/
Salt Minion Installation

Salt Minion Installation

Owned by Swaminathan Mathivanan
Last updated: Sept 01, 2020
3 min read

Salt Minion Installation

First, we will install the software on our minion server.

[root@host ~]# apt -y install salt-minion Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: dctrl-tools debconf-utils Suggested packages: debtags python3-augeas The following NEW packages will be installed: dctrl-tools debconf-utils salt-minion 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 146 kB of archives. After this operation, 527 kB of additional disk space will be used. Get:1 http://by.archive.ubuntu.com/ubuntu bionic/main amd64 dctrl-tools amd64 2.24-2build1 [60,9 kB] Get:2 http://by.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 debconf-utils all 1.5.66ubuntu1 [56,6 kB] Get:3 http://repo.saltstack.com/py3/ubuntu/18.04/amd64/latest bionic/main amd64 salt-minion all 3000+ds-1 [28,1 kB] Fetched 146 kB in 1s (235 kB/s) Selecting previously unselected package dctrl-tools. (Reading database ... 178806 files and directories currently installed.) Preparing to unpack .../dctrl-tools_2.24-2build1_amd64.deb ... Unpacking dctrl-tools (2.24-2build1) ... Selecting previously unselected package debconf-utils. Preparing to unpack .../debconf-utils_1.5.66ubuntu1_all.deb ... Unpacking debconf-utils (1.5.66ubuntu1) ... Selecting previously unselected package salt-minion. Preparing to unpack .../salt-minion_3000+ds-1_all.deb ... Unpacking salt-minion (3000+ds-1) ... Setting up debconf-utils (1.5.66ubuntu1) ... Setting up dctrl-tools (2.24-2build1) ... Setting up salt-minion (3000+ds-1) ... Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /lib/systemd/system/salt-minion.service. Processing triggers for ureadahead (0.100.0-21) ... Processing triggers for systemd (237-3ubuntu10.39) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... [root@host ~]#

Salt Minion Configuration

Next, we will configure the software on the minion server. By default, the Salt Minion connects to the master Salt servers DNS named above in the /etc/hosts file. We will need to modify this setting. Again we will use our vim editor and open the file /etc/hosts and add the IP of the Salt Master. In this case 10.0.2.15. After that entry is created, save the file using :wq.

127.0.0.1 localhost <xxx.xxx.xxx.xxx> saltmaster # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

Now, we need to create a unique identifier for the Salt minion.

vim /etc/salt/minion_id

Let’s add the identifier name for the minion. Care should be taken to create a naming scheme in advance to allow for additional minions e.g.

  • processing_nodes_1

  • ingestion _nodes_1

  • node.location.dept-ubuntu_01

We will use ubuntu-minion_01 as our salt minion server name.

Next, copy the master.pub fingerprint we created on the master server above, and set this value as the master_finger setting in the minion configuration file /etc/salt/minion_id. You can search for this value in vim using /finger within the file. After adding the fingerprint, use :wq to save the and exit the file.

# Fingerprint of the master public key to validate the identity of your Salt master # before the initial key exchange. The master fingerprint can be found by running # "salt-key -f master.pub" on the Salt master. master_finger: 'd0:71:50:26:f7:05:d7:84:6c:f8:38:1f:ce:5b:d8:6a:80:6c:1a:76:05:a8:48:3a:d7:5a:86:ff:bc:14:3b:49'

If you change any of the settings (like the IP address of the salt master in /etc/salt/minion), you’ll need to restart salt-minion service

[root@host ~]# systemctl restart salt-minion

Now, login to the salt master server and list/check for the Accepted Keys using the following command.

root@host:~# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: processing_nodes_1 <<<<< Rejected Keys: root@host:~#

As you can see, we now have a key waiting to be accepted “ubuntu-minion_01“. Next, we will accept the salt-key for the minion on the salt master server.

root@host:~# salt-key -A The following keys are going to be accepted: Unaccepted Keys: processing_nodes_1 Proceed? [n/Y] y Key for minion ubuntu-minion_01 accepted. root@host:~#

Now we can run the following command on the Salt minion to check the minions key fingerprint.

root@host:~# salt-call --local key.finger local: cf:b7:01:00:9f:78:27:03:42:91:f1:7c:f1:3f:81:2f:a3:e6:11:48:bc:10:ba:2b:0c:df:f0:78:e0:07:1c:df root@host:~#

Next, we can compare the above value to the value that is shown when we run the command “salt-key –finger <MINION_ID>” on the Salt master.

root@host:~# salt-key –finger ubuntu-minion_01 Accepted Keys: processing_nodes_1 <<<<< Denied Keys: Unaccepted Keys: Rejected Keys: root@host:~#

Now, let's verify the communication between the salt master and the salt minion by running the test.ping command.

root@host:~# salt processing_nodes_1 test.ping ubuntu-minion_01: True root@host:~#

Success!



Related content