SaltStack is a powerful, open-source automation and configuration management tool based on Python. It serves as a command-line utility to manage infrastructure from a centralized location. SaltStack is composed of four key components:
- Salt Master: The central controller that manages and controls a number of minions.
- Salt Minions: The agents that receive configurations and commands from the master.
- Formula: Files that manage configurations.
- Execution: Commands and modules executed on minions.
This guide will walk you through the installation of SaltStack Master and Minion on Debian 11.
Prerequisites
- Two servers running Debian 11.
- Root password configured on both servers.
Install SaltStack Master
Since SaltStack isn’t included in the default Debian 11 repository, you’ll need to add the SaltStack repository manually. Add it using the following commands:
curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/latest/salt-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/latest bullseye main" | tee /etc/apt/sources.list.d/salt.list
Update the repository cache:
apt-get update -y
Install necessary dependencies:
apt-get install python3 salt-common -y
Proceed with installing the SaltStack master:
apt-get install salt-master -y
Configure SaltStack Master
Define the bind interface in the SaltStack configuration file:
nano /etc/salt/master
Modify the line as follows:
interface: 0.0.0.0
Save the changes, close the file, and restart the SaltStack master:
systemctl restart salt-master
Check the master’s status:
systemctl status salt-master
? salt-master.service - The Salt Master Server
Loaded: loaded (/lib/systemd/system/salt-master.service; enabled; vendor preset: enabled)
Active: active (running) since ...
Install and Configure SaltStack Minion
With the master set up, switch to your second machine to set up the SaltStack Minion. Add the SaltStack repository:
curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/latest/salt-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/latest bullseye main" | tee /etc/apt/sources.list.d/salt.list
Update repository cache and install the Minion:
apt-get update -y
apt-get install salt-minion -y
Edit the Minion’s configuration to point to the master:
nano /etc/salt/minion
master: salt-master-ip
Save the changes. Authenticate the minions using the master’s public fingerprint:
salt-key --finger-all
Copy the master’s public key fingerprint and add it to the Minion’s config:
master_finger: '5e:4f:2b:37:41:cc:4b:9c:b0:ed:cb:0a:fb:c7:59:54:5f:11:34:ab:d2:99:96:c1:e7:ef:4d:95:b0:7c:d3:d1'
Define the Minion’s ID:
id: Minion1
Restart the Minion service:
systemctl restart salt-minion
Verify its status:
systemctl status salt-minion
Control Minions from the Master
With the Minion connected, execute commands to control its operations. Check disk usage with:
salt '*' disk.usage
Install the Apache package:
salt Minion1 pkg.install apache2
Check available memory:
salt '*' cmd.run 'free -m'
Use Salt State File to Manage Minions
Create and manage Minions with a Salt state file. First, set up the environment:
mkdir /src/salt
Create a state file:
nano /src/salt/setup.sls
Add the following content to install PHP, UNZIP, and Apache:
network_utilities:
pkg.installed:
- pkgs:
- php
- unzip
apache2_pkg:
pkg.installed:
- name: apache2
apache2_service:
service.running:
- name: apache2
- enable: True
- require:
- pkg: apache2_pkg
Apply these configurations across Minions:
salt '*' state.apply setup
Conclusion
Congratulations! You’ve successfully installed and configured SaltStack Master and Minion on a Debian 11 server. We’ve also covered managing Minions using state files and command-line operations. This setup provides a solid foundation for automating infrastructure management. If you have questions, feel free to ask!
FAQ
- What is SaltStack?
- SaltStack is an open-source automation and configuration management platform based on Python, designed to manage infrastructure efficiently from a central control point.
- What are some key components of SaltStack?
- SaltStack includes four main components: Salt Master (central controller), Salt Minions (agents), Formulas (configuration files), and Executions (commands and modules executed on minions).
- Can I use SaltStack with Debian 11?
- Yes, you can install SaltStack on Debian 11, though it requires adding a SaltStack-specific repository since it is not available in the default Debian repository.
- Why do I need to authenticate Minions?
- Authentication ensures that communication between the Master and Minion is secure, preventing unauthorized access or execution of commands on the Minions.
- How do I manage applications using SaltStack?
- You can manage applications by creating state files that define the desired state or configuration of the systems, and then apply these states to your Minions.