Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Salt Minion Installation

First, we will install the software on our minion server.

Code Block
[root@host ~]# apt -y install salt-minion
Reading package lists... Done
Building dependency tree   	
Reading state information... Done
The following additional packages will be installed:
  dctrl-tools debconf-utils
Suggested packages:
  debtags python3-augeas
The following NEW packages will be installed:
  dctrl-tools debconf-utils salt-minion
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 146 kB of archives.
After this operation, 527 kB of additional disk space will be used.
Get:1 http://by.archive.ubuntu.com/ubuntu bionic/main amd64 dctrl-tools amd64 2.24-2build1 [60,9 kB]
Get:2 http://by.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 debconf-utils all 1.5.66ubuntu1 [56,6 kB]
Get:3 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 salt-minion all 3000+ds-1 [28,1 kB]
Fetched 146 kB in 1s (235 kB/s)    	
Selecting previously unselected package dctrl-tools.
(Reading database ... 178806 files and directories currently installed.)
Preparing to unpack .../dctrl-tools_2.24-2build1_amd64.deb ...
Unpacking dctrl-tools (2.24-2build1) ...
Selecting previously unselected package debconf-utils.
Preparing to unpack .../debconf-utils_1.5.66ubuntu1_all.deb ...
Unpacking debconf-utils (1.5.66ubuntu1) ...
Selecting previously unselected package salt-minion.
Preparing to unpack .../salt-minion_3000+ds-1_all.deb ...
Unpacking salt-minion (3000+ds-1) ...
Setting up debconf-utils (1.5.66ubuntu1) ...
Setting up dctrl-tools (2.24-2build1) ...
Setting up salt-minion (3000+ds-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /lib/systemd/system/salt-minion.service.
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.39) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
[root@host ~]#

Salt Minion Configuration

Next, we will configure the software on the minion server. By default, the Salt Minion connects to the master Salt servers DNS named above in the /etc/hosts file. We will need to modify this setting. Again we will use our vim editor and open the file /etc/hosts and add the IP of the Salt Master. In this case 10.0.2.15. After that entry is created, save the file using :wq.

Code Block
127.0.0.1       localhost
<xxx.xxx.xxx.xxx>   saltmaster

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now, we need to create a unique identifier for the Salt minion.

Code Block
vim /etc/salt/minion_id

Let’s add the identifier name for the minion. Care should be taken to create a naming scheme in advance to allow for additional minions e.g.

  • processing_nodes_1

  • ingestion _nodes_1

  • node.location.dept-ubuntu_01

We will use ubuntu-minion_01 as our salt minion server name.

Next, copy the master.pub fingerprint we created on the master server above, and set this value as the master_finger setting in the minion configuration file /etc/salt/minion_id. You can search for this value in vim using /finger within the file. After adding the fingerprint, use :wq to save the and exit the file.

Code Block
# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# "salt-key -f master.pub" on the Salt master.
master_finger: 'd0:71:50:26:f7:05:d7:84:6c:f8:38:1f:ce:5b:d8:6a:80:6c:1a:76:05:a8:48:3a:d7:5a:86:ff:bc:14:3b:49'

If you change any of the settings (like the IP address of the salt master in /etc/salt/minion), you’ll need to restart salt-minion service

Code Block
[root@host ~]# systemctl restart salt-minion

Now, login to the salt master server and list/check for the Accepted Keys using the following command.

Code Block
root@host:~# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
processing_nodes_1 <<<<<
Rejected Keys:
root@host:~#

As you can see, we now have a key waiting to be accepted “ubuntu-minion_01“. Next, we will accept the salt-key for the minion on the salt master server.

Code Block
root@host:~# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
processing_nodes_1
Proceed? [n/Y] y
Key for minion ubuntu-minion_01 accepted.
root@host:~#

Now we can run the following command on the Salt minion to check the minions key fingerprint.

Code Block
root@host:~# salt-call --local key.finger
local:
    cf:b7:01:00:9f:78:27:03:42:91:f1:7c:f1:3f:81:2f:a3:e6:11:48:bc:10:ba:2b:0c:df:f0:78:e0:07:1c:df
root@host:~#

Next, we can compare the above value to the value that is shown when we run the command “salt-key –finger <MINION_ID>” on the Salt master.

Code Block
root@host:~# salt-key –finger ubuntu-minion_01
Accepted Keys:
processing_nodes_1 <<<<<
Denied Keys:
Unaccepted Keys:
Rejected Keys:
root@host:~#

Now, let's verify the communication between the salt master and the salt minion by running the test.ping command.

Code Block
root@host:~# salt processing_nodes_1 test.ping
ubuntu-minion_01:
    True
root@host:~#

Success!