Monday, 25 September 2017

SaltStack - Introduction, Installation and Configuration


What is Salt?
  • A configuration management tool for your infrastructure
  • A lightening-fast remote execution tool
  • It based on Python and uses function calls to execute tasks on the servers, from a central hub
Components of salt
  1. Salt Master
    • It is the central server or the control server, who provides instructions to it's clients (or servers in your infrastructure)
    • you can execute commands and manage configurations over thousands of servers in seconds
  2. Salt Minion
    • They connect to master and receive instructions from Salt Master
    • They can work without master, but configurations have to be made on each and every Salt Minion separately - a time consuming option



1. Create and configure the repository.
2. Create and edit the /etc/yum.repos.d/saltstack.repo with contents as below:

name=SaltStack repo for Red Hat Enterprise Linux $releasever

3. Install the package.

yum install salt-master salt-minion

On Ubuntu

1. Add the PPA.

sudo add-apt-repository ppa:saltstack/salt

2. Update the database.

sudo apt-get update

3. Install the package.

sudo apt-get install salt-master salt-minion


  • For our first exercise, we will configure Salt master and Salt minion on the same server
  • The master and minion configuration files are located in /etc/salt directory
  • /etc/salt/master holds the configuration for Salt master
  • /etc/salt/minion contains the configuration for Salt minion

Salt Minion Configuration

1. Open the Salt minion configuration file - /etc/salt/minion
2. Search for the line which looks like-

#master: salt

3. In above line, salt should be replaced with the DNS hostname or IP address of the Salt master, to connect with the Salt master
4. In our case, we should replace salt with localhost, as we have our Salt master on the same server, and uncomment the line

master: localhost

5. Next, we need to set the minion ID, a unique identity for the minion, which may usually be a hostname.
6. For this, search for the line in the configuration file which looks like -


7. Lets set the minion ID for this server to be salt_minion1

id: salt_minion1

8. Once you're done, save and close the file.
9. For the changes to take effect, restart salt-minion service with below command -

$ service salt-minion restart

Service salt-minion:root:salt_minion1 is not running
Starting salt-minion:root:salt_minion1 daemon: OK

Salt Master Configuration

1. For the introductory article, we do not need to make any changes in configuration file for Salt master
2. Just to make sure that Salt master is up, restart the salt-master service as below -

$ service salt-master restart

Stopping salt-master daemon:                               [FAILED]
Starting salt-master daemon:                               [  OK  ]

Accept the Salt minion key on Salt master

1. Having done the configuration for Salt master and minion, we need to accept the minion key on the master.
2. This instructs the master to trust the minion.
3. Before we accept the key, let's check whether our minion has contacted the master with 'salt-key' command as below -

$ salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

3. You can observe that the minion we just configured - salt_minion1 is listed under Unaccepted Keys section.
4. This indicates that, the minion with ID salt_minion1 has contacted the server and the master has stored its public key.
5. But, the minion's key is not accepted yet by the master.
6. We can check the minion's key as stored by the master with below command -

$ salt-key -f salt_minion1
Unaccepted Keys:
salt_minion1:  26:18:fc:10:4e:b3:c8:73:fd:53:95:8b:6a:f2:30:5a:0c:3d:7d:04:69:59:a0:7b:91:30:54:bc:5f:18:7c:9e

7. We can also verify the minion's key by running salt-call command on the minion (same server, for our case) as below :

$ salt-call --local key.finger

8. Both keys match, thus we can accept the key on master, as below :

$ salt-key -a salt_minion1

The following keys are going to be accepted:
Unaccepted Keys:
Proceed? [n/Y] Y
Key for minion salt_minion1 accepted.

9. To ensure that the key has been accepted, we can run salt-key command again -

$ salt-key

Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

10. And the key is accepted!


1. Now that the minion's key is received on the master, it's time to check the setup if it working.
2. For this, we ask the minion 'salt_minion1' to execute a function 'ping' from module 'test' from the master, as shown below :

$ salt 'salt_minion1'


3. Above command is used to check if the minion is alive and we've received a response as 'True'.

That's all for the scope of this article. In the next one, we will check some of the basic commands useful while understanding SaltStack further. Thank you!.


Post a Comment