dependencies Resolved
==============================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================
Installing:
salt-master noarch 2016.3.4-1.el7 saltstack-repo 1.5 M
Installing for dependencies:
PyYAML x86_64 3.11-1.el7 saltstack-repo 160 k
libsodium x86_64 1.0.5-1.el7 saltstack-repo 143 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
openpgm x86_64 5.2.122-2.el7 saltstack-repo 172 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-crypto x86_64 2.6.1-1.el7.centos extras 470 k
python-futures noarch 3.0.3-1.el7 saltstack-repo 26 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-msgpack x86_64 0.4.6-1.el7 saltstack-repo 73 k
python-requests noarch 2.6.0-1.el7_1 base 94 k
python-six noarch 1.9.0-2.el7 base 29 k
python-tornado x86_64 4.2.1-1.el7 saltstack-repo 636 k
python-urllib3 noarch 1.10.2-2.el7_1 base 100 k
python-zmq x86_64 15.3.0-2.el7 saltstack-repo 520 k
salt noarch 2016.3.4-1.el7 saltstack-repo 6.1 M
zeromq x86_64 4.1.4-5.el7 saltstack-repo 555 k
Updating for dependencies:
python-chardet noarch 2.2.1-1.el7_1 base 227 k
Transaction Summary
==============================================================================================================================================================================================
Install 1 Package (+17 Dependent packages)
Upgrade ( 1 Dependent package)
[root@cserver ~]# yum install salt-minion
Loaded plugins: fastestmirror, langpacks
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
http://centosmirror.go4hosting.in/7.2.1511/os/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: centosmirror.go4hosting.in; No address associated with hostname"
Trying other mirror.
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
https://repo.saltstack.com/yum/redhat/7/x86_64/latest/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: repo.saltstack.com; Name or service not known"
Trying other mirror.
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.fibergrid.in
* extras: mirror.fibergrid.in
* updates: mirror.fibergrid.in
Resolving Dependencies
--> Running transaction check
---> Package salt-minion.noarch 0:2016.3.4-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================
Installing:
salt-minion noarch 2016.3.4-1.el7 saltstack-repo 32 k
Transaction Summary
==============================================================================================================================================================================================
Install 1 Package
Total download size: 32 k
Installed size: 65 k
Is this ok [y/d/N]: y
Downloading packages:
salt-minion-2016.3.4-1.el7.noarch.rpm | 32 kB 00:00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : salt-minion-2016.3.4-1.el7.noarch 1/1
Verifying : salt-minion-2016.3.4-1.el7.noarch 1/1
Installed:
salt-minion.noarch 0:2016.3.4-1.el7
Complete!
Installing salt minion;
Download the gpg key for the salt repo
[root@cclient1 ~]# rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
Add the information for the repo:
[root@cclient1 ~]# vi /etc/yum.repos.d/saltstack.repo
[root@cclient1 ~]# cat /etc/yum.repos.d/saltstack.repo
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
Install salt-minion component.
[root@cclient1 ~]# yum install salt-minion -y
Dependencies Resolved
==============================================================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================================================
Installing:
salt-minion noarch 2016.3.4-1.el7 saltstack-repo 32 k
Installing for dependencies:
PyYAML x86_64 3.11-1.el7 saltstack-repo 160 k
libsodium x86_64 1.0.5-1.el7 saltstack-repo 143 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
openpgm x86_64 5.2.122-2.el7 saltstack-repo 172 k
python-babel noarch 0.9.6-8.el7 base 1.4 M
python-crypto x86_64 2.6.1-1.el7.centos extras 470 k
python-futures noarch 3.0.3-1.el7 saltstack-repo 26 k
python-jinja2 noarch 2.7.2-2.el7 base 515 k
python-markupsafe x86_64 0.11-10.el7 base 25 k
python-msgpack x86_64 0.4.6-1.el7 saltstack-repo 73 k
python-requests noarch 2.6.0-1.el7_1 base 94 k
python-six noarch 1.9.0-2.el7 base 29 k
python-tornado x86_64 4.2.1-1.el7 saltstack-repo 636 k
python-urllib3 noarch 1.10.2-2.el7_1 base 100 k
python-zmq x86_64 15.3.0-2.el7 saltstack-repo 520 k
salt noarch 2016.3.4-1.el7 saltstack-repo 6.1 M
zeromq x86_64 4.1.4-5.el7 saltstack-repo 555 k
Updating for dependencies:
python-chardet noarch 2.2.1-1.el7_1 base 227 k
Transaction Summary
==============================================================================================================================================================================================
Install 1 Package (+17 Dependent packages)
Upgrade ( 1 Dependent package)
To verify the installation & get salt version details type the following command on the salt master:
[root@cserver ~]# salt --versions-report
Salt Version:
Salt: 2016.3.4
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pygit2: Not Installed
Python: 2.7.5 (default, Jun 17 2014, 18:11:42)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: centos 7.0.1406 Core
machine: x86_64
release: 3.10.0-123.el7.x86_64
system: Linux
version: CentOS Linux 7.0.1406 Core
Salt minion configuration:
To configure salt minions we need to tell them who the salt master is & give them a unique id to identify them. In this lab host cserver will be the salt master 7 cclient1 will be the salt minion. Although, I've set up a salt minion on cserver as well.
[root@cserver salt]# cat minion | grep cserver
master: cserver
[root@cserver salt]# cat minion | grep "firstminion"
id: firstminion
[root@cserver salt]#
[root@cclient1 salt]# vi minion
[root@cclient1 salt]# cat minion | grep cserver
master: cserver
[root@cclient1 salt]# cat minion | grep secondminion
id: secondminion
[root@cclient1 salt]#
Also firewall ports 4505 & 4506 need to be opened.
Let's start the services & enable them at system boot:
[root@cserver salt]# systemctl start salt-master
[root@cserver salt]# systemctl start salt-minion
[root@cserver salt]# systemctl enable salt-master
ln -s '/usr/lib/systemd/system/salt-master.service' '/etc/systemd/system/multi-user.target.wants/salt-master.service'
[root@cserver salt]# systemctl enable salt-minion
ln -s '/usr/lib/systemd/system/salt-minion.service' '/etc/systemd/system/multi-user.target.wants/salt-minion.service'
[root@cserver salt]#
[root@cclient1 salt]# systemctl start salt-minion
[root@cclient1 salt]# systemctl enable salt-minion
ln -s '/usr/lib/systemd/system/salt-minion.service' '/etc/systemd/system/multi-user.target.wants/salt-minion.service'
[root@cclient1 salt]#
Doesn't hurt to check the status as well:
[root@cserver salt]# systemctl status salt-master
salt-master.service - The Salt Master Server
Loaded: loaded (/usr/lib/systemd/system/salt-master.service; enabled)
Active: active (running) since Thu 2016-11-10 12:47:02 EST; 2min 6s ago
Main PID: 64303 (salt-master)
CGroup: /system.slice/salt-master.service
[root@cserver salt]# systemctl status salt-minion
salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled)
Active: active (running) since Thu 2016-11-10 12:47:08 EST; 2min 7s ago
Main PID: 64531 (salt-minion)
CGroup: /system.slice/salt-minion.service
Before we can start using our sat master & minion there is one more thing we need to do & that is to tell the master that it can trust the minion. We do this by providing the minion's salt key to the master.
Here's how:
We use the salt-key command to list, add & manage minion keys.
[root@cserver salt]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
firstminion
secondminion
Rejected Keys:
We can see that both minion keys are unaccepted at the moment.
Let's inspect & verify the keys before we add them:
[root@cserver salt]# salt-key -f firstminion
Unaccepted Keys:
firstminion: 87:f3:5b:3c:20:bf:c9:fb:0d:d6:25:6b:36:3d:e4:80
[root@cserver salt]# salt-key -f secondminion
Unaccepted Keys:
secondminion: e9:82:ed:fd:a2:41:66:1d:58:37:fc:82:3b:71:1d:7c
[root@cserver salt]#
[root@cserver salt]# salt-call --local key.finger
local:
87:f3:5b:3c:20:bf:c9:fb:0d:d6:25:6b:36:3d:e4:80
[root@cserver salt]#
[root@cclient1 salt]# salt-call --local key.finger
local:
e9:82:ed:fd:a2:41:66:1d:58:37:fc:82:3b:71:1d:7c
[root@cclient1 salt]#
The salt-key command with the -f option followed by the minion's id prints the key as seen by the master.
Running salt-call with the local option using key.finger function runs a local salt command to print the minion's key. Details on running salt commands coming up shortly.
Since the keys are a match, let's add them:
[root@cserver salt]# salt-key -a firstminion
The following keys are going to be accepted:
Unaccepted Keys:
firstminion
Proceed? [n/Y] y
Key for minion firstminion accepted.
[root@cserver salt]# salt-key -a secondminion
The following keys are going to be accepted:
Unaccepted Keys:
secondminion
Proceed? [n/Y] y
Key for minion secondminion accepted.
[root@cserver salt]#
Now if we run the salt-key command again we'll see that our minion's keys have been accepted.
[root@cserver salt]# salt-key
Accepted Keys:
firstminion
secondminion
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@cserver salt]#
To run our first salt command, let's ping our minion nodes to verify that they are alive & reachable:
[root@cserver salt]# salt '*' test.ping
secondminion:
True
firstminion:
True
[root@cserver salt]#
In the above command, The * implies that the command is to be executed on all minions.
In the test.ping, the test is the module & the ping is the function.
We'll drill down to the anatomy of salt commands in the next article.
No comments:
Post a Comment