Setup SaltStack on CentOS 7

by | posted: January 30, 2016 0 Comment

Setup Salt Components on CentOS 7

Setup Note: This guide is basically copied from the salt docs https://docs.saltstack.com/en/latest/topics/installation/rhel.html. The only reason for it to exist is to expand on the RHEL/CENTOS 7 post install specifics for adding firewall rules and enabling the service.

Import SaltStack GPG-KEY

rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub

Setup SaltStack repo file

Edit /etc/yum.repos.d/saltstack.repo

vi /etc/yum.repos.d/saltstack.repo

Insert this text

[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

Install the salt-minion, salt-master, or other Salt components:

  • yum install salt-master
  • yum install salt-minion
  • yum install salt-ssh
  • yum install salt-syndic
  • yum install salt-cloud

Installing the Salt Master

Install the salt-master

yum install salt-master

Start the salt-master service and enable it to start on boot

systemctl start salt-master

systemctl enable salt-master

Configure firewalld rules for the salt-master

Let’s make some firewall rule changes. If for some reason you aren’t using a firewall then you can skip this.

Configure a default zone with firewalld (The default zone is assumed to already be set as “Internal”)

Edit /etc/firewalld/services/salt-master.xml

 vi /etc/firewalld/services/salt-master.xml

Insert this text

<?xml version="1.0" encoding="utf-8"?>
 <service>
   <short>salt-master</short>
   <description>access for default salt-master tcp ports.</description>
   <port protocol="tcp" port="4505"/>
   <port protocol="tcp" port="4506"/>
 </service>

Install policycoreutils-python to use semanage utility

  • yum install policycoreutils-python

Permanently create an selinux context label

semanage fcontext -a -t firewalld_etc_rw_t -s system_u /etc/firewalld/services/salt-master.xml

Apply the new selinux label

restorecon -vF /etc/firewalld/services/salt-master.xml

Add services (or ports) to allowed rules

firewall-cmd --permanent --zone=internal --add-service=salt-master

Alternatively you can just add the ports

firewall-cmd --zone=internal --add-port=4505/tcp

firewall-cmd --zone=internal --add-port=4506/tcp

Reload the current firewall config

firewall-cmd --reload

Check the interface and verify the services

firewall-cmd --zone=internal --list-services

Installing the Salt Minion

Install the salt-minion

yum install salt-minion

Edit /etc/salt/minion

vi /etc/salt/minion

Change the setting for master:

Set master: to the DNS name or IP of your salt-master server

Start the salt-minion service and enable it to start on boot

systemctl start salt-minion

systemctl enable salt-minion

Verify minion can connect to the master

Login to the salt-master server and verify the minion connected. You should see an entry waiting for authorization when you run the following command.

[root@salt]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion.domain.tld
Rejected Keys:

Official Salt Docs:

https://docs.saltstack.com/en/latest/ref/configuration/index.html

Linux SaltStack Sys Admin

admin

View all posts by admin »»

Recent Posts

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com