We will perform these install processes on the Master server. The first step is to make sure our system packages are up to date
Code Block |
---|
[root@host ~]# apt-get update
Hit:1 http://by.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://by.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://by.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Get:5 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic InRelease [2.126 B]
Get:6 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 Packages [3.200 B]
Ign:7 https://dl.bintray.com/tetrate/getenvoy-deb bionic InRelease
Get:8 https://dl.bintray.com/tetrate/getenvoy-deb bionic Release [5.356 B]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [38,5 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 48x48 Icons [17,6 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 64x64 Icons [41,5 kB]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [42,1 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 48x48 Icons [16,4 kB]
Get:15 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 64x64 Icons [111 kB]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B]
Fetched 369 kB in 1s (258 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
[root@host ~]# |
Now, we need to download the repository key for SaltStack and import it into our system.
Code Block |
---|
[root@host ~]# wget -O- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
--2020-03-08 19:00:32-- https://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub
Resolving repo.saltstack.com (repo.saltstack.com)... 54.192.230.5, 54.192.230.104, 54.192.230.29, ...
Connecting to repo.saltstack.com (repo.saltstack.com)|54.192.230.5|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1727 (1,7K) [application/octet-stream]
Saving to: 'STDOUT'
- 100%[==================>] 1,69K --.-KB/s in 0s
2020-03-08 19:00:34 (374 MB/s) - written to stdout [1727/1727]
OK
[root@host ~]# |
Next, we can add the repository itself.
Code Block |
---|
echo "deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main" | sudo tee /etc/apt/sources.list.d/saltstack.list
deb http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic main
[root@host ~]# |
Now, we need to update our repo list so our available system packages are up to date.
Code Block |
---|
[root@host ~]# apt-get update
Hit:1 http://by.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://by.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://by.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Get:5 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic InRelease [2.126 B]
Get:6 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 Packages [3.200 B]
Ign:7 https://dl.bintray.com/tetrate/getenvoy-deb bionic InRelease
Get:8 https://dl.bintray.com/tetrate/getenvoy-deb bionic Release [5.356 B]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [38,5 kB]
Get:11 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 48x48 Icons [17,6 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/main DEP-11 64x64 Icons [41,5 kB]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [42,1 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 48x48 Icons [16,4 kB]
Get:15 http://security.ubuntu.com/ubuntu bionic-security/universe DEP-11 64x64 Icons [111 kB]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B]
Fetched 369 kB in 1s (258 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
[root@host ~]# |
Next, lets install SaltStack Master packages.
Code Block |
---|
[root@host ~]# apt -y install salt-api salt-cloud salt-master salt-ssh salt-syndic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
git git-man ieee-data liberror-perl libnorm1 libpgm-5.2-0 libzmq5
python3-cherrypy3 python3-croniter python3-git python3-gitdb python3-gnupg
python3-jinja2 python3-libcloud python3-lockfile python3-msgpack
python3-netaddr python3-openssl python3-psutil python3-repoze.lru
python3-routes python3-smmap python3-webob python3-zmq salt-common
Suggested packages:
git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk
gitweb git-cvs git-mediawiki git-svn python-git-doc python-jinja2-doc
python-lockfile-doc ipython3 python-netaddr-docs python-openssl-doc
python3-openssl-dbg python-psutil-doc python3-paste python3-nose
python-webob-doc python3-botocore python3-pycurl python3-twisted
The following NEW packages will be installed:
git git-man ieee-data liberror-perl libnorm1 libpgm-5.2-0 libzmq5
python3-cherrypy3 python3-croniter python3-git python3-gitdb python3-gnupg
python3-jinja2 python3-libcloud python3-lockfile python3-msgpack
python3-netaddr python3-openssl python3-psutil python3-repoze.lru
python3-routes python3-smmap python3-webob python3-zmq salt-api salt-cloud
salt-common salt-master salt-ssh salt-syndic
0 upgraded, 30 newly installed, 0 to remove and 0 not upgraded.
Need to get 16,5 MB of archives.
After this operation, 98,8 MB of additional disk space will be used.
…
…
…
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /lib/systemd/system/salt-master.service.
Setting up salt-api (3000+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-api.service → /lib/systemd/system/salt-api.service.
Setting up salt-syndic (3000+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-syndic.service → /lib/systemd/system/salt-syndic.service.
Processing triggers for systemd (237-3ubuntu10.39) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
[root@host ~]# |
Salt Master Configuration
Using the nano or vim text editor, open the file /etc/salt/master.
Code Block |
---|
[root@host ~]# vim /etc/salt/master |
Now, find the following line.
Code Block |
---|
#interface: 0.0.0.0 |
Once the value is located, uncomment it out and then specify the servers IP replacing the 0.0.0.0 IP address. In this example, we will use <xxx.xxx.xxx.xxx>. This will be the IP address from which we will control the minion servers.
Code Block |
---|
# The address of the interface to bind to:
interface: <xxx.xxx.xxx.xxx> |
Use :wq to save the file and exit. After editing, we should restart the service.
Code Block |
---|
[root@host ~]# systemctl restart salt-master.service
[root@host ~]# |
Next, we need to create a key that will be used by the minions to connect to the master nodes. We generated a unique key, so yours will be different.
Code Block |
---|
root@host:~# salt-key -F master
Local Keys:
master.pem: f8:01:d9:13:19:3f:a2:37:a5:03:cb:e8:0e:3d:9f:75:7c:f7:36:10:1d:51:70:b2:4c:b8:5f:04:4b:04:fc:28
master.pub: d0:71:50:26:f7:05:d7:84:6c:f8:38:1f:ce:5b:d8:6a:80:6c:1a:76:05:a8:48:3a:d7:5a:86:ff:bc:14:3b:49
root@host:~# |
You will want to make note of the master.pub key as we will need to add it into the configuration on the salt minion shortly.
Lastly, we will want to open the default ports in the firewall. By default, Salt uses ports 4505 and 4506.
Code Block |
---|
[root@host ~]# ufw allow proto tcp from any to any port 4505,4506 |