Setup SaltStack on CentOS 7

Linux, SaltStack, Sys Admin

Setup Salt Components on CentOS 7

Setup Note: This guide is basically copied from the salt docs https://docs.saltstack.com/en/latest/topics/installation/rhel.html. The only reason for it to exist is to expand on the RHEL/CENTOS 7 post install specifics for adding firewall rules and enabling the service.

Import SaltStack GPG-KEY

rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub

Setup SaltStack repo file

Edit /etc/yum.repos.d/saltstack.repo

vi /etc/yum.repos.d/saltstack.repo

Insert this text

[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

Install the salt-minion, salt-master, or other Salt components:

  • yum install salt-master
  • yum install salt-minion
  • yum install salt-ssh
  • yum install salt-syndic
  • yum install salt-cloud

Installing the Salt Master

Install the salt-master

yum install salt-master

Start the salt-master service and enable it to start on boot

  • systemctl start salt-master
  • systemctl enable salt-master

Configure firewalld rules for the salt-master

Let’s make some firewall rule changes. If for some reason you aren’t using a firewall then you can skip this.

Configure a default zone with firewalld (The default zone is assumed to already be set as “Internal”)

Edit /etc/firewalld/services/salt-master.xml

vi /etc/firewalld/services/salt-master.xml

Insert this text


 
   salt-master
   access for default salt-master tcp ports.

Install policycoreutils-python to use semanage utility

yum install policycoreutils-python

Permanently create an selinux context label

semanage fcontext -a -t firewalld_etc_rw_t -s system_u /etc/firewalld/services/salt-master.xml

Apply the new selinux label

restorecon -vF /etc/firewalld/services/salt-master.xml

Add services (or ports) to allowed rules

firewall-cmd --permanent --zone=internal --add-service=salt-master

Alternatively you can just add the ports

  • firewall-cmd --zone=internal --add-port=4505/tcp
  • firewall-cmd --zone=internal --add-port=4506/tcp

Reload the current firewall config

firewall-cmd --reload

Check the interface and verify the services

firewall-cmd --zone=internal --list-services

Installing the Salt Minion

Install the salt-minion

yum install salt-minion

Edit /etc/salt/minion

vi /etc/salt/minion

Change the setting for master:

Set master: to the DNS name or IP of your salt-master server

Start the salt-minion service and enable it to start on boot

  • systemctl start salt-minion
  • systemctl enable salt-minion

Verify minion can connect to the master

Login to the salt-master server and verify the minion connected. You should see an entry waiting for authorization when you run the following command.

[root@salt]# salt-key  
Accepted Keys:  
Denied Keys:  
Unaccepted Keys:  
**salt-minion.domain.tld**  
Rejected Keys:

Official Salt Docs:

https://docs.saltstack.com/en/latest/ref/configuration/index.html