SaltStack is a powerful configuration and management tool that makes it possible for you to deploy configurations from a single manager to multiple minions. With this platform your Linux controller can send configurations to any connected minion running Linux, macOS or Windows. With this system in place, your admin job can be made considerably easier. 

SaltStack configuration deployments are written in Salt code, so the one caveat to using the system is that you’ll have to learn how to write Salt code configurations. But first, you must have SaltStack installed on both a controller and at least one minion. SaltStack can scale up to tens of thousands of minions, so even enterprise-level businesses can greatly benefit from deploying this platform. So let’s get busy.

SEE: 20 good habits network administrators need—and 10 habits to break (free PDF) (TechRepublic)

What you’ll need

To make this work, you’ll need at least one Linux server for the controller. I’ll be demonstrating both controller and minion on Linux Server 20.04. You can use any Linux distribution so long as it supports Python (which most do). You’ll also need a user with sudo privileges.

How to install the Salt Controller

First, we’re going to install the Salt Controller. Log into your Ubuntu Server and make sure to update and upgrade with the command:

sudo apt-get update && sudo apt-get upgrade -y

If the kernel is upgraded, make sure to reboot the server. 

You should already have Python installed. To find out, issue the command:

python3 --version

You should see something like:

Python 3.8.5

If not, install Python with the command:

sudo apt-get install python3 -y

We’ll be installing SaltStack using a bootstrap script. Download the script with the command:

curl -L https://bootstrap.saltstack.com -o install_salt.sh

Launch the script on the controller with the command:

sudo sh install_salt.sh -P -M -N

When the command completes, you should see:

* INFO: Salt Installed!

Install Salt on the minions with the command:

sudo sh install_salt.sh -P

Make sure to not install Salt on the minions with the command to install the controller.

How to configure the controller

The next step is to configure the Salt controller. Open the controller configuration file with the command:

sudo nano /etc/salt/master

Locate the following section:

# The address of the interface to bind to:
#interface: 0.0.0.0

Uncomment out the interface line (by removing the # character) and change 0.0.0.0 to that of the IP address of the controller.

Start and enable the Salt master with the commands:

sudo systemctl start salt-master
sudo systemctl enable salt-master

Make sure to allow Salt connections through the firewall with the command:

sudo ufw allow proto tcp from any to any port 4505,4506

How to configure the minion

We can now configure the minion. Open the configuration file for editing with the command:

sudo nano /etc/salt/minion

Look for the following line:

master: salt

Change salt to the IP address of your Salt controller.

Save and close the file. 

We now need to retrieve the public fingerprint of the controller. On the controller, issue the command:

sudo salt-key --finger-all

You should see two entries displayed, one for master.pem and one for master.pub. Copy the master.pub key to your clipboard. On the minion, re-open the configuration file with the command:

sudo nano /etc/salt/minion

In that file, look for the line:

#master_finger: ''

Change that line to:

master_finger: 'KEY'

Where KEY is the pub key you copied to your clipboard.

Finally, give the minion a name in the line:

# clusters.
#id:

Uncomment and change id: so it looks like:

id: NAME

Where NAME is the name you choose to give the minion.

Save and close the file. 

Start and enable the minion with the command:

sudo systemctl restart salt-minion
sudo systemctl enable salt-minion

How to test the connection

On the minion, print out the minion’s public key with the command:

sudo salt-call key.finger --local

Back at the controller, issue the command:

sudo salt-key --finger-all

You should now see an Unaccepted key listed, which matches the minion key. You must accept the key with the command:

sudo salt-key -A

You’ll be asked to verify the acceptance of the key that is associated with the new minion. Type Y (or accept the default, which is Y), and the minion key has been accepted. Test the connection with the command:

sudo salt NAME test.ping

Where NAME is the name of the minion. You should see:

NAME: True

Where NAME is the name of the minion.

Congratulations, SaltStack is installed and running on both your controller and your minion. Next time around, we’ll write some Salt code and send a configuration to the minion.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Open Source Weekly Newsletter

You don’t want to miss our tips, tutorials, and commentary on the Linux OS and open source applications. Delivered Tuesdays

Sign up today

Also see