SaltStack¶
SaltStack (or simply Salt) is Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management. Supporting the “Infrastructure as Code” approach to data center system and network deployment and management, configuration automation, SecOps orchestration, vulnerability remediation, and hybrid cloud control.
The salt-master
controls so called salt-minions
through formulae, pillars and grains. The scope of this guide is to install a salt-master
(without a co-located minion) on an Uberspace.
Prerequisites¶
We need two open TCP ports for minions to communicate with the Salt master.
[isabell@stardust ~]$ uberspace port add
Port <high-port1> will be open for TCP and UDP traffic in a few minutes.
[isabell@stardust ~]$ uberspace port add
Port <high-port2> will be open for TCP and UDP traffic in a few minutes.
[isabell@stardust ~]$ uberspace port list
<high-port1>
<high-port2>
Take note of the high ports, you will need them for salt master configuration later.
Installation¶
Install¶
Installing Salt in a virtualenv
using python 3.8 (latest available python on Uberspace). Also installing pygit2 (because it is a dependency for any gitfs in Salt which is very common). Packages are installed in multiple steps as updated setuptools, pip and wheel may be needed for others to install. Salt must be installed by itself due to ‘global-option’ being used. Download latest sample config as last step.
[isabell@stardust ~]$ virtualenv -p python3.8 ~/salt_venv
[isabell@stardust ~]$ source ~/salt_venv/bin/activate
(salt_venv) [isabell@stardust ~]$ pip3.8 install -U setuptools pip wheel
(salt_venv) [isabell@stardust ~]$ pip3.8 install -U pyzmq PyYAML msgpack-python jinja2 psutil futures tornado 'msgpack<1.0.0' chardet idna urllib3 certifi requests pycryptodomex distro pygit2
(salt_venv) [isabell@stardust ~]$ MIMIC_SALT_INSTALL=1 pip3.8 install --global-option='--salt-root-dir='${HOME}'/salt_venv/' salt
(salt_venv) [isabell@stardust ~]$ deactivate
[isabell@stardust ~]$ mkdir -p ~/salt_venv/etc/salt ~/salt_venv/var/log/salt
[isabell@stardust ~]$ curl https://raw.githubusercontent.com/saltstack/salt/master/conf/master -o ~/salt_venv/etc/salt/master
Configuration¶
Edit ~/salt_venv/etc/salt/master
and make at least the following changes:
user: <your-user i.e. isabell>
publish_port: <high-port1>
ret_port: <high-port2>
Setup daemon¶
Create ~/etc/services.d/salt-master.ini
with the following content:
[program:salt-master]
process_name=salt-master
command=%(ENV_HOME)s/salt_venv/bin/salt-master
directory=%(ENV_HOME)s/salt_venv
autostart=yes
autorestart=yes
Tell supervisord
to refresh its configuration and start the service:
[isabell@stardust ~]$ supervisorctl reread
salt-master: available
[isabell@stardust ~]$ supervisorctl update
salt-master: added process group
[isabell@stardust ~]$ supervisorctl status
salt-master RUNNING pid 24968, uptime 0:00:05
If it’s not in state RUNNING, check your configuration.
Finishing installation¶
Connect minions¶
Now you can connect a minion to the salt master. The minion configuration needs the IP address of your Uberspace (or a hostname resolving to it) and the following minimal configuration:
master: <IP or hostname of Uberspace>:<high-port2>
publish_port: <high-port1>
An initial minion run will upload the minion public key to the master and you view and accept this key to establish communication:
[isabell@stardust ~]$ source ~/salt_venv/bin/activate
(salt_venv) [isabell@stardust ~]$ salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
<your-new-minion>
Rejected Keys:
(salt_venv) [isabell@stardust ~]$ salt-key -a <your-new-minion>
(salt_venv) [isabell@stardust ~]$ deactivate
Salt master is now setup with the first minion connected.
Updating Salt¶
Update Salt in virtualenv
:
[isabell@stardust ~]$ source ~/salt_venv/bin/activate
(salt_venv) [isabell@stardust ~]$ pip3.8 install <any additional dependencies from newer version>
(salt_venv) [isabell@stardust ~]$ MIMIC_SALT_INSTALL=1 pip3.8 install -U --global-option='--salt-root-dir='${HOME}'/salt_venv/' salt
(salt_venv) [isabell@stardust ~]$ deactivate
[isabell@stardust ~]$ supervisorctl restart salt-master
Tested with SaltStack 3001, Uberspace 7.7
Written by: ctr49 <https://github.com/ctr49>