On Salt Master Server
- Run the following command to import the SaltStack repository key:
wget -O – https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add – - edit /etc/apt/sources.list.d/saltstack.list:
deb [arch=amd64] http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main - Run sudo apt-get update
- Install the salt-master and other Salt components:
apt -y install salt-api salt-cloud salt-master salt-ssh salt-syndic - vi /etc/salt/master
interface: 192.168.0.43 (Salt Master Server IP) - systemctl restart salt-master.service
- root@ubunu2004:~# salt-key -F master
Local Keys:
master.pem: 12:0f:ba:d1:d3:cd:5c:e5:52:62:34:cd:ee:b6:51:d7:f1:30:59:79:57:fe:3f:9b:b7:79:f4:1a:42:f8:3b:bc
master.pub: a8:87:3f:ea:f3:cd:b8:4d:6b:b9:45:d7:b2:7f:77:94:bc:a1:81:66:8e:06:46:38:77:82:65:7d:58:f6:cb:97 - open the FireWall
ufw allow proto tcp from any to any port 4505,4506
on Salt Minion server
- do same step1-3 as master server
- apt -y install salt-minion
- edit /etc/hosts:
192.168.0.43 saltmaster salt - edit /etc/salt/minion to add master_finger(same as we generated master.pub):
master_finger: ‘a8:87:3f:ea:f3:cd:b8:4d:6b:b9:45:d7:b2:7f:77:94:bc:a1:81:66:8e:06:46:38:77:82:65:7d:58:f6:cb:97’ - systemctl restart salt-minion
- you can run below commands to debug if there is any issues:
salt-minion -l debug
salt-call -l debug state.applyList and accept key on master server
using the following command:
root@ubunu2004:/etc/salt# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
ubuntumac-minion01
Rejected Keys:
root@ubunu2004:/etc/salt# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
ubuntumac-minion01
Proceed? [n/Y] y
Key for minion ubuntumac-minion01 accepted.Verify the Salt commands
root@ubunu2004:/etc/salt# salt ubuntumac-minion01 test.ping
ubuntumac-minion01:
True
root@ubunu2004:/etc/salt# salt ‘‘ test.version
ubuntumac-minion01:
3001
root@ubunu2004:/etc/salt# salt ‘‘ disk.usage
root@ubunu2004:/etc/salt# salt ‘*’ cmd.run ‘ls -l /etc’
root@ubunu2004:/etc/salt# mkdir -p /srv/salt/nginx/
root@ubunu2004:/etc/salt# touch /srv/salt/vimrc
we have file_roots defined in /etc/salt/master:file_roots: base: - /srv/salt
root@ubunu2004:/etc/salt# vi /srv/salt/nginx/init.sls
nginx: pkg.installed: [] service.running: - require: - pkg: nginx
root@ubunu2004:/srv/salt# salt '*' state.apply nginx
verify on ubuntumac-minion01:
root@ubuntumac:/etc/salt# which nginx
/usr/sbin/nginx
another example to distribute a shell script:
```bash
install-cleanup-script:
file:
- managed
- source: salt://cleanup-directories.sh
- name: /usr/local/bin/cleanup-directories.sh
- user: root
- group: root
- mode: 754
/var/www/vhost/production.website.com:
file.directory:
- user: root
- group: root
- mode: 755
- makedirs: true
A more detailed example showing how to create a series of databases and users to access them using variables and "for" loops:
{% set DATABASE_PASS = 'our-db-password' %}
{% for DB in ['keystone','nova','cinder','glance','heat','neutron'] %}
{{ DB }}:
mysql_database:
- present
mysql_grants.present:
- grant: all privileges
- database: {{ DB }}.*
- user: {{ DB }}
- host: localhost
mysql_user.present:
- host: localhost
- password: {{ DATABASE_PASS }}
- connection_charset: utf8
{% endfor %}
https://repo.saltstack.com/#ubuntu
https://docs.saltstack.com/en/master/topics/tutorials/walkthrough.html
https://docs.saltstack.com/en/latest/topics/troubleshooting/minion.html